IMPORTANT! Have you received an email to your forum username?

HateLPG

Please: Some ACS (Applied Common Sense) required.

I have already sent an email broadly to this effect to the MSE team, but working on the assumption that they are more likely to be able to follow this thread, rather than sift through the (inevitably) huge inbox they must be cursed with right now, I thought I'd post these comments here.

Entertaining as all these rants/flames/me-toos/techincal comments on this thread may be, and helpful as some of the posts might be to the technical team, this thread is rapidly becoming of little assistance to the "concerned user".

In my opinion, there are a number of points that need addressing for the benefit of all users of whatever level of technical expertise/wisdom - remember, there is a complete spectrum of users here from complete novices to technical and security specalists with many years of experience. Just because the answer is obvious to you, doesn't mean that it's obvious to everyone. There has been a lot of speculation and suggestion in this thread, some good, some bad, some fascinating, but I would contend that only MSE are in a position (and have a responsibility) to give *definitive* answers to these and I am sure they are working flat out to get to the bottom of this. I would also suggest that, important as it is to identify how the data became compromised (and in no way am I saying this should not be investigated most thoroughly) the prime effort in the first instance should be to mitigate any further risk, either to the users or to MSE. To this end, I would expect that new signups would be disabled, until such time as it is known beyond reasonable doubt that this is the result of a historical security breach. I would suggest that MSE then set up an "ADMIN POST ONLY" thread, to answer the following questions, in order, as and when definitive answers become available:

1) What are we talking about here (i.e. an explanation of the email that was sent, for those that aren't aware of it)

2) Am I at risk if I simply received the email, read it and deleted it (without clicking anything)?

3) Ooops, silly me, I clicked - the link - downloaded the file - opened the file - ran the file etc etc. What risk at I am now and what steps do I need to take to ensure I'm safe?

4) OK, so I might have got infected. Can MSE tell me exactly what the payload of the file was and at what risk it puts me?

5) I ran the file, but then found this thread. My A/V can't / didn't find anything. Am I safe? If not, what A/V (free or otherwise) could MSE recommend that WILL find the infection.

6) I've found I'm infected. What do I do about it? Will it have got into all parts of my system or is it just restricted to the drive I ran it on?

7) I've done everything suggested to rid myself of the infection. What now? How can I be CERTAIN that it's gone?

8) Do I need to change my email address/passwords?

9) What do I do if I receive any MORE mails like those?

OK - that's the *immediate* risk to the user dealt with. Now, we know that there has in the past been a breach of security - that's happened, and while none of us will accept that that is right, we have to accept the fact of the matter, so .........

10) Is this email related to the previously reported security breach (2009)?

11) Is it related ONLY to the previously reported security breach, or has there been a subsequent breach or is there any ongoing breach of security?

12) Has the cause of the breach been definitively identified (I wouldn't expect detail here, for obvious reasons, but a simple statement to the effect that "Yes we know what happened and how it happened and we've taken steps to stop it happening again" would suffice).

13) If and when the precise nature of the breach is identified (I shouldn't have to add "and resolved"), exactly WHAT data was compromised. If it is not possible to identify the specifics, what data is LIKELY to have been compromised.

12) What steps are being taken to ensure that as far as is humanly possible, this doesn't recur?

13) Will MSE put in more robust and rigorous warning mechanisms in place for ALL signed up members (I would contend that the warning PM took far too long to be released)

I have NOT made the obvious suggestions here or stated what *I* think the answers are - that would contradict my fundamental assertion that the definitive advice on the matter should come from MSE and MSE alone.

One final thing - Maybe MSE should be taken to task for this, or maybe you contend that they are doing such a great job that some things are forgiveable. Either way, that is your opinion and your entitled to it, and I think it is a point very worthy of discussion. But could I suggest that this thread break itself (or be broken) into new threads, maybe:

• "Have you received an email to your forum username.METOO"
• "Have you received an email to your forum username.IDIDNTGETONENOBODYLOVESME"
• "Have you received an email to your forum username.RANT"
• "Have you received an email to your forum username.TECH"
• "Have you received an email to your forum username.DISCUSS"
• etc etc

That would be far more useful (and probably entertaining) to all concerned to be able to read the stuff that interests them without wading through the noise

Ed_Jogg

A lot of common sense there from HateLPG -- I skipped 37 pages of this thread, so I only know (and care) about what is in the first and last posts.

I wanted to complete the survey, but there was not an option for me.

