Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

AOL's Merlin Compromised?

Posted by CmdrTaco on Sun Feb 23, 2003 01:40 PM
from the that-would-suck dept.
Security America Online
Neophytus writes "The Inquirer reports that AOL's central customer database, Merlin, may have been been compromised by crackers. This, even though it required 'a user ID, two passwords, and a specialized ID code' to gain access to. That's 35 million user's names, addresses, emails and credit card details - a goldmine for spammers and fraudsters alike. As they they put it, 'AOL can now add another accomplishment to its list: Biggest security disaster in ISP history.' The Register is also running a story explaining why this is not particularly likly, though." Here's the original Wired story.
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

AOL's Merlin Compromised? 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Welcome! (Score:5, Funny)

    by Anonymous Coward on Sunday February 23 2003, @01:41PM (#5365518)

    You've got problems!
  • Wow thats insane..i just closed merlin to go on break (free pizza weekend)..and i this popped on on slashdot. Insane!
    • As it turns out, the crackers used social engineering. Among their many exploits [neowin.net] was sending trogan'ed files to support workers.

      Lets hope you don't let that happen.

      You should also read the above link [neowin.net] so you don't get duped.

  • Also in the news ... (Score:5, Funny)

    by BabyDave (575083) on Sunday February 23 2003, @01:45PM (#5365548)

    Guinevere compromised. Faulty key mechanism in chastitybelt.dll blamed.

  • hmmm... (Score:5, Interesting)

    by jeffy124 (453342) on Sunday February 23 2003, @01:46PM (#5365554) Homepage Journal
    From the Wired article:

    The hack involves tricking an AOL employee into accepting a file using Instant Messenger or uploading a Trojan horse to an AOL file library.

    Sounds like AOL needs to read Mitnick's book - The Art of Deception.

  • wait a minute... (Score:3, Insightful)

    by trmj (579410) <tmacfarlan@noSpAm.gmail.com> on Sunday February 23 2003, @01:49PM (#5365571) Journal
    35 million user's names

    They have ~35 million users, and yet can't make a profit?

    Let's see... ~35,000,000 * $22.99 = ~$804,650,000
    They get that much money each month, and still posted a loss how?

    • Re:wait a minute... (Score:5, Funny)

      by Anonymous Coward on Sunday February 23 2003, @01:53PM (#5365598)
      Posting a loss does not mean that they did not make a profit. It just means that they have good accountants. ;)

    • Re:wait a minute... (Score:5, Interesting)

      by \\ (118555) on Sunday February 23 2003, @01:55PM (#5365616) Homepage
      the way AOL counts users has always bugged me. if i'm not mistaken, the number includes everyone to *ever* sign up with aol. users who cancel and then re-signup are counted twice, etc.

      i hope i'm wrong here, but i remember reading this a long, long time ago.

    • Re:wait a minute... (Score:5, Informative)

      by ceejayoz (567949) <cj@ceejayoz.com> on Sunday February 23 2003, @01:55PM (#5365619) Homepage Journal
      A large number of those users are using the free trial periods, or are existing users getting free service (AOL offers that if you try to cancel - it's actually possible to get AOL for free indefinitely).
    • Sure I'm losing money on every customer, but I'm making it up on volume.

      As I understand it that's the actual business plan of Amazon.

      KFG

    • Re:wait a minute... (Score:5, Informative)

      by Jucius Maximus (229128) <28iw0it02.sneakemail@com> on Sunday February 23 2003, @03:00PM (#5365917) Homepage Journal
      "Let's see... ~35,000,000 * $22.99 = ~$804,650,000 "

      Divide by 7 because you can get 7 usernames for one account. Also keep in mind that many people just coast on the '3 months free' service and then at the end, call to cancel it, and then take another free month when it's offered (so that they don't cancel.) The phone reps get a cash bonus for getting a person to stay with AOL like this.

      Lather, rinse, repeat. Free AOL access for life.

  • the specialized id code is is securid (Score:5, Informative)

    by Anonymous Coward on Sunday February 23 2003, @01:50PM (#5365576)
    The securid makes it unlikely that anyone was
    able to hack it, at least without physically
    stealing one of AOL's securid cards and the
    pin for that card.

