MobiPocket Shut Down!?

[JSWolf]

Quote:

Originally Posted by Alexander Turcic

I disagree. At the moment they discovered someone attempted to hack their server(s) they could not have known the extend of the hack. Likewise, they could not have ruled out that any customer-sensitive information leaked out. Had I been a customer, I would have insisted in being notified immediately of the potential thread that someone illegally obtained my personal information (which may have included sensitive data such as my credit card number).

Maybe the CC info was stored on another server that wasn't hacked into and knowing that was safe, didn't feel the need to tell everyone till they fixed the underlying problem. Just guessing here at the moment.

[HarryT]

That's exactly what MP say - there was no financial info on the server on which the attempted hack was made; just account info.

[DMcCunney]

Quote:

Originally Posted by Alexander Turcic

I disagree. At the moment they discovered someone attempted to hack their server(s) they could not have known the extend of the hack. Likewise, they could not have ruled out that any customer-sensitive information leaked out. Had I been a customer, I would have insisted in being notified immediately of the potential thread that someone illegally obtained my personal information (which may have included sensitive data such as my credit card number).

Thinking about it a bit more, not getting email till after the site was back up made sense: the list of registered users and email addresses for same was on the server, and sent from the server. Can't send the email till the server is back up...

Given that, the "down for maintenance" screen could have been more informative. Something on the order of "We have discovered a potentially serious problem, and taken the server down while we investigate. We will be offline for several days or more. Please check back regularly. We will send email when we are finished explaining what happened." would have been an improvement.

When the site first got taken down, all we knew was there was an unscheduled outage. It wasn't till we got the email we knew why. I don't think "We may have been hacked, and your personal info may be at risk. The site is down while we investigate!" would have been a good idea.
______
Dennis

[Alexander Turcic]

Quote:

Originally Posted by DMcCunney

Can't send the email till the server is back up...

Mobipocket can easily use an external provider for sending/receiving their e-mails. In fact, a quick check on the mobipocket.com DNS reveals that mails to and from mobipocket.com go through netsolmail.net which is provided by Network Solutions.

Code:

alex@debian:~# dig mobipocket.com. MX

; <<>> DiG 9.3.4 <<>> mobipocket.com. MX
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59916
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;mobipocket.com.                        IN      MX

;; ANSWER SECTION:
mobipocket.com.         7200    IN      MX      10 INBOUND.MOBIPOCKET.COM.NETSOLMAIL.NET.

[Alexander Turcic]

Quote:

Originally Posted by HarryT

That's exactly what MP say - there was no financial info on the server on which the attempted hack was made; just account info.

Yes, they said this after having gone offline for a long time. They couldn't have known this the first time they discovered a hacker was working on them.

Regarding "just account info"... look at what happened to Monster.com not so long ago:

Quote:

Monster.com waited five days to tell its users about a security breach that resulted in the theft of confidential information from some 1.3 million job seekers, a company executive told Reuters on Thursday.

Quote:

Manzo [of Monster.com] said that based on Monster's review, the information stolen was limited to names, addresses, phone numbers and email addresses, and no other details including bank account numbers were uploaded.

Just account info, but then:

Quote:

On August 21, Symantec published a report on its Web site that said it had found copies of scam e-mails that the engineers of the attack were using, with the aim of getting information that was more valuable than just the names and contact details of Monster.com users.

Pretending to be sent through Monster.com from job recruiters, the e-mails asked recipients to provide personal financial data, including bank account numbers. They also asked users to click on links that could infect their PCs with malicious software.

Their ultimate goal in taking the data from Monster.com was to gain enough personal information to lower the guards of target victims when they read the e-mails, said Patrick Martin, a senior product manager with Symantec's response team in Austin, Texas, which first identified the attack.

[DMcCunney]

Quote:

Originally Posted by Alexander Turcic

Mobipocket can easily use an external provider for sending/receiving their e-mails. In fact, a quick check on the mobipocket.com DNS reveals that mails to and from mobipocket.com go through netsolmail.net which is provided by Network Solutions.

Network Solutions may be their mail host, but I strongly doubt their mailing list and mailing software exists on Network Solutions' servers. (And would you want it to?)

On the *nix boxes I administered, email to/from was possible, but "mailhost" was an upstream Exchange Server. The Solaris boxes forwarded outgoing mail to it, and got incoming mail from it.

I think that's what Mobi is doing with NS. NS is mailhost, and actually sends/receives mail forwarded from/to the Mobi server. But the user list is on the Mobi server, so...
______
Dennis

[Alexander Turcic]

Quote:

Originally Posted by DMcCunney

I think that's what Mobi is doing with NS. NS is mailhost, and actually sends/receives mail forwarded from/to the Mobi server. But the user list is on the Mobi server, so...

Dennis, I understand what you're saying. Still, it's not an excuse for not notifying their customers as soon as they found out about the hack attempt. Even if they had to disconnect their infrastructure from the Net, they could have accessed their mailing list internally and sent out the mails using their external provider.

[DMcCunney]

Quote:

Originally Posted by Alexander Turcic

Dennis, I understand what you're saying. Still, it's not an excuse for not notifying their customers as soon as they found out about the hack attempt. Even if they had to disconnect their infrastructure from the Net, they could have accessed their mailing list internally and sent out the mails using their external provider.

Could they?

We don't know what their setup is, nor how many warm bodies they had to work on the issue. It might have been a case of "We can work on determining how the site was hacked, what the exposure is, putting fixes in place to prevent a recurrence, and getting the site back on line and accepting revenue, or we can work on extracting the user list, generating an email explaining things, and forwarding it through NS. We don't have the resources to do both at once. Which is more important?" Betcha management would say "Getting the site back up and generating revenue"...
______
Dennis

[nekokami]

Which brings us back to the fact that the event happened in France in August.