[23244] in bugtraq
Fwd: An Important Message From HostRocket
daemon@ATHENA.MIT.EDU (§ o m e 1)
Fri Nov 23 19:05:19 2001
From: "§ o m e 1" <sleeping_bum@hotmail.com>
To: bugtraq@securityfocus.com
Date: Sat, 24 Nov 2001 02:11:51 +0300
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F851llQRrq6BZP4jNhH0000876c@hotmail.com>
>From: "Customers" <support@hostrocket.com>
>Reply-To: "Customers" <support@hostrocket.com>
>To: sleeping_bum@hotmail.com
>Subject: An Important Message From HostRocket
>Date: 23 Nov 2001 17:58:18 -0000
>MIME-Version: 1.0
>Received: from [66.162.64.120] by hotmail.com (3.2) with ESMTP id
>MHotMailBDC7E58700AC4004315742A24078B7A80; Fri, 23 Nov 2001 10:50:48 -0800
>Received: (qmail 17365 invoked by uid 99); 23 Nov 2001 17:58:18 -0000
>From support@hostrocket.com Fri, 23 Nov 2001 10:51:26 -0800
>Message-ID: <20011123175818.17364.qmail@host20.hrwebservices.net>
>Errors-To: "Customers Administrator" <support@hostrocket.com>
>Organization: Customers
>List: Customers
>List-Archive:
>http://66.162.64.120/cgi-bin/mojo.cgi?flavor=archive&list=Customers
>List-ID: 20011123125431
>List-Owner: <support@hostrocket.com>
>List-Subscribe:
>http://66.162.64.120/cgi-bin/mojo.cgi?flavor=subscribe&list=Customers
>List-Unsubscribe:
>http://66.162.64.120/cgi-bin/mojo.cgi?flavor=unsubscribe&list=Customers
>List-URL: http://66.162.64.120/cgi-bin/mojo.cgi?list=Customers
>List-Software: Mojo Mail 2.5.1 http://mojo.skazat.com
>Precedence: list
>X-Priority: 3
>
>Dear Customer,
>
>You are receiving this letter because you either are a current or a past
>customer of HR Web Services (HostRocket.Com). The letter below details to
>you the specifics of the situation including what has happened, what is
>being done to remedy the situation and prevent its reoccurrence, and what
>you the customer need to do.
>
>What Happened:
>
>A security hole found in a 3rd party billing software package used by us to
>manage our customer billing which has had no known security holes until
>this date was exposed, and the possibility arose that this information may
>have found its way into the hands of people who should not have it, despite
>our use of both SSL and heavy encryption. We have no confirmation that
>this information is in the hands of anyone with any malicious intent
>towards our customers at this time, however the possibility may exist in
>the future. We cannot release the details of what program it was etc. yet
>as there are many other hosts out there that run the same software package
>who’s information will need to be protected as well.
>
>What We Did:
>
>Immediately upon the discovery of the intrusion we disabled the affected
>systems to prevent the possibility of further access. We then immediately
>contacted the credit card processing companies involved to make them aware
>of the possibility that the card info was compromised. They assured us
>that the card issuing banks would be notified immediately about the
>situation, and it will be up to their discretion whether or not there is a
>large enough threat posed by this to warrant canceling the cards and
>issuing replacements. They also reminded us to remind you the consumer
>that you are not and would not be responsible for any fraudulent
>transactions that might occur on your card in a worst-case scenario.
>
>The details regarding this policy implemented by Visa are located at:
>http://www.usa.visa.com/personal/secure_with_visa/
>
>The details regarding this policy implemented by MasterCard are located at:
>http://mastercard.com/general/zero_liability.html/
>
>What We Are Doing Now:
>
>The billing system was heavily modified to be more secure and moved to a
>new more secure server in a new physical location and locked down with no
>outside connection to the general Internet available for the affect backend
>system, which has also been completely recoded. Along with this, all
>account passwords have been changed and new passwords sent to all current
>HostRocket customers. Other security policy changes are as follows.
>
>-3 digit confirmation code on the back signature panel of all cards to be
>submitted with new orders.
>
>-All new orders to be confirmed by a live person on our staff before
>account activation.
>
>-All telnet access to all hosting servers and requiring customers to use
>SSH (secure shell).
>
>-IDS (intrusion detection systems) are being installed on all of our
>hosting servers.
>
>These additional security measures are to help cut down on possible
>security breaches on other servers of ours in the future.
>
>What You The Customer Should Do:
>
>All affected customers should contact their credit card company to see if
>they feel that the card should be placed on hold. Check to make sure that
>you have received your new login and password information which should be
>coming shortly after this email, and that the login and password work for
>your account. If they do not work, please contact us for immediate
>resolution of any account access problems.
>
>We at HostRocket apologize repeatedly for any and all inconvenience this
>will cause everyone involved. We have hired additional staff to help with
>the expected influx of support and to finish up our own in house billing
>system which we have coded from the ground up and know to be secure. We
>greatly appreciate your understanding and continued support, and look
>forward towards working both for and with you to improve our services to
>you and your websites alike during the coming years.
>
>-The HostRocket Team
>http://www.hostrocket.com
>
>
>--
>To unsubscribe from: Customers, just follow this link:
>
>http://66.162.64.120/cgi-bin/mojo.cgi?f=u&l=Customers&e=sleeping_bum@hotmail.com&p=8233
>
>Click the link, or copy and paste the address into your browser.
>
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
