Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSI E-mail Vunerability

Posted by ryuzaki0 on from the everyone-come-in dept.

blackwidow sent us the latest in the Web-mail security gaffes. After creating accounts that had easily guessable passwords, it turns out the security for the NSI Webmail accounts is...breachable (Hint - understatement). Ya know, all I wanted was my domains to work - I don't want more then I ask for *sigh*.

5 of 80 comments (clear)

  1. Yet another reason to switch to NameSecure by RelliK · · Score: 3
    news.com has a story about how NSI and NameSecure handle domain disputes. NSI once again screwed over a small company, Virtual Works, that registered the domain vw.net. They just transfered the domain to Volksvagen and Virtual Works had to spend big bucks in court to get it back.

    On the other hand, NameSecure's policy is exactly opposite to NSI's. They don't transfer the domain until they get the court order.

    That is a reason enough to switch to NameSecure. Not to mention that the totally moronic email screw up is outrageous.

    --
    ___
    If you think big enough, you'll never have to do it.
  2. MS Parallels... by rde · · Score: 3

    If you think of MS as a company that adds unwanted features to such an extent that it's too big to properly support, you'll probably be whispering 'deja vu' to yourself right now.
    Competition is opening up, and NSI want to add features so that people'll stay with them. Unfortunately, they're adding these features quickly so as not to miss the boat, little realising that half-assed, bug-ridden pseudo-features are the pretty much guaranteed to drive the masses away in hordes.

  3. webmaster@dotcomnow.com Auto-reply by TheNetman · · Score: 5
    If you send e-mail to webmaster@dotcomnow.com you get a nice little response that is both entertaining and informative. (although I had no idea who could have put up such a amusing bit of text) *grin*


    If a packet hits a pocket on a socket on a port,
    And the bus is interrupted as a very last resort,
    And the address of the memory makes your floppy disk abort,
    Then the socket packet pocket has an error to report!

    If your cursor finds a menu item followed by a dash,
    And the double-clicking icon puts your window in the trash,
    And your data is corrupted 'cause the index doesn't hash,
    Then your situation's hopeless, and your system's gonna crash!

    If the label on the cable on the table at your house,
    Says the network is connected to the button on your mouse,
    But your packets want to tunnel on another protocol,
    That's repeatedly rejected by the printer down the hall,
    And your screen is all distorted by the side effects of gauss,
    So your icons in the window are as wavy as a souse,

    Then you may as well reboot and go out with a bang,
    'Cause as sure as I'm a poet, the sucker's gonna hang!

    When the copy of your floppy's getting sloppy on the disk,
    And the microcode instructions cause unnecessary risc,
    Then you have to flash your memory and you'll want to ram your rom.
    Quickly turn off the computer and be sure to tell your mom!

    Thank you for writing dotcomnow.

    P.S. As you can probably guess, the security of dotcom
    mail is less than stellar. If NSI had a clue, they
    would probably recommend that you do not utilize the
    dotcom mail service for mission critical or sensitive
    communications.

    Sincerely,
    Anonymous Coward

    -NSI... we put the Duh? in dot.com

    --
    (Score: -1, Thou Hast Lost an Eighth)
  4. A suggestion for NSI, and OTHERS too... by mosch · · Score: 3

    NSI: if you're going to give us additional features, then

    a) make them optional in an opt-in setup. you'll get fewer immediate signups, but they'll be people who wanted the service.

    b) make them secure. your market is a reasonably technically savvy audiance, and they can spot this stuff a mile away.

    c) make them RELEVENT. The world doesn't need Yet Another Web-mail provider. There's already hotmail, mail.com, etc, etc, etc. not to mention the fact that you targetted people who already administer their own domains. Most of us are happy with our domains.

    d) follow your own rules. If I'm not allowed to use your database for spamming, you certainly aren't allowed to use it to spam either. that's just basic ethics.

    Now if only they'd take this into consideration...

  5. Re:Bells and whistles by dattaway · · Score: 3

    IMHO this is another example of a company doing what dejanews did.

    Usually, sending compliments to people for a fine job is great. Dejanews was a different story.

    Once dejanews had a email soliciting comments about their service. As it was a great service, I let them know why it was valuable to me and told them "don't change a thing!"" because it was perfect. A short time later, they did the unthinkable and trashed a fine search interface with bloated crap from hell. So much for my suggestion. I still have that email and the thanks they gave me for the compliments.

    I suspect they were looking for emails of praise and saving them for later as testimonials. Dirty tricks... Why do so many commercial companies wish to screw customers?