I changed the email address used for MSE newsletters in May 2009 -- now a Googlemail address -- but I have NOT (yet) received the email.
This may or may not be of use to the MSE team.
I have not yet checked the previous address I used, which would be on my PC at home.

MSE_Martin

DeltaTwo wrote: »

Absolutely spot on! someone needed to say that.
i only quoted first para but really agree with all of that

i've been expecting to see more advice & guidance from the MSE team but have to say it hasn't really materialised so far.

It would also be nice to get more updates from the 'investigation' , an opportunity missed by webmaster this morning who took out the time to reply to some random poster's criticism.

The guidance is in the news story - which every PM links to as does the first post of this thread.

As for updates on the investigation - well we're working on investigating. We haven't found any holes yet - we are still looking, but we have quite beefed up security, based on advice received, so frankly if a hole was that easy to spot - it wouldn't be a hole.

I would ask people to be patient. And to remember if we do discover any flaws, or prime job is to fix them - requesting updates when they're aren't any is a distraction.

Ed_Jogg

Thank you Martin.
The MSE team need to be allowed to get on with their jobs.

I remember a Dilbert cartoon from a few years back, where the boss says to Dilbert:
"...and I want a daily report on why your project isn't making any progress."

nilrem_2

Ed_Jogg wrote: »

I changed the email address used for MSE newsletters in May 2009 -- now a Googlemail address -- but I have NOT (yet) received the email.

Did you check in the (hidden) Spam folder? I changed my email addy to googlemail some time ago and the rogue email was 'hiding' in the googlemail spam folder.

HateLPG

MSE_Martin wrote: »

The

Read "Some"

MSE_Martin wrote: »

guidance is

buried

MSE_Martin wrote: »

in the news story - which every PM links to as does the first post of this thread.

Which is my point exactly - it is necessary to wade through pages of waffle and irrelevance (especially, if like me, you've got MSE configured to show "latest post first") to get even a modicum of guidance.

Furthermore (and quite excusably, IMHO, as that first post WAS put up quite quickly after the issue appeared) it is long on speculation and supposition, and short on fact. Facts which by now, I would fully expect MSE to have. Specifically, it doesn't address the following key points from my original post:

4) OK, so I might have got infected. Can MSE tell me exactly what the payload of the file was and at what risk it puts me?

5) I ran the file, but then found this thread. My A/V can't / didn't find anything. Am I safe? If not, what A/V (free or otherwise) could MSE recommend that WILL find the infection.

6) I've found I'm infected. What do I do about it? Will it have got into all parts of my system or is it just restricted to the drive I ran it on?

7) I've done everything suggested to rid myself of the infection. What now? How can I be CERTAIN that it's gone?

8) Do I need to change my email address/passwords?

9) What do I do if I receive any MORE mails like those?

We all know you are under pressure on this one and hope that you are working flat out to get to the bottom of it, but if taking time out to answer the above questions stops just ONE subscriber to this forum being burned, then it was time out well spent.

Indeed, I would go further and say that you have a duty of care to your subscribers to make that information clearly and simply available as a matter of the utmost priority.

nilrem_2

MSE_Martin wrote: »

I would ask people to be patient.

I believe that the majority of people here are patient and are happy to let the team get on with the job . A few folks are a little paranoid about this 'wee' problem but IMHO there are a lot worse things to worry about.
These things happen all the time in the technological age; the perpetrators are often one step ahead and it's impossible to make anything 100% safe.

Rosie

I received one on 17th November but only discovered it today as it was in my junk folder.

HateLPG

nilrem wrote: »

I believe that the majority of people here are patient and are happy to let the team get on with the job . A few folks are a little paranoid about this 'wee' problem but IMHO there are a lot worse things to worry about.
These things happen all the time in the technological age; the perpetrators are often one step ahead and it's impossible to make anything 100% safe.

I don't entirely disagree and I know that getting to the bottom of this WILL take time and effort. I tried to make that clear in my original post and I'm sorry that that point has been missed. The data breach HAS occurred and we have to live with that and the consequences of that.

But that doesn't alter my key contention that there IS information that MSE WILL be in possession of that hasn't been made available and MUST be made available as a priority, to ensure that no one on this forum is damaged or suffers further consequential loss as a direct or indirect result by doing something silly.

I am NOT asking for "hourly" updates or anything silly like that - I know that is counter-productive and will waste time and resource - but a definition and clarification of the threat and payload would be a darned good place to start!

bulktrans

i rec one i think couple of days ago and just deleted it ..