Show FAQ
Close (X)
Close (X)
Close (X)
Close (X)

LIVE CHAT

Props/Quotes

- - Offline
Wai
- - Offline
Randall
- - Offline
Yajun
- - Offline
Ling V

Admin

- - Offline
Guy
- - Offline
Holly
- - Offline
Jon
- - Offline
Adrian

Aftersales

- - Offline
Ling V
CAR LEASING
Want a cheap
new lease car?

Start HERE!


Cheapest Car Leasing CHAT
My Customer Letters!
My Fun Pages!
Read All About Me!
Note: I live inside this website Monday to Friday 9am-6pm, to give you the very best service and make your experience a happy one! - I am Ling, accept no substitutes
Car LeasingCar Leasing
Vote for your favourite motorway sign message!
Version 237.1.
You can trust me! ... In 2010 I rented over £35million of cars (at RRP).
Spacer
Spacer
CAR LEASING - CONTRACT HIRE - CHEAP LEASE CARS
Home
Cars and Vans
How It Works
Price Lists
About Ling
 Customers
Fun Stuff
Quote/ Order
 
Customer Maps Customer Letters (1528) Customers Live in Process Website Comments Customer Poetry
Customer Complaints Customers' Driving Licences Customer Stats CUSTOMER LINGO SYSTEM LOGIN Insurance Car Updates E-MAIL SCAM Husband Scrappage Allowance DIY Credit Check

Loading...

The twitter pigeon is loading "LINGsCARS"
LIVE + KICKING twitter feed... WAIT!

New!
Intro Film News Blog Office TV Contact Moan Links Play Quiz Privacy Policy Google Visitors
Ling Valentine Quote Quote Apply for Quote DRAGONS' DEN

Richard Farleigh - "I wanted to invest; I was amazed by Ling's
complete lack of nerves, and also by her business acumen."

Duncan Bannatyne - "I wanted to
invest... but ye turrn'ed me dooon!"

Deborah Meaden
"Harrumph! I'm out!"

UK WARNING: Customers reporting many other internet prices hiding true lease costs! Beware dodgy companies selling high initial rental "6+" leases
Ling Valentine is Viz's Official Ethnic Business Ambassador Play stupid crash game! Cheap insurance Google Spider Google Spider
Food --->
Google Spider Food

View LIVE visitors: 11 online

 
Hi! I am Ling Cheap Car Leasing - WAH! from Dragons' Den. I lease cheap new cars!
UPDATE... The latest car I've added is a Nissan Qashqai 1.5 dCi (110bhp) N-Tec + Hatchback 5dr 1498cc Diesel at £295.45 inc VAT at 16:03 on 21st Nov - Ling
Car Leasing Traffic Light
Candybar
I EXPOSE MASSIVE SECURITY HOLE IN SCOUSER EMAIL CLIENT MERSEYMAIL
UPDATE: 12 August 2009
SUCCESS!
MerseyMail has been shutdown, but Connect have still not mentioned the vunerabilities to users and have not warned that they are exposed to hacking!
Click here


UPDATE: 14 August 2009
...OR IS IT?
MerseyMail/Connect deny and lie to users and publicly call me a "hacker"!
Read more here...

7th Aug 2009 - Mersey Mail are tonight exposing THOUSANDS of their Liverpool-based clients to scammers by leaving their customers email accounts open to being hacked. Any intruder who gets a click-through to their website from a MerseyMail customer can IMMEDIATELY access all the mail and information in the private or business MerseyMail account. This security hole probably applies to ALL businesses and private individuals who use Mersey Mail!

I exposed the open-door policy of Mersey Mail when I was monitoring a website customer visiting to check progress of his new car. I always monitor visitors to ensure my car supply (and customers) are not exposed to fraud. For instance, if the customer purports to be British but is logging on from a Russian server, I want to know why!

My customer "George" who is a teacher in a Merseyside college, clicked on a normal email I sent him (he logged on from his MerseyMail account), to let him know he had a new message on my secure LINGO server. But I noticed something was wrong! The customer was passing his session ID and his IP address was not being checked.

By pasting the information into a web browser, I had immediately accessed all George's private emails including a loan application from a major bank, plus details of bank statements and many other messages. I was totally horrified! This is the first time I have seen this back-door access from a private email account.

I immediately phoned the customer to tell him, and also tried to phone Mersey Mail and their parent company. No one was available to speak to me at Mersey Mail despite me telling the receptionist that all their customers are currently exposed to hackers. The problem still hasn't been fixed, so I have informed the police, the local BBC, and informed the Information Commissioner's office.