    For others that don't know how they work, the code
    changes every 60 seconds (and is different
    on every card made), and the old code
    is no longer good when the code changes, it
    makes it really hard to bypass without having
    an actual securid card that is valid for
    the system that is being broken into, and the
    proper username and pin for that card.

    • Re:the specialized id code is is securid (Score:4, Interesting)

      by aloisis (652895) on Sunday February 23 2003, @05:36PM (#5366784)
      SecureID is notorious for its clock getting out of synch with the cheap clock in its Secureid cards. To make sure the server clock and clock in the Secureid card stay in-synch, they sometimes set up the server so that the same Secureid number can be used for several minutes, whatever the sysadmin requests, to allow for the drift of the clocks. The SecureID number is in plain text so that someone with a sniffer-type device could sniff a SecureID number and use it for access. To demonstrate how the SecureID card's clock can drift, just place one within the vacinity of a microwave oven (2-3 feet will do) and watch the clock accelerate.

      • Re:the specialized id code is is securid (Score:5, Informative)

        by PeteEMT (92003) on Sunday February 23 2003, @02:11PM (#5365696)
        SecurID is a physical token. it's not something stored in the computer.

        http://www.rsasecurity.com/products/securid/tokens .html

        They come in two forms (at least the AOL ones did when I was a contractor there) A Key chain Fob and one that looks like a Credit Card Calculator.
        If I remember right, the system also automatically marks the login code invalid once a successful login is achieved. So someone can't use a Key Sniffer to steal your code. If you logged in and got disconnected for some reason, you needed to wait for your SecurID to rollover to the next code.
        • It is currentlly still like this, secureid is used for everything, from my AIM logon (and to debunk other peoples theories, AIM file transfers, and direct connects only work internally to corp machines, no external networks machines can use the file transfer service, so no trojan could have been installed... email is another story though)... To email.

        • Re:the specialized id code is is securid (Score:5, Insightful)

          by Grax (529699) on Sunday February 23 2003, @02:34PM (#5365796)
          I understand how SecurID works. My point is that if you have remote control of a machine that is logged in and not disconnected then it doesn't matter how secure SecurID is. It is much the same principle as logging into a machine with your SecurID and then going for coffee.

          I am not claiming at all that the article is actually accurate as it offers no proof and no reliable sources. But, it is theoretically possible to take over a machine where the SecurID has already been entered and cause havoc.
  • We have 'private' networks. Hackers etc. can't get into a network that isn't connected to the outside world. Yes, it's a little simplistic, but if you're going to have sensitive information used by internal processes (ie: billing), then why do these servers need to have any kind of exposure at all? Keep the web servers in the DMZ, everything else out.
    • Did you read the article?

      They tricked/convinced/conspiderd with AOL employees (those hooked to internal, and external networks at once) into accepting and running a trojan, that would act as a gateway between AOL's systems and the outside world while idling on IRC..

      This is how most DDOS bots work, I guess they just took it one step further.

      Disclamier: I could be wrong, IANAAH (I Am Not An AOL Hacker), this is just what I got out of reading the article.

  • Social Engineering more than hacking (Score:5, Insightful)

    by peterdaly (123554) <petedaly&ix,netcom,com> on Sunday February 23 2003, @01:54PM (#5365611)
    While many of these hacks utilize programming bugs, most hackers are finding it far easier and quicker to get access or information simply by calling the company on the phone. These so-called social engineering tactics involve calling AOL customer support centers and simply asking to have a given user's password reset. Logging in with the new password gives the intruder full access to the account. In a telephone interview, two hackers using the handles Dan and Cam0 explained that security measures (such as verifying the last four digits of a credit card number) can be bypassed by mumbling. A third hacker, using the name hakrobatik, confirmed the mumbling method.

    This article is more about social engineering than about the AOL break in. This is odd, if this were true, I would expect a much different type of artcle to be on the lead edge of the breaking news like this. I don't know if this is true or not, but the Wired article does not really have a whole lot of meat with it.

    -Pete

  • Credit Cards doomed to failure (Score:5, Interesting)

    by 0x0d0a (568518) on Sunday February 23 2003, @01:59PM (#5365637) Journal
    It's a given that at some point, given the potentially *massive* financial benefits inherent in compromising CC databases, that CCs must go away. They're totally inappropriate for today's society.

    The only question is how much money CC providers and companies are going to lose before moving to smartcards that authorize payments on a per-transaction basis.

