Our interpretation of the Password letter

December 4, 2007

“We wrote to you on the 18th October 2007 advising that you change all of the passwords on your Fasthosts account in order to prevent any unauthorised access following the network intrusion we previously communicated.”

We did tell you to change your passwords, just by using slightly different words, it proves that we told you, and if you didn’t change your password, we did it for you, because it was the right thing to do.  We don’t “tell” you things, we “communicate” them to you.  This is because we are an important company.


Whilst we have found the vulnerability that caused this issue, and have installed a system wide security audit to improve and enhance our security, we also advised you to change your Control Panel, FTP and email passwords as a precaution.

We are so experienced with technology that we can assure you that an ‘Audit’ can be installed and just by having an audit, all our security problems will be fixed.  In case we haven’t said it already, we told you to change your passwords.  If we repeat it here, it’s like it’s definitely true.  We did tell you, and even lawyers will have to go away because it is true.  We told you, we did. You should have.

On Thursday 20th November, we were made aware that a small number of customers who did not change their passwords experienced a compromise to their FTP space.

Even though we had already told you to change your password, you didn’t.  We discovered this when we spotted that…  erm…  …let me see…  well there was probably something that happened…  erm..  get back to you, m’kay?

As a result, and in order to totally protect all of our customers and your customers, we have implemented an automatic password change for every control panel, pcp, fptp or sql password that was not previously reset.

Even though we clearly state in our Terms and Conditions that we take no responsibility for the security of your site and files, or backup your data and files, we decided on this occasion to protect you from the worst possible scenario, your website being down, by erm… taking your website down.  Admittedly this may seem on the face of it to be a silly move, and contrary to anything we have told you in the past about how much we care about your data, but we did tell you change your password and six weeks later we decided enough is enough.

Now we have mentioned that passwords could be previously reset, we feel that this has definitely set in stone that a mandatory password change was synergic to the enhanced empowerment of you as part of the Fasthosts family.

…and get this, because your website is now completely inaccessible, you are like Totally Protected.

Your new Control Panel password is below, we recommend that you change this password immediately.

Note how we have crept the use of the word ‘recommend’ back into a sentence that ends in ‘immediately’?  See what we have done here, clever isn’t it.  Now you know what we meant in the magic letter of October 18th, we were telling you to do it immediately, immediately, look into my eyes, look right into my my eyes, not around the eyes….

You can now log into your Control Panel and reset all FTP, PCP and database passwords within your account.

…like we communicated you to on 18th October – this is your last chance…

Following this, we will change all email passwords on Thursday 13th December – if you have not changed all the email passwords within your account by that date, we will automatically scramble them requiring you to reset them.

Now that you have been told, if just one of the emails on your account has not been changed by Thursday 13th December, they will all be changed, and you’ll have to go through the whole process again.  Think we are kidding, well how about all of those people who managed to change all their passwords except for one long-forgotten pcp last week – we reset all their passwords didn’t we…  haha ha-ha-ha hahaha-  (maniacal laughter ensues), BE WARNED.

[Note from the editor: Seriously, make sure that you know exactly where you are on your email passwords.  This paragraph is ambiguous enough to allow FH to come back on Friday 14th and say that they gave you fair warning in this letter, “perhaps we could have made it clearer but we are still not sorry”]

We apologise for the inconvenience that this has caused your business, but trust you understand that our primary concern is for our customers and the security of their websites and data. 

Even though our Terms & Conditions state that we have no responsibility for the security of your data, from October 18th we have made it our PRIMARY CONCERN.  Since we have made this the fundamental explanation for this issue, and our reason for being, you can now look forward to data and site backups and lots of other goodies to help us to protect our PRIMARY CONCERN which is the security of your websites and data.

 [Note from the editor: Never use the word ‘but’ when making an apology.  It makes the whole thing sound insincere…  what’s that?  ..you already know…  oh, I see, ‘master of insincerity’, I get it.  …Hmm, ever considered politics?  Well don’t, you are not good enough]

Unfortunately an automatic password change is the only way of ensuring that all our customers are totally secure.

Secure, yes.  In fact as an extra layer, we effectively took your business offline for 5 days.  See how much we care for you?  “Chinese Hackers Are Coming!!”

If you have any questions relating to this, please contact Customer Support Team on 0870 888 3600 or customersupport@fasthosts.co.uk who will be more than happy to help you.

If you can still afford it, call our premium rate number and hold for an hour, but make sure that when you do get through you don’t ask any questions about why we did it, or why we didn’t consider alternatives, or the fact that our new PRIMARY CONCERN is about you and the security of your websites and data, and therefore we should offer backups or stop exposing the databases outside of localhost, or anything in fact that take advantage of the statement that our PRIMARY CONCERN, being primary and therefore over-riding everything else, allows you to question all areas of our security.

Actually, if at all possible, please don’t ring, because to be honest, you’ll only be disappointed, and we wouldn’t like you to have a bad day.

Thank you once again for your understanding and cooperation on this matter.

Hey Michael, Michael, look!  I’ve got this book on patronising people, and it’s come up with the ultimately most totally patronising way to end a letter.  See, look you are thanking people for their understanding that you have assumed and then further assuming that they are cooperating!!  See how that works?, Genuis!! I mean this sort of thing was rife in the 1970’s, so people won’t even expect it these days – shall we use it?  No, we can’t make patronising our PRIMARY CONCERN, we’ve already got one of those. 

Your Sincerely,

Fasthosts Internet Team

Shall we use ‘Internet Family’, would that be too much??  What about kisses?  No, OK. A hug?  Just one?  No, OK, OK.   Maybe I should put something at the end that says “we told you to change your passwords, you didn’t..”   Think it needs that?  Oh, OK, well lets get this printed and out today?  OK?

What do you mean the post office is shut?

[ Note from the editor to Fasthosts – when you need to urgently send out passwords to your customer base, who are in a mad panic about their slowly collapsing business and all the work they’ll need to do to recover before Christmas, just send the F***ing passwords, and don’t waste a day drafting a letter and then have meetings to discuss how things should be worded.  This letter should have said:

Dear Customer,

  Here is your new Control Panel password: 7aDrebun

  We will be writing to you shortly with an explanation of the recent password change.

  Yours with a new primary concern,

Fashosts Internet Familey xox

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: