ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Emerging tech Toolkit

Excite moves to halt password hack

Jane Wakefield ZDNet.co.uk

Published: 03 Sep 1999 12:19 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The hacker who broke into email accounts on Excite.co.uk and Ireland.com this week, thinks people would be "shocked" if they realised how poor security is on Web-based email services.

Stephen Finnegan, managing editor of Irish Internet magazine Web Ireland, accessed Excite.co.uk and Ireland.com accounts Wednesday using trial and error to guess passwords. In less than an hour he had gained access to over ten email accounts.

Excite staff were reluctant to discuss the security failure, but in a statement the company admittted there is a flaw in its system. "We are currently disabling the password hint feature of our Excite UK mail service and in addition are taking further measures to ensure that this type or any other breach does not occur," the statement to ZDNet UK said.

The facility has since been removed. Both Ireland.com and Excite.co.uk are now sending password prompts by email.

Graham Cluley, senior technology consultant of software firm Sophos was not surprised the Web-based mail systems were compromised, particularly in the wake of Hotmail's recent "glitch". He is not convinced Excite's changes will make the system entirely secure. "There are other problems with Web-based email like people's email being stored in the computer's cache when they log-on in hotels, airports, etc. The next person to use the system could read their email," he said.

Despite the apparent risks Cluley doesn't think people will stop using Web-based mail. "Confidence will have been hit but it is so convenient and people like that."

Stefan Elmer, analyst with research firm IDC is not convinced consumers are worried about strangers reading their email. "My impression is that people don't really care about their email. Employers reading employees mail is a much more serious issue," he said. Despite this, he predicts a big future for sites like Hush.mail which offer encrypted services.

Worried about this spate of email cracks?

Tell the Mailroom

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Kyocera

Did you find this article useful?
37 out of 75 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Emerging tech



Company/Topic Alerts

Create a new alert from the list below:












Featured Talkback

While full medical records may be of (dubious) value at rear/base medical facilities, these could be provided much simpler by either physical disk or electronic transfer to an "in theatre" database for individuals posted in. That £80m (and it's associated running costs) could have been far better employed in resuscitating a disbanded infantry battalion or providing a big boost in equipment quality and quantity.

By: 1000215420

Read full story:
Photos: MoD unveils £80m IT health programme