Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
7070 posts

Uber Geek
+1 received by user: 363


  Reply # 980593 5-Feb-2014 12:03 Send private message

Athlonite:
Lazarui:
thegeekboy:
surfisup1000: Jeez, telecom have really played fast and loose with their customer data.

I wonder why telecom tolerate such frequent hacks to their customer email accounts? It is getting to the point where I think telecom enjoys letting their customers be hacked.

I've largely moved away from using my telecom email now. It is just getting way too many hacks.



The problem here is that Telecom no longer have any control over the Xtra brand.
Yahoo own the domain and rights to Xtra 100%. That happened back in 2011.

There's no way that those Xtra customers can leave Yahoo - and also keep their Xtra email addresses.
http://techday.com/telco-review/news/telecom-sells-yahooxtra-stake/19896/


Yahoo!Xtra was just the Yahoo.co.nz homepage, it was similar to the Xtra MSN from earlier on they used to have and is similar to the the old BT/Yahoo relationship that used to exsist, Telecom still is the registra holder of @xtra.co.nz.

There is nothing that says Telecom has ever sold on the @xtra.co.nz Domain I'm yet to see one piece of evidence that supports this suppsoed 'fact'


did you even read the link provided by the poster, did you read the bit that said Telecom divested itself of it's 49% stake in yahoo/xtra so now yahoo own it 100% of it

Telecom NZ may still own the xtra.co.nz domain name but yahoo owns the email services side of it and good luck in getting them to release user data back to telecom


Telecom must have a record of all the email addresses, as they must link back to their system. Especially as the broadband login name is actually an xtra email address. Also when my xtra email addresses all got hacked, and they changed my broadband password which is linked to the xtra username also got changed automatically.


Is there a link to the radio interview?. IMO ISPs no longer have a place in providing email, and new ISPs don't seem to provide email anymore. The only advantage for an ISP is it makes their service more sticky, and more difficult to move to another provider.

Maybe they need to give everyone a telecom.co.nz email address instead, and run the service in house on NZ based servers. Xtra is an old legacy brand so the email address domain has little association with telecom now.

42 posts

Geek
+1 received by user: 18


  Reply # 980640 5-Feb-2014 12:33 Send private message

mattwnzIs there a link to the radio interview?.


I can't find an audio file but there's a basic text link.
http://www.radionz.co.nz/news/national/235108/telecom-doing-all-it-can-do-stop-attacks

5342 posts

Uber Geek
+1 received by user: 208

Subscriber

  Reply # 980641 5-Feb-2014 12:35 One person supports this post Send private message

DigiDog:
res: I see Chris Quin was on the radio misleading people yesterday:

Good post res. I heard the Quin interview and assumed he was just a Telecom spin doctor with minimal technical knowledge whose job was to appease the Xtra masses. He used phrases like, 'We have to remember that there's been an increase in this sort of activity all around the world' to imply that Xtra hasn't been singled out. I'm surprised that none of the tech journalists have got a grip on this story yet and most media seem happy to accept the Telecom line that Xtra users should just 'delete spam emails'.

Yahoo's service is obviously badly compromised. Telecom's refusal to implement SPF makes the spammers' job so much easier.





I don't think that there's much that Telecom or Yahoo can do about this now especially if the same is a result of earlier harvesting of email addresses.  Even if Telecom was to go to Gmail  the problem of these same emails will still be there.  The only way is to change the .xtra addresses..




Regards,

Old3eyes

10933 posts

Uber Geek
+1 received by user: 467

Trusted
Subscriber

  Reply # 980644 5-Feb-2014 12:39 One person supports this post Send private message

No they could put a spf record which would stop the spoofed emails in their tracks.




Richard rich.ms

122 posts

Master Geek
+1 received by user: 20


  Reply # 980745 5-Feb-2014 15:17 Send private message

Athlonite:
Lazarui:
thegeekboy:
surfisup1000: Jeez, telecom have really played fast and loose with their customer data.

I wonder why telecom tolerate such frequent hacks to their customer email accounts? It is getting to the point where I think telecom enjoys letting their customers be hacked.

I've largely moved away from using my telecom email now. It is just getting way too many hacks.



The problem here is that Telecom no longer have any control over the Xtra brand.
Yahoo own the domain and rights to Xtra 100%. That happened back in 2011.

There's no way that those Xtra customers can leave Yahoo - and also keep their Xtra email addresses.
http://techday.com/telco-review/news/telecom-sells-yahooxtra-stake/19896/


Yahoo!Xtra was just the Yahoo.co.nz homepage, it was similar to the Xtra MSN from earlier on they used to have and is similar to the the old BT/Yahoo relationship that used to exsist, Telecom still is the registra holder of @xtra.co.nz.