Mersey Mail are owned by Connect Internet Solutions.com in Liverpool, who claim on their website "To ensure that what we build is best of breed, a solution that is both robust and future-proof." - what a laugh!

Connect claim to be accredited to ISO 27001 in Information Security. That's complete nonsense in my opinion, a first-year student could do better than this! Mersey Mail should be shut down and every customer informed. All passwords and private account details need to be changed, as soon as possible!

My own customer has been totally compromised. It's a good job LINGsCARS.com checks the provenance of incoming customer connections. If I was a scammer, I could have taken this customer to the cleaners. George was checking on his new Nissan Qashqai, but could have ended up being hacked for thousands of pounds.



08 Aug 2009: I have been visited by the Police to help sort this foolish email hosting company out, but it turns out that Connect Internet Solutions.com also built the Intranet for the Serious Fraud Office (below), LOL! What a joke.



The Serious Fraud Office investigates and prosecutes cases of serious fraud in England, Wales and Northern Ireland. It deals with cases of suspected fraud which are complex, require specialist knowledge, are likely to give rise to national publicity and widespread public concern and those having a signifcant international dimension.

Now the SFO can learn that they may be using systems built by fools who allow this very fraud to happen!

The Police now have to go away check their own systems for the same badly-coded bug!!!








THE RESULT:

UPDATE: 12 August 2009
SUCCESS!
MerseyMail has been partly shutdown, but Connect have still not mentioned the vunerabilities to users and have not warned that they are exposed to hacking!
Connect Internet have shut down the service! They say "Due to a technical issue, we will be permanently shutting down the MerseyMail service at 5.00pm BST on Tuesday 8th September 2009."

THEY HAVE DISABLED WEB-ACCESS TO MAIL

Now, the problem is, MerseyMail/Connect Internet have not disclosed to any user the potential exposure of ALL their private documents and sensitive information, or that 3rd parties could have ALREADY accessed all their mail. This means that users are ignorant about taking security measures
(such as changing passwords on bank accounts, and changing login details to private areas they may have mentioned in previous mails) to avoid the use of malicious information that has already been gathered about them, by hackers.


Connect make no reference at all to any SECURITY ISSUES to users, instead they talk about "TECHNICAL ISSUES"

This hiding of problems for MerseyMail users is disgraceful!

THIS PROBLEM WILL STILL AFFECT THOUSANDS OF MERSEYSIDE EMAIL USERS, INCLUDING SOME OF MY CUSTOMERS!

Once sensitive data is lost, you cannot get it back. Plugging the hole is only half the answer. Users should be told!

Connect Internet have a DUTY OF CARE to inform all their customers, in full. I wonder if they have reported the BREACH OF DATA SECURITY to the Data Commissioner?

12/08/2009 - I have contacted Connect Internet AGAIN (never any reply) and said: I notice Connect have shut down MerseyMail service due to my campaign about my customer who was exposed by terrible security, BUT, you make no attempt to disclose to customers the extent of the potential problems. Instead you talk about "technical issues". Customers should be told all their sensitive information has been at risk and may already be in the hands of hackers, so they can take steps to change passwords etc. Can you please let me know you have done this. The notice should also be posted clearly on the MERSEYMAIL WEBSITE. You should offer free technical assistance for users who have concerns. Can you please confirm this has been done and also please confirm that you HAVE INFORMED THE DATA COMMISSIONER of the extent of the problems, the length of time of the problems and the number of users of MerseyMail exposed. You are legally obliged to do this. Please reply with clear answers for me. Ling Valentine



UPDATE: 14 August 2009
OH DEAR!
Connect Internet now lie to users and call me a HACKER! As ever, these inept companies LIE and BLAME others to cover up their own ACTIONS!
Connect Internet issued the following completely inaccurate and plain WRONG statement to their MerseyMail users:




"GENERAL MESSAGE TO ALL USERS REGARDING THE CLOSURE OF THE MERSEYMAIL SERVICE

INCIDENT SUMMARY

A vulnerability has been identified within MerseyMail, possibly affecting a small number of users in a specific set of circumstances. A hacker attacked our system using this vulnerability and then posted a guide on how to do this on their website. We therefore had to respond quickly and, as soon as we were aware of the problem, temporarily suspended the website while we investigated. As a result of this investigation, Connect has taken a business decision to close down the MerseyMail service. We will continue to provide access to any messages within the service using standard mail programs (such as Microsoft Outlook) until 5.00pm BST on Tuesday 8th September 2009, to allow users to retrieve any messages they have stored in the MerseyMail system. The vulnerability has been closed and is no longer exploitable.

