|
|
| Author |
Message |
meme
|
| Joined: 10 Mar 2005 |
| Posts: 23 |
|
8.00 Points
|
|
|
Hushmail hacked again??
Fri Apr 29, 2005 6:18 am |
 |
|
The other day, hushmail;s front page was replaced by another page.
Just a minute ago, I went to their page.
http://www.hushmail.com looks fine . . . or does it??
https://www.hushmail.com give an error!!!
Am I wrong in thinking that someone is pharming for passwords??
EDIT:
10 minutes after I initally saw the problem, it isn't happening anymore . . . I'm still a little concerned to say the least! |
|
| Back to top |
|
 |
wellbie
|
| Joined: 29 Apr 2005 |
| Posts: 5 |
|
195.40 Points
|
|
|
Re: Hushmail hacked again??
Fri Apr 29, 2005 7:43 am |
|
|
| meme wrote: |
The other day, hushmail;s front page was replaced by another page.
Just a minute ago, I went to their page.
http://www.hushmail.com looks fine . . . or does it??
https://www.hushmail.com give an error!!!
Am I wrong in thinking that someone is pharming for passwords??
EDIT:
10 minutes after I initally saw the problem, it isn't happening anymore . . . I'm still a little concerned to say the least!
|
the prob has been solved , to my thinking , but there was a big prob
Hushmail System Status
Tuesday April 26, 1:45 PM PST
We have been in communication with Network Solutions since Saturday evening when the DNS change occured. An unauthorized party, using a name not associated with Hush Communications, called the Network Solutions support center, and gained access to our customer account and altered our settings. Hush Communications continues to await the completion of the investigation undertaken at our request by Network Solutions.
We will continue to update our users as more information becomes available. We would also like to express our appreciation for the patience shown by our users during this time.
To the best of our knowledge, the DNS issues caused by the caching of the altered addresses should now have ceased. The correct addresses should now have propagated accross the Internet, and all users should be able to access Hushmail.
Monday April 25, 2:30 PM PST
Some servers throughout the Internet are still caching the wrong addresses for hushmail.com. We expect that all these addresses will be updated in the next 6 or 7 hours. In the interim, users are now able to access Hushmail through https://www.hush.com. This will avoid the problems associated with hushmail.com DNS records as the hush.com DNS settings were not affected. If you continue to have problems, please contact us through the form at https://www.hush.com/contact.
All servers on the Hushmail network are functioning normally.
Sunday April 24, 3:30 PM PST
On April 23rd, an unauthorized party gained access to our customer account at our domain registrar.
A domain registrar is a company that is responsible for controlling which website actually gets displayed when you enter an address (such as www.hushmail.com) in your web browser. Therefore, by breaching security at our domain registrar, the unauthorized party was able to control which website would be displayed when users entered the address www.hushmail.com.
The unauthorized party altered the domain settings so that users entering www.hushmail.com in their web browser were no longer directed to our real website. Instead, users were redirected to a different website at a different location. Soon that website was shut down, and users simply received an error page.
We are following up with our domain registrar to determine how the unauthorized party was able to gain access to their system.
There was no unauthorized access to any of the Hush servers. Data managed by Hush was not compromised. During this period, email sent to hushmail.com may not have been delivered.
Please accept our sincerest apologies for the inconvenience this has caused. We take this incident very seriously, and will continue to update this page as more information becomes available.
Note on Non-secure and Secure Web Pages
Non-secure web pages are accessed by addresses that start with "http://". The content is not encrypted, and the page source is not verified. The lock icon in your status bar will not be displayed.
Secure web pages are accessed by addresses that start with "https://". The content is encrypted, and the page source is verified. The lock icon in your status bar will show a closed lock.
If a domain registrar directs you to the wrong website for a secure web page, the verification will fail, and your browser will display errors.
Although the front page and text content of www.hushmail.com can be accessed by either a secure or non-secure web page, sensitive pages such as the pages where you enter your passphrase, access your email, or supply credit card information are always served as secure web pages.
To guard against the danger of domain redirection, always be sure that when you enter your passphrase you are on a secure web page with the lock on your browser closed, and that the address in your address bar says "hushmail.com". If your browser displays any error messages about the "certificate" that verifies the website, do not continue.
To ensure maximum safety, use secure web pages whenever possible. If you are just browsing the Hushmail website, you can access the secure page at https://www.hushmail.com instead of the page at http://www.hushmail.com.
Sunday April 24, 12:00 AM PST
In recent hours we have been made aware that security was compromised at the domain registrar responsible for the hushmail.com domain. For a brief period, this domain was forwarded to a server belonging to an unidentified party, which resulted in our web page being unavailable or appearing defaced.
There was no unauthorized access to any of the Hush servers. Data managed by Hush was not compromised. During this period, email sent to hushmail.com will not have been delivered.
Please accept our sincerest apologies for the inconvenience this has caused. We take this incident very seriously, and will continue to update this page as more information becomes available. |
|
| Back to top |
|
|
meme
|
| Joined: 10 Mar 2005 |
| Posts: 23 |
|
8.00 Points
|
|
|
https:// error message
Fri Apr 29, 2005 7:46 am |
|
|
| OK, today when I typed in "https://www.hushmail.com" I got an error message and could not load the page. "http://www.hushmail.com" looked to be the front page, but was it at that momemt? A few minutes later the "https://" address worked fine again, so this might be moot . . . but it is touchy. |
|
| Back to top |
|
|
wellbie
|
| Joined: 29 Apr 2005 |
| Posts: 5 |
|
195.40 Points
|
|
|
Re: https:// error message
Fri Apr 29, 2005 7:51 am |
|
|
| meme wrote: |
|
OK, today when I typed in "https://www.hushmail.com" I got an error message and could not load the page. "http://www.hushmail.com" looked to be the front page, but was it at that momemt? A few minutes later the "https://" address worked fine again, so this might be moot . . . but it is touchy.
|
a lot of peep are having this prob , but wellbie has never had it yet! . and hope like the dickens never doo, wellbie has it saved to fav
http://www.hushmail.com/login?PHPSESSID=1421f40daccfbcfc7b75f1ee505e7069 |
|
| Back to top |
|
|
|
|
|
Powered by phpBB 2.0.11 © 2001, 2002 phpBB Group
Igloo Theme Version 1.0 :: Created By: Andrew Charron
|
Forums
Rhodium
The Hive
Shop
Profile
Log in
Register
Log in to check your private messages
4279