There is nothing that says Telecom has ever sold on the @xtra.co.nz Domain I'm yet to see one piece of evidence that supports this suppsoed 'fact'


did you even read the link provided by the poster, did you read the bit that said Telecom divested itself of it's 49% stake in yahoo/xtra so now yahoo own it 100% of it

Telecom NZ may still own the xtra.co.nz domain name but yahoo owns the email services side of it and good luck in getting them to release user data back to telecom


They own the domain and contract out to Yahoo in order to run email services for their customers, (data being hosted by yahoo would still be owned by telecom, Yahoo is just hosting it.) this is a standard system the world over and the accounts and data are definately able to be migrated the same as when xtra shifted from their own platform/MSN to Yahoo, there is nothing stopping them from getting the data back and shifting somewhere else expect for money, it would be a costly venture.

Personally I'm in the mind that they should just drop emails all together, along with every other ISP/RSP out there.

7682 posts

Uber Geek
+1 received by user: 266

Trusted
Subscriber

  Reply # 980776 5-Feb-2014 15:34 Send private message

richms: No they could put a spf record which would stop the spoofed emails in their tracks.


Comes back to this and has been said multiple times in this thread.

Telecom could stop the bulk of this crap with a proper SPF record for xtra.co.nz that indicated only their own and yahoo servers can send for xtra.co.nz.

It's not rocket science, there would be a few customers using their own smtp servers to send for xtra.co.nz addresses but those could be fixed on a as reported basis. small price to pay to address the overall issue.





7070 posts

Uber Geek
+1 received by user: 363


  Reply # 980808 5-Feb-2014 16:18 3 people support this post Send private message

Perhaps they could just end-of-life xtra email addresses, and say any future support will need to be provided by yahoo. The problem though is yahoo don't provide phone support as far as I know, and the majority of xtra email accounts are probably mum and dads with limited technical knowledge who always phone up for any little bit of support needed. I don't think in this day and age ISPs should, or need to, provide email addresses. I mean, even telecoms own adverts demo email setup on an android phone using a gmail address, instead of a yahoo one.

147 posts

Master Geek
+1 received by user: 9


  Reply # 981250 6-Feb-2014 14:44 Send private message

Yahoo are a mess full stop. Just spent a while helping a relative from the UK. Turns out British Telecom accounts with Yahoo are also affected.

Someone had "hacked" the account on the server side, tweaked the email settings such that the replies were forwarded somewhere else with none to be saved on the server's Sent items, tweaked the reply-to address just to be sure too and then sent emails to god knows how many of the account's contacts saying help; I'm in financial difficulty and need a favour!

Phone calls, TXTs and emails have been bouncing around the world as relatives and friends are trying to find out what has happened.

7070 posts

Uber Geek
+1 received by user: 363


  Reply # 981265 6-Feb-2014 15:17 Send private message

huckster: Yahoo are a mess full stop. Just spent a while helping a relative from the UK. Turns out British Telecom accounts with Yahoo are also affected.

Someone had "hacked" the account on the server side, tweaked the email settings such that the replies were forwarded somewhere else with none to be saved on the server's Sent items, tweaked the reply-to address just to be sure too and then sent emails to god knows how many of the account's contacts saying help; I'm in financial difficulty and need a favour!

Phone calls, TXTs and emails have been bouncing around the world as relatives and friends are trying to find out what has happened.


I believe BT changed from yahoo last year after the major problems. 

There does appear to be another round today, as have had quite a few spam emails come through today from xtra.co.nz addresses.

42 posts

Geek
+1 received by user: 18


  Reply # 981268 6-Feb-2014 15:23 Send private message

Huckster... any idea why your relative is still using Yahoo? This Telegraph story confirms that BT dropped Yahoo completely in June last year, following numerous security breaches and hassles with email spam.

"The new email system for BT broadband subscribers will be branded BT Mail and run by Critical Path, a privately-held specialist email provider based in California."

http://www.telegraph.co.uk/finance/newsbysector/epic/btdota/10089355/BT-dumps-Yahoo-email-after-hacking-claims.html

I've also had spam today from both Xtra and Yahoo accounts. Bring on SPF Telecom... PLEASE!!!

147 posts

Master Geek
+1 received by user: 9


  Reply # 981272 6-Feb-2014 15:27 Send private message

mattwnz:

I believe BT changed from yahoo last year after the major problems. 

There does appear to be another round today, as have had quite a few spam emails come through today from xtra.co.nz addresses.


BT haven't changed from what I was seeing. Still using Yahoo in this case.