Connect has provided MerseyMail as a free service to the Merseyside community for a number of years and hopes that it has been useful to many people in that time. However, we feel that the Web has moved on since the introduction of MerseyMail and there are now many other free e-mail services (such as GoogleMail and Microsoft's Hotmail) which offer many benefits to users. We therefore feel that it is appropriate to close down MerseyMail. Ideally, we would have liked to close the service in a more structured way (indeed as the first step in this process we stopped new registrations some time ago), but the actions of this hacker have made this impossible.

THE VULNERABILITY

This vulnerability could possibly have affected a small number of users in a specific set of circumstances:

1) The hacker must have somehow obtained your MerseyMail "session ID"
2) You would have to had be logged in to MerseyMail while the hacker was trying to gain access to your account
3) Even if you were still logged in, you would have had to have been active within the "session timeout period"

The hacker only has a few of ways of obtaining the "session ID". They can somehow see it in your browser (e.g. if you send them a screen shot including your browser's address bar) or they need to own a web server and actively obtain it from within their system.

If a hacker were to have obtained such access to the system, they would have only been able to access information about that user. They would not have been able to access information about other users.

Connect is not aware of any active attempts to exploit this vulnerability. The only known exploit has been the original hack mentioned earlier.

SENSITIVE INFORMATION

Although there is only a small possibility that your e-mail could have been seen by someone and we have no evidence of that being the case, as a precautionary measure we would suggest changing your password on any account where your current password has been sent to your MerseyMail address. This could be for a forum, or some other type of site requiring membership.

This is only an issue if you received an e-mail including your password in plain text and you have not changed the password since then. It will not affect you if the e-mail was an "activation e-mail" which did not contain the password or if you have subsequently changed that password.

We are really sorry for the inconvenience this has caused, however we feel that this is the appropriate course of action.

mail.team@merseymail.com"


***NOTE: they send and have a reply address to a "closed" service - utterly stupid - Ling




So now I am "a hacker"!!!

Let me deal with this, and these fools and idiots at Connect.

I am not a "hacker". I am a website owner who sells cars. I have a fantastic personal reputation as anyone can see by reading the 1,350 customer testimonials on my website here: CUSTOMER LETTERS.

MerseyMail freely and knowingly passed MerseyMail user session IDs to websites (being visited by MM users) when links to websites were clicked through in emails, and did not check IPs if the session IDs were used by the website to gain reverse access to MM user email accounts.

Connect (aka MerseyMail) gave away the entry key to users email accounts in a widespread fashion and did not (and were not planning to) inform users until I blew the whistle.

This does not make me a "hacker". Their use of the term is completely incorrect. Connect were acting as if they were like the Royal Mail posting your front door key to any business that send you a letter to which you respond.

If I was a "hacker", the police would have arrested ME. Instead, I am the complainant! Connect's choice of language is astonishing. It is CONNECT who were the subject of police action!

This whole saga is completely and utterly a faux-pas by Connect. A shooting in the foot by them. It was an own-goal in football terms (people in Merseyside will get that).

Now, Connect are lying. I deal with their points - It is not "affecting a small number of users in a specific set of circumstances" it is affecting EVERY user in a very common circumstance. They are being blatantly disingenuous and are misleading.

What they should say is:
"Connect have been giving away your privacy every time every user clicked a website link in an email"

Damn right the actions of the "hacker" (ME) caused them to shut down the service in an "unstructured manner". The service was giving away every user's full personal information! How long would they have allowed this to continue in a "structured" manner???

One question is, how many of their users have been exposed to abuse and invasion of privacy and malice by Connect's criminal condoning of this vulnerability?

Yes, it is criminal. It is a criminal offence under the Data Protection Act.

I did not "somehow" obtain the session ID. - Connect gave it away in plain text with the click through.

It is true that you would have had to have been logged in (ie the session still active), But, knowing the vulnerability, this would have made it easy for criminals. It is easy to act while people are still logged in. Few people click links and then close the program immediately. You click to a website and keep your email program OPEN, to read other messages. Once I logged in, I took over the session, the user could have logged out and I would have still been inside, squirrelling away.

As any link to a website goes to the website owner's server, every website visited can grab the plain text session key (and plain text username). It is easy. Connect make it sound unlikely. It appeared in front of my eyes like a neon sign saying "rob me, come on in"!

True, the intruder could only compromise (the whole email account) of one user at a time. Connect are saying "don't worry, the malicious intruder can only break into YOUR house".

Users will have to change (or should change) lots of passwords to different services. As many people tend to use the same password for many services, giving a thief a good guess at what password the user has for everything, Connects statement about passwords is false. It would only be true if users used unique strings for every account password of theirs. People do not act in that way. We all know that.