  • Some info on the subject (Score:3, Informative)

    by Anonymous Coward on Sunday February 23 2003, @02:00PM (#5365640)
    Merlin is AOL's internal tool for keeping track of customer records. It only operates from the AOL LAN. However, this is defeated with a simple TCP/IP redirector. The security code is a SecurID code. It changes every 60 seconds, but its pretty useless if you social engineer someone into giving you the code. Same deal with passwords. The real hole here isn't any technical measures, but the complete fucking stupidity of AOL employees.

    Oh yeah, this has been going on repeatedly since at least 2000. However it gets media attention very infrequently, but the problem was always there, and always exploited.

  • Lose-Lose (Score:5, Insightful)

    by sebi (152185) on Sunday February 23 2003, @02:00PM (#5365641)

    If this is true. Well--that's bad. If it isn't then that's even worse. I read the register piece before I followed the link to wired. I know nothing about the possible security measures and exploits that could have been involved in this. And that is exactly the point. From what I read all information that wired really had, was the claims of some self-declared hackers and the statement of some security expert.


    If that is enough to get an article like that one published--then why bother to actually try to hack/social engineer/whatever into the AOL database. Just claim something and watch the bad press hit AOL. I never used any of their products (well apart from iChat that kinda ties into their IM-network), but they are in enough trouble as it is. In this case there is such a thing as bad publicity. I am appalled by an article that consists of a whole lot of nothing and ends with "You see all those commercials saying AOL 8.0 is so secure," said Dan. "If people knew how insecure their data was they probably wouldn't use it."

  • Can I get that e-mail list? (Score:5, Funny)

    by Cyclone66 (217347) on Sunday February 23 2003, @02:02PM (#5365653) Homepage Journal
    I'll finally have a complete killfile for usenet!

  • Sanctimonious Tech Bigotry at Inquirer (Score:5, Insightful)

    by reallocate (142797) on Sunday February 23 2003, @02:03PM (#5365661)
    In the sanctimonious screed posing as reporting over at The Inquirer we find these completely unsubstantiated assertions:

    >> ...customers will vanish if they feel AOL can't protect their data...

    Nah. Most will stay because the cost and hassle of leaving AOL outweigh the risk they perceive from this alleged breach. ...You won't find many AOL members running firewall software...

    No, and people who use computers ought not to have to fuss about with building their own firewalls in order to have a modicum of security. Firewalls and other security-related code ought to be buried deep inside any consumer OS marketed for use on the Internet and their configuration ought to be done at a level of abstraction that requires no techncal knowledge.

  • this happens all the time (Score:5, Insightful)

    by mix_master_mike (540678) on Sunday February 23 2003, @02:10PM (#5365693) Homepage

    Some of you may recall this interview [slashdot.org] from a while back - I used to be an AOL nerd back in the day and I know a few of the kids mentioned in the articles (and I think cam0 is 15 now?) - anyway.. from what I can recall alot of the 'hackers' (script kiddies, whatever) would simply use extreme social engineering tactics, as these articles explain, to get whatever they wanted. As the amount actual bugs of the systems would dry up (your basic token bugs, invokes, problems with the systems themselves) alot of the 'hackers' would have to figure out other ways to get in.

    Getting past sID - this is not that big of a deal, while it's not that easy to do as long as you con the right person and you get lucky with the timing your all set. Once you have complete access to their internal system you will have no problems getting them to toss you their current number..

    the only non-realistic part of the articles I read were regarding how many attackers utilize programming bugs - there are far fewer now then there used to be..

  • Not too likely (Score:5, Insightful)

    by island_earth (468577) on Sunday February 23 2003, @02:14PM (#5365719)

    Neither the Inquirer article nor the Wired article shows any evidence that an actual break-in occurred. Of course an occasional account may have been compromised... big hairy deal. But nobody provided any proof that even a noticeable percentage of the 35 million (active or inactive, whatever) accounts has been touched.

    The Wired article quotes sounded like a bunch of script kiddies, probably with their own AOL accounts, were making things up to sound important. (What? Online sources telling lies to seem cool? No way!) No evidence was provided in either article, and given the obvious safeguards (of which SecurID is a good one) it sounded like so much bull.

    This all sounds like a standard "AOL sux!!!" kind of posting, elevated to seeming respectability by badly-researched articles in the almost-mainstream media.