From their webmail login page....
BT Yahoo email security warning We've recently detected unusual activity on some BT Yahoo email accounts and have already taken steps to secure these.

Sounds familiar...? :-)



7070 posts

Uber Geek
+1 received by user: 363


  Reply # 981277 6-Feb-2014 15:31 Send private message

huckster:
mattwnz:

I believe BT changed from yahoo last year after the major problems. 

There does appear to be another round today, as have had quite a few spam emails come through today from xtra.co.nz addresses.


BT haven't changed from what I was seeing. Still using Yahoo in this case.

From their webmail login page....
BT Yahoo email security warning We've recently detected unusual activity on some BT Yahoo email accounts and have already taken steps to secure these.

Sounds familiar...? :-)




But even if telecom changed to another provider last year, they  would still be having this same problem, as these emails are not being sent via yahoos servers, they are being sent from servers in places like russia. 

42 posts

Geek
+1 received by user: 18


  Reply # 981335 6-Feb-2014 16:34 Send private message

It looks like the switchover is quite a drawn out affair if this page is anything to go by.

https://home.bt.com/pages/email/index.html?s_cid=con_FURL_newemail

147 posts

Master Geek
+1 received by user: 9


  Reply # 981735 7-Feb-2014 11:38 Send private message

DigiDog: It looks like the switchover is quite a drawn out affair if this page is anything to go by.

https://home.bt.com/pages/email/index.html?s_cid=con_FURL_newemail


The login page used still says BT Yahoo. Emails sent by the hacker to non-existant addresses are bouncing back thru Yahoo servers and even if the email was sent from somewhere in Russia, they had hacked the settings on the Yahoo system to change the reply-to address and also use and clean out the Contacts list.

Not just a simple spoof of an email address.

BDFL
49529 posts

Uber Geek
+1 received by user: 4376

Administrator
Trusted
Geekzone
Subscriber

  Reply # 983279 10-Feb-2014 13:14 Send private message

Just received:


Telecom will be contacting select Xtra email users from today, as together with service provider Yahoo it applies the latest in a programme of security enhancements to the Xtra email platform.

An additional encryption setting called ‘Secure Sockets Layer’ (or ‘SSL’), will soon be the new standard default connection for all Yahoo Xtra mail accounts and Telecom will be assisting users who access the service via a ‘third party’ email client, such as Microsoft Outlook for PCs or Android for mobiles, to update their settings.

SSL secures a user’s information and email messages making communications more private as they move between the user’s browser/device and Yahoo’s servers, to and from the destination. This enhancement secures the email while helping prevent interception or the compromise of emails, which is especially important while on an open public WiFi connection (such as those available at cafes and airports).

Telecom Retail CEO Chris Quin says that while Telecom is working hard to improve the service for dedicated Xtra email users, it’s important that customers take their online security as seriously as possible.

“Despite what has been a troublesome time with Yahoo Xtra, the majority of our users choose to retain their Xtra email address and many tell us that their email address is as much a part of their personal identity as their Facebook profile picture, phone number or home address. We’re continuing to look at what we can do to enhance Xtra mail so our users can have more confidence in the service to get on and do more online.”

“That said, while we’ll do all that we can to keep customers protected via their email portal, these security updates will not prevent the ongoing circulation of spam. Nor will it prevent Kiwis from clicking suspicious links contained in emails which can perpetuate spammers’ activity. Together, we need to work to keep all of us safe online.”





1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Does NZ need better gun laws?
Created by mattwnz, last reply by heylinb4nz on 2-Sep-2014 11:41 (96 replies)
Pages... 5 6 7


Warning: Rage Ahead - Campbell Live and childhood poverty
Created by kawaii, last reply by Dingbatt on 2-Sep-2014 11:47 (62 replies)
Pages... 3 4 5


Judith Collins: I am resigning
Created by Presso, last reply by gzt on 2-Sep-2014 11:42 (109 replies)
Pages... 6 7 8


VideoEZY OnDemand
Created by Andib, last reply by dclegg on 2-Sep-2014 11:59 (42 replies)
Pages... 2 3


Cirque du Soleil Cellphone Hijack
Created by myopinion, last reply by PhantomNVD on 1-Sep-2014 18:01 (21 replies)
Pages... 2


Orcon Global Mode launched
Created by freitasm, last reply by shk292 on 1-Sep-2014 11:32 (132 replies)
Pages... 7 8 9


Lightbox press event release
Created by freitasm, last reply by IcI on 30-Aug-2014 17:54 (562 replies)
Pages... 36 37 38


Lightbox quality comments
Created by ronw, last reply by freitasm on 2-Sep-2014 09:15 (101 replies)
Pages... 5 6 7



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.