Sign up to Get FREE Steroids, SARMS, Peptides eBooks
As some of you unfortunately found out a week ago, on April 23rd, a hacker gained access to Hush Communications\' customer account at Network Solutions, a Verisign company. Network Solutions is the domain registrar for Hush Communications (hushmail.com) as well as Yahoo, Amazon, and the majority of all web sites. A domain registrar is a company that is responsible for controlling which website actually gets displayed when you enter an address (such as www.elitefitness.com) in your web browser. Therefore, by breaching security at our domain registrar, the unauthorized party was able to control which website would be displayed when users entered the address www.hushmail.com. The unauthorized party altered the domain settings so that users entering www.hushmail.com in their web browser were no longer directed to their real website. Instead, users were redirected to a different website at a different location. Soon that website was shut down, and users simply received an error page. Since Hush manages the mail servers for EliteFitness.com, Cyber-Rights, and others, the EliteFitness.com email was temporarily affected. There was no unauthorized access to any of the Hush or Elite servers. Data managed by Hush or Elite was not compromised. During this period, email sent to hushmail.com or EliteFitness.com may not have been delivered. Hush has been in communication with Network Solutions since Saturday evening when the DNS change occurred. An unauthorized party, using a name not associated with Hush Communications, called the Network Solutions support center, and gained access to their customer account and altered their settings. Hush Communications continues to await the completion of the investigation undertaken at our request by Network Solutions. "They used a name not associated with Hush Communications and was able to get information from Network Solutions," Brian Smith from Hush said. Using the information collected from Network Solutions\' customer service, Smith said the DNS information was changed to redirect users visiting the "hushmail.com" URL to a defaced Web site. | The Importance of Secure Encrypted Web Based Email There are numerous steps you can take to ensure your privacy, but first and foremost is securing and encrypting the email you send and receive. And the second is moving your email messages and sensitive files offshore where they will be impervious to US subpoena. The easiest way to do this is with free EliteFitness.com Stealth Messaging that uses 2,048-bit encryption for total privacy, security and peace of mind. EliteFitness.com Stealth Messaging works like a yahoo.com or hotmail.com email account. You get a cool email address like [email protected] and you send and receive email through a web page - in this case, www.elitefitness.com/mail. By contrast with yahoo for example, EliteFitness.com Stealth Messaging keeps your online communications private and secure. Not even an EliteFitness.com employee with access to our servers can read your encrypted email, since each message is uniquely encoded before it leaves your computer. An EliteFitness.com Stealth Messaging account lets you communicate in total security with any other hushmail.com, cyber-rights.com, PGP, and of course other elitefitness.com email users. In addition, our mail servers are located offshore making your private communications impervious to subpoena. You might wonder why our email system is so secure. The reason is that the source code to the Hush Encryption Engine, which provides key management, encryption, and digital signature functionality for EliteFitness.com Stealth Messaging, is freely available to anyone who wants to look at it. For techies, here\'s a link where you can read all about the key technology that secures your EliteFitness.com email. In addition to secure encrypted web-based email, there are a few other noteworthy features. First, there\'s Enhanced Spam Control. All EliteFitness.com Stealth Messaging accounts now benefit from improved Spam Detection, allowing for easy filtering and disposal of likely spam. Highly flexible, EliteFitness.com Stealth Messaging spam filters allow users to permit specific senders and domains, accept only encrypted e-mail for greater security, and automatically authenticate valid e-mail senders and thereby completely eliminate spam from automated bulk delivery agents! Log into your account, click the Spam Control tab at the top right of the screen and follow the directions given to take control of your inbox and help eliminate spam from the Internet. EliteFitness.com Stealth Messaging is pleased to announce the release of Online Document Storage through the familiar EliteFitness.com Stealth Messaging interface. Uploading and storing your files couldn\'t be easier - and all files are encrypted using the same Industrial Strength 2,048-bit encryption as your EliteFitness.com Stealth Messaging e-mail for total privacy, security and peace of mind. Secure Document Storage is available to all EliteFitness.com Stealth Messaging users at no extra charge. And, EliteFitness.com Stealth Messaging users can now share their Secure Document folders with other EliteFitness.com Stealth Messaging users at the click of a button. The IMAP Access service allows users to download their email to their local hard drive so that they can use Outlook or a similar program to manage their mail. And, all EliteFitness.com Stealth Messaging users can now access External POP3 accounts from within EliteFitness.com Stealth Messaging, at no extra cost! To enable a POP3 account, login to your EliteFitness.com Stealth Messaging account, access the Preferences menu, and click on External Email (POP) Accounts. Here\'s a link to get a free email account. |
For a brief period, Hushmail\'s domain was either unavailable or appeared defaced with an image of Hushmail\'s logo with the following text: "The Secret Service is watching. - Agent Leth and Clown Jeet 3k Inc." Zone-H.org has archived a screenshot of the defacement.
Smith said Network Solutions promised to investigate and issue a statement on the breach, but at press time Friday, Hushmail had yet to receive official communication from the Herndon, Va.-based registrar.