  • I'm doubting they got into Merlin with this method (Score:5, Informative)

    by scrain (43626) on Sunday February 23 2003, @02:19PM (#5365731)
    disclaimer: I worked at AOL for 5 years... i'm pretty familiar with the system under discussion.

    One thing that hasn't beem mentioned is that the SecurID system also requires a pin number to log in, and employees are strongly trained not to give that to anyone.

    Also, Merlin requires a special client, that would be a bit hard for someone using a man-in-the-middle attack to enter information into and/or see the results of.

    As for the social-engineering aspect, people have been doing that all over the world, for centuries. Only a few of them are called hackers. The rest are called journalists.

  • Oh, wired... (Score:5, Insightful)

    by Ravagin (100668) on Sunday February 23 2003, @02:20PM (#5365739)

    Please note that all the sources in the article are "hackers." Yet Wired reports it as _fact_ when they have no official confirmation or hard evidence. I guess a publication like Wired doesn't have very strict journalistic standards about news, but still... this is an instance where you use words like "alleged" and "claim."

  • Implausible (Score:4, Insightful)

    by Gyorg_Lavode (520114) on Sunday February 23 2003, @02:23PM (#5365745)
    I agree that it sounds implausible. I'd think first, as the register states, that getting the hardware generated key would not be possible by the means outlined and second, that AOL would have a firewall on their internal network capable of blocking most trojan's. Also, you'd think that AOl would monitor port use by programs so as to know if someone was having a little too much fun online.

  • Many things "MAY" have happened... (Score:4, Funny)

    by microTodd (240390) on Sunday February 23 2003, @02:30PM (#5365783) Homepage Journal
    "AOL's central customer database, Merlin, may have been been compromised"

    What a stupid comment. In other news...

    "Aliens MAY have invaded Italy..."

    "Saddam Hussein MAY have a gay lover..."

    "I MAY have sex with Liv Tyler tonight..."

  • What merlin looks like (Score:5, Interesting)

    by seeksoft (579626) on Sunday February 23 2003, @02:32PM (#5365789)
    Here, i copied this html for a friend a few days ago. Merlin @ opsec [aol.com]
    • Checking out the parent webpage: http://members.aol.com/eeyore10289/ I find all sorts of imitation AOL pages asking the user to enter credit card numbers, usernames, passwords, etc.

      So, how long have you been ripping off AOL customers?
      • Yup, and it looks like the nice friendly AOL folks just nuked everything in Mr. Eeyore's home directory there. I'm sure he'll have some nice friendly men in black suits showing up at his door in a few hours, and then he'll have some explainin' to do to his mommy and daddy.

  • You Asked for proof (Score:5, Informative)

    by JacobD (454288) on Sunday February 23 2003, @02:39PM (#5365817) Homepage
    Hi,

    You all wanted proof that the hack was done. We're carrying that proof on Observers.net [observers.net]. Check out the first story and that will give you all the proof you need that the hack was done.

    The other news places (The Register, The Inquirer, and Wired) were not able to provide the proof that we have.

    Jacob
    Observers.net

    • Why don't you provide proof then? (Score:3, Insightful)

      by Anonymous Coward
      And screenshots are definitive proof of... having screenshots? Perhaps an ex-AOL employee took a couple screen captures before leaving and later posted them online. And as for the further "proof", all I see is a bunch of HTML pages which someone could have done in Notepad.

      If you really want to show proof, how about listing Steve Case's information? Or why not ask someone to supply an AOL ID and you can post the complete account details the next day? Chances are, you're not able to do that because this is just stupid script kiddie posturing with no substance.

  • Expect the worst, have damage control ready (Score:3, Insightful)

    by bigberk (547360) <bigberk@users.pc9.org> on Sunday February 23 2003, @02:39PM (#5365818)
    A reminder about security in general. No matter how many precautions you take, there's always a chance that somebody is going to get into a system. By taking advantage of human weaknesses or lapses in judgement, for instance.