Also, an intruder can read ALL user mail, see what you services you are signed up for and hammer away at them all, if they know one typical password.

The intruder can also access a user's whole address book, raising the issue of the heavy use of MerseyMail by schools and kids.

In their statement Connect are utterly and irresponsibly minimising the danger to users.

I will say to Connect, you are acting diabolically. I am that "Hacker". Come and get me arrested!!!!

The problem Connect have, is that the police decided Connect were in the wrong and went and knocked on THEIR door, not mine.

I disclosed everything, immediately, to a) the MerseyMail user, b) Connect (who ignored me), c) the police, d) the BBC... all to cover myself, as well as e) on my website here www.lingscars.com/merseymail.php , and f) here on this Liverpool community forum, as well as on my blog and on Twitter. I was completely open.

Questions:

1. Have they informed the Data Commissioner of the scale and their complicity in this scandal?

2. When will they tell the truth to users, including saying that there was no "hacker" in this instance and that the police told CONNECT to close the service down, it was so bad?

3. When will they say it is widespread and happened with EVERY click through, therefore EVERY user has MASSIVE risk?

4. When will the Managing Director/CEO of Connect resign?



There is a full thread to read on Liverpool community forum Yo! Liverpool





lingscars.com
CLICK! See 227 clients live in LINGO!
Live!!
CLICK to VIEW!
Online Service
Response Times
Quote > Proposal > Order > Delivery
 
75 CLIENTS IN 'PROPOSAL'
...LING REPLIES IN:
  HRS : MINUTES sec  
 
152 CLIENTS IN 'ORDER'
...LING REPLIES IN:
  HRS : MINUTES sec  
Lingscars.com Limited (GB)
Customers use my secure LINGO management system.
Response times above based on last 4 hour period between
9am - 6pm, Mon to Fri
-Ling
WOW! UK's best service times!
No Waiting
lingscars.com
Hello, hello! This is me!
Don't run, little customers! I'm friendly...
I am the Viz UK business ambassador!
Post me Ferrero-Rochers! Yum Yum!
Unlike most other internet car leasing sites, I publish all my contact information openly!
...so, you know who I am
- Ling


THE UK's FAVOURITE
CAR LEASING WEBSITE!

The UK's FAVOURITE car leasing website
The UK's FAVOURITE car leasing website
Boss: Ling Valentine MSc IoD
LING World Headquarters
Vance Business Park
Gateshead, NE11 9NE
Tel 0191 460 9444
Fax 0870 486 1130
sales@LINGsCARS.com
I prefer email to phone - Ling
VAT No: 866 0241 30
Co Reg No: 6178634
Consumer Credit Licence: 663330
Data Protection No: Z1098490
Best Before: 17/08/2007
LING World HQ
People's Republic of Gateshead!

 
Spacer

Latest BBC NEWS from LING in CHINGLISH!

Wah! LATEST:  Looking at story behind image by Carl Court of student protest in London. Sweet sour chicken feet time! - news replorted 04:12



Wah! LATEST:  The removal of Mong Kok activist camp by authorities means protests in Hong Kong continue in just two sites. Eating rice!! - news replorted 04:09



Wah! Poor levels of literacy behind many social problems, lah, but how can issue be tackled? - news replorted 04:08



Wah! Tackling foe online is key for modern counter-terrorist operation, lah, says Gordon Corera, lah, but there concerns over free speech. - news replorted 04:06



Wah! Was book by JB Priestley responsible for stereotype? - news replorted 04:01



Wah! Do sets designed by Lego discourage imagination? - news replorted 03:56



Wah! Video bloggers being told they need to be completely clear about when they being paid to promote products. Eating rice!! - news replorted 03:47



Wah! Can younger women change our politics and influence election? - news replorted 03:17



Wah! Young human bliengs will be able to gain full honours degree while earning wage and paying no fees, lah, under new scheme. What the hell I mean??!! - news replorted 03:11



Wah! The Australian drummer of rock group AC/DC briefly appears in court in New Zealand, lah, arriving late, lah, to face charge of threatening to kill. You understanning yet? Paying more attention! - news replorted 02:53



Wah! A new species of horned dinosaur is identified from fossils held in Canadian museum for 75 years. Eating rice!! - news replorted 02:47



Wah! More than 80 human bliengs arrested overnight in Hong Kong after clashes sparked by removal of protest camp in Mong Kok. What you wan'?!! - news replorted 02:35



Wah! Older human bliengs who regularly using internet and take part in cultural activities may be better equipped to keep on top of their health, lah, research suggests. Eating rice!! - news replorted 02:32