Network Solutions spokeswoman Susan Wade confirmed that the breach occurred as a result of certain weaknesses in the registrar\'s customer-service security measures but declined to provide specifics, citing customer privacy issues.
"We\'re seriously investigating the incident. We are aware that a hacker temporarily altered this customer\'s [DNS records]. Our security team promptly rectified the situation," Wade told Ziff Davis Internet News.
She described the breach as an "isolated incident" and said Network Solutions would immediately institute "additional security measures to ensure it doesn\'t occur in the future."
"We\'ve brought everyone in and gone over the procedures, and we\'ve implemented some additional ones. I can\'t go into details for obvious reasons, but we are taking this very, very seriously," Wade added.
In addition to supporting the Police investigation in Vancouver, Wade said a separate criminal investigation is being launched in the United States. At Hushmail\'s end, Smith said the episode has been frustrating. "We\'re still waiting for a statement from Network Solutions. We were told by an employee that the attacker was given the DNS information over the telephone, but they\'ve not sent anything official to us. I don\'t want to comment on what may or may not have happened at their end," Smith said. For now, Hushmail is working to erase the negative perception of an e-mail security provider with a major server breach. "Initially, it was embarrassing but we\'re pleased that the users and the media have been very sympathetic to what happened here. To nontechnical users, it will take some explaining, but it\'s quite clear that this could have happened to anyone." |
|
"The Internet as a whole is a notoriously nonsecure infrastructure. We\'re operating within that. This is a big worry for the entire Internet. That\'s why phishing, pharming and social engineering attacks have become a big issue," Smith said.
Hushmail has been up front about the hacking attack, publishing a daily log with updates for users.
"To the best of our knowledge, the DNS issues caused by the caching of the altered addresses should now have ceased. The correct addresses should now have propagated across the Internet, and all users should be able to access Hushmail," the latest entry says.
The company said there was no unauthorized access to any of the Hush servers. "Data managed by Hush was not compromised. During this period, e-mail sent to hushmail.com will not have been delivered," Hushmail said.
Rick Fleming, chief technology officer at Texas-based security outfit Digital Defense Inc., said the Hushmail nightmare points to a "major weakness" in the way domain name registrars authenticate requests for DNS changes.
"We\'ll continue to see these types of social engineering attacks because it\'s becoming easier to impersonate someone and collect information. There is definitely a weakness in the way the domain name registrars handle authentication. If they don\'t have a way to adequately identify who the domain owners are, these attacks will continue to happen," Fleming said.
"What\'s to stop this from affecting a Yahoo or a Google? Nothing. The underlying flaw is the domain name systems work. It\'s an implied trusted relationship without any authentication or verification and that needs to be fixed," Fleming said.
Excerpts of this article are from eWeek. Here\'s a link to the eWeek Article and here\'s a link to what the defacement looked like.
Here\'s a link where you can discuss this article on the EliteFitness.com Forums.
Finally, to make amends for any down time you experienced, we\'re running a special on Premium Secure Encrypted Web-Based email accounts. The following 50% off savings are valid until May 15th.
- Annual Billing $29.99 per year (+One-time setup fee of $19.99 Waived!)
- Additional Storage: Additional Storage 50% off until May 15th.
- No additional storage (32 MB total!)
- 32 MB additional storage for $10.00 per year (64 MB total!)
- 64 MB additional storage for $20.00 per year (96 MB total!)
- 96 MB additional storage for $30.00 per year (128 MB total!)
PS: When you become a Platinum Member of the EliteFitness.com Discussion Forums, you get access to the Elite Fitness Discussion Boards Stealth Web Address! Ever want to screw your boss by surfing the Discussion Forums at work and not get caught? Want to really screw with him and the company Systems Administrator too? Now it\'s easy, because Platinum members can access the Elite Fitness Discussion Forums not only from www.elitefitness.com, but also from the new stealth URL www.ExpertPcSupport.com.
If your boss checks your PC or your office\'s access logs, all he\'ll see is that you were getting help with your PC at www.ExpertPcSupport.com. But you were really surfing the Elite Fitness Discussion Boards using the expertpcsupport.com stealth web address.
The ExpertPCSupport.com home page looks like this:
"The goal of Expert PC Support is to help users troubleshoot and solve their computer problems, as well as help them practice good computer maintenance. Find free device drivers, technical support, installation guides, and other troubleshooting information for all your computer needs." Ha Ha Ha, who are we kidding? Only you and the Platinum Members will know!
Here\'s a link to become a Platinum Member today.
Do you want massive shoulders, huge pecs and ripped abs, reeking of power and sex? For most guys, it\'s tough, but for a few, it\'s easy if you know exactly what to do...Finally, onesingle guide tells you the bottom line on everything: training, diet, supplements, and steroids! And it shows you how to put it all together to quickly and safely build the thick, dense muscle mass that girls love and shred off your extra fat!But don\'t be a casualty of misinformation! Do not fall victim to the Bodybuilding Scammers (the Magazine Publishers, Supplement Makers, and Web Sites) who\'ll take your money and keep you small!Learn how to detect their lies and money wasting scams and learn the bottom line toward more muscle -- right away!And start growing... |