    So it's always prudent to diversify and isolate systems to minimize disaster upon intrusion into one system. And always invest in a good damage control plan :)

  • Secure both from outside and within (Score:3, Interesting)

    by Xipe66 (587528) on Sunday February 23 2003, @02:57PM (#5365897) Homepage Journal
    I work for a _large_ games and betting company, somewhere in Europe. Apart from having firewalls in front and behind the Internet-servers, we also have firewalls that separate the employers network from the databases. I.e. we have three layers of security, and the only way to get through to the databases (where we have even more protection, just like AOL) would be to get access to a internet server and then try to get through three layers of passwords just to be able to _read specific_ user accounts.

    More or less impossible. And I can't imagine that AOL (stupid as their users may be) don't have something like this aswell... WHY ON EARTH would the internal network go staight to their extremely valuable databases?

    Most companies keep "mock up" systems for development, the actual production systems aren't accessible to anyone, basically...

  • The Art of Deception (Score:3, Funny)

    by mackman (19286) on Sunday February 23 2003, @03:30PM (#5366113)
    FBA agents recovering evidence from the 15 year old cracker's "apartment" in his parents' basement, found a copy of The Art of Deception by Kevin Mitnick, who was prompty returned to solitary confinement while authorities make up a reason for his arrest.
  • I'm glad this story is getting picked up in so many places, but I do want to clarify a few things for those who either don't believe this attack is possible, who think I simply wrote it based on a few script kiddies' comments, or who simply don't understand how journalism works.

    Yes, I was given substantial proof of the attacks. But my job as a journalist is not necessarily to PROVE that anything happened (that is what lawyers do) -- you'll note perhaps that Woodward & Bernstein's takedown of Nixon was initially based entirely on one man's tip in a Beltway parking garage. It all has to start somewhere.

    So I merely collect evidence and present what I have. It was completely credible in this case. In fact, I called AOL five times to get their side of the story. They refused to call me back. But YES, the proof does exist. In fact, observers.net posted some of it here [observers.net]. You can dig around to find their full story on the subject, which goes into greater depth than I had the luxury for at Wired -- which is a general tech news site, not a how-to site for hackers and wannabes. In any event, you will notice that AOL has not refuted the claims in any forum. I honestly have no doubt about the authenticity of these claims after seeing the information provided to me. It's now AOL's turn to either come clean about the attacks or say they didn't happen. Since AOL is afraid of negative publicity, they are trying to keep things quiet. This is not apparently working...

    Originally I had hoped to interview the unnamed 14-year-old hacker for my story (which was intended to be mostly about the Merlin break-in) but he balked out of fear of prosecution (he was later interviewed for Observers.net and privately apologized to me for not doing the interview). Hence I focused on the myriad other recent hacks (Japan Webmail, the mumble method, screen name thefts) that AOL has been hit with as well.

    Regarding the breaking of SecurID -- if a hacker can call up a rep on the phone and get him to reveal his name and password, it seems pretty plausible that you could get the SecurID code as well. Disgruntled insiders also provide this information readily to their pals on the outside. Of course that's all in the story...

    Anyway, if any AOL users are convinced their data is secure I'll be happy to pass along your screen name to the people in question...

    Cheers.

  • A/S/L?!? (Score:3, Funny)

    by Munra (580414) <slashdot@jonatha ... o.uk minus punct> on Sunday February 23 2003, @04:18PM (#5366344) Homepage
    A user id/Specialised ID code/Lame couple of passwords?!!?!

  • Merlin doesn't exist (Score:5, Interesting)

    by fafalone (633739) on Sunday February 23 2003, @06:11PM (#5366976)
    According to the last AOL support rep I talked to on the phone. According to them, AOL has never had an exploit resulting in compromising member information. Incidently, I was calling to report an open exploit that resulted in my information being compromised. They told me it was impossible. I explained to them, in detail, how the exploit worked. Nope, apparently it was still impossible. So I asked to be put through to operations security (opssec). I was told it didn't exist. I even pointed out a page on their website that mentioned it. Nope, doesn't exist. Quite fed up with this robotic imbecile, I asked to speak to a supervisor. The supervisor (this is in the fraud department, by the way) explained that they were trained to deny that AOL had any flaws. Interesting. After realizing the supervisor also had no idea what they were talking about, I requested to be put through to opssec. Well, the supervisor at least acknowledged its existence, but refused to put me through, despite the fact that I had very important network security information. In so many words, I was told they didn't care that my information was compromised.
    Soon after this, I cancelled my account. Not only did they charge me for 2 more months, but they charged me the dialup rate (I was BYOA). So I called them up, quite pissed off, and asked for the charges to be reversed. I was then told my account was still active. At this point, I explained to the incompetent billing employee how to use Merlin to pull the fraud record of the account termination. The charges were subsequently reversed.
    My experience gives new meaning to the phrase "AOL sucks"

    • Re:Merlin doesn't exist (Score:4, Insightful)

      by Reziac (43301) on Monday February 24 2003, @10:52AM (#5370498) Homepage Journal
      This is from a usenet post of just last week, so take that for what it's worth, but the poster is normally a reliable enough sort ... anyway, this is a complete quote of his post:

      ************
      I used to work for AOL tech support as one of their trained monkeys for a while. There are a few things to keep in mind when dealing with them:

      Most of them (the techs) are NOT idiots. However, most of them think that the AOL customer base ARE idiots.

      The mission statement for AOL tech support is : Free AOL tech support - You get what you pay for - Call us, we will give you a fish... (you have to understand the old saying about giving a man a fish/teaching a man how to fish story)

      They use a case based software called Sherlock which is notoriously lacking in options. Most questions that they handle are so well known that the tech can handle it without sherlock, however, this sabotages the Sherlock program. The whole setup is designed to fail spectacularly while being held together by a few knowledgable floating expert individuals.

      These same floating experts double as whip wielding task masters, along with the supervisors, and other narcs, who wander around the phone floor enforcing the use of sherlock and the 3 minute time limit.

      AOL tech support, does not have solving the customers problem as it's goal. Pleaseunderstand, that solving your problem when you call has absolutely NO VALUE.

      The IDEAL revenue call is a call that is handled in exactly 3 minutes, which results in a positive step in sherlock giving ONE of many options - then results in a negative experience for the customer - prompting a return call in about 10 minutes - to another tech, who then gives the NEXT solution via sherlock - which ideally will fail - on and on until either sherlock runs out of options, (prompting for one of the floating experts to
      actually solve a problem, or shifting blame onto either a virus, the manufacturer of the hardware, drivers, etc...) or a final solution (usually a reinstall) and a grateful customer being transferred to another revenue partner, like a rent a car agency, or a cable modem installer...

      The ONLY value that any call has is that it is handled in an average of 3 minutes. This is known on the floor as Dumping... You give them one possible solution, then ask them to try it and call back if it doesn't work - you then cross your fingers and hope that YOU don't get them back. All while attempting to sell the illusion that you are an expert and are not merely reading a dialog off a computer screen. As I said above, it's trained monkey work.

      With that in mind, you can see why AOL tech support likes people with a minimum of knowledge working on the phones. People with actual extensive computer experience suffer from the "fix it" syndrome. Especially when sherlock cannot give you another option to Dump the customer with.

      The very worst thing that a tech can do, is attempt, with his own knowledge and experience, to actually explain why and how and fix your problem, especially because usually the problem is directly related to the stupidity of the customer. It is not unusual for the customer to reveal that they have 30 - 50 tray icons running!!

      People with a minimum of knowledge can accept the illusion that sherlock is actually giving good advice and can sell it convincingly as tech support. An actual trained computer tech/software repairman/programmer - usually cannot if he is honest.
      ***********
      [end quote]

      The sad thing is, it's not just AOL ... this is the future of tech support everywhere. :(

    • Re:you won't see me crying (Score:5, Interesting)

      by Anonymous Coward on Sunday February 23 2003, @01:52PM (#5365590)
      Nobody "DESERVES" to be defrauded when doing business with a legitament company. That 70-year-old couple who just gets on long enough to send email to their grandchildren, who got AOL simply because they got the installation CD in the mail, they deserve a few hundred dollars of fraudulent charges?

      AOL markets almost exclusively to the technophobes who either don't know or don't care enough about computing to spend significant time shopping for an ISP. To them, the computer is an appliance; AOL is effective at distributing their product for that appliance.

      Get off it. AOL sucks for us slashdot people because it's not a product designed for us. Until MSN or Earthlink or the myriad of other "simple/easy" ISPs start unloading millions of CDs on an ignorant population, it will continue to be the dominate choice.
    • It's an IT site run by a former editor from The Register. Neither is particularly reliable, but they both make entertaining reading, and one can often get an idea of what might really be going on after filtering out all the bullshit rumors.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.