Wah! The team behind portable eye examination kit that uses smartphones is crowdfunding to raise funds for its new innovation. Sweet sour chicken feet time! - news replorted 02:30



Wah! Sony Pictures, lah, movie distribution arm of Japanese consumer electronics giant, lah, has been target of cyber attack. What you wan'?!! But there few details. Eating rice!! - news replorted 02:10



Wah! Performance poet on stage with ventilator - news replorted 01:59



Wah! David Cameron should not propose caps or quotas on EU migration to UK, lah, Deputy Prime dodgy minister Nick Clegg says. Eating rice!! - news replorted 01:36



Wah! Schemes to tackle climate change could prove disastrous for billions of people, lah, but might be required for velly damn good boiled chicken-feet of planet, lah, scientists say. You give me happy happy luck luck. - news replorted 01:12



Wah! Ministers risk racking up multi-billion pound bill if IT systems to run their flagship benefit reform not introduced on time, lah, watchdog claims. Eating rice!! - news replorted 01:05



Wah! How celebrated artists bear witness to human suffering - news replorted 00:59



Wah! Children being put at risk because of deficiencies at Child Exploitation and Online Protection Centre, lah, ex-staff tell Bloody Bloardcasting Corporation Newsnight. Pass chopsticks!! - news replorted 00:56



Wah! Wednesday's big story in newspapers is over criticism by Membling Partiamentary expense cheaters that Facebook did not alert security services to terror threats made by one of killers of Fusilier Lee Rigby. You give me happy happy luck luck. - news replorted 00:48



Wah! New measures to tackle terrorism to be published by home secretary, lah, days after bloody woman said bloody annoying Blitish faces "greater" (Ai-yaa!!! Bloody Bloardcasting Corporation quotee-quotee!) terror threat than ever before. What the hell I mean??!! - news replorted 00:38



Wah! The Great Satan state of Missouri orders 2,200 National Guardsmen to Ferguson to quell unrest after old bill bobbys officer was cleared over killing of Michael Brown. Sweet sour chicken feet time! - news replorted 00:37



Wah! The majority of stop-and-searches conducted by old bill bobbys ethnic minority Scottish-fried-Mars-bar-land having failed to find any illegal items in recent months, lah, it emerges. Eating rice!! - news replorted 00:24



Wah! Six World fighty bang-bang One battlegrounds in unexpected places - news replorted 00:23



Wah! Plans for alternative to council tax expected to be at core of First dodgy minister Nicola Sturgeon's plans for coming year. Hahahaha! Laughing like bloody hell! - news replorted 00:21



Wah! How militants trusted this man with their deepest secrets - news replorted 00:20



Wah! A "toxic" (Ai-yaa!!! Bloody Bloardcasting Corporation quotee-quotee!) and "aggressive" (Ai-yaa!!! Bloody Bloardcasting Corporation quotee-quotee!) culture inside banks will take generation to change, lah, according to report from Cass Business School and New City Agenda. Ai-yaa!!! - news replorted 00:08



Wah! A PhD student from Brunel University London (capital of Great England) has saved himself ĀRMB Yuan #100,000 by 'hacking' male gender human bleing's own kit. Pass chopsticks!! - news replorted 00:07



Wah! Can schools with iPads protect future of language? - news replorted 00:05



Wah! The government is failing those with learning disabilities by keeping them in hospitals far from home for too long, lah, report commissioned by NHS (wonderfulling free human fixing service) Province of Engrish running-dogs says. Eating rice!! - news replorted 00:04



Wah! Secretary of State Theresa Villiers says chances of clinching final deal at Stormont inter-party talks look slim. I plant rice to honour ancestors for you! - news replorted 00:02



Wah! Calls for extra money for NHS (wonderfulling free human fixing service) in Province of Engrish running-dogs intensifying after latest figures show deficit is growing as performance deteriorates. Eating rice!! - news replorted 00:00



Wah! A new initiative in San Francisco offers city's homeless population mobile showers and toilets in converted bus. Eating rice!! - news replorted 00:00



Wah! The government calls on Fifa to publish in full investigation into 2018 and 2022 World Cup bidding process. Eating rice!! - news replorted 00:00



Spacer
5 Titanic Cars
Sky
Top 5 Car

1.6 BlueHDi 100bhp 5dr
diesel, man, met
Citroen
C4 Cactus
Grass
Click Here
£223.27
per month, inc VAT
Sky
Top 5 Car

2.0 TDI 190bhp 4dr
diesel, man, non-met
Audi
A6
Grass
Click Here
£337.87
per month, inc VAT
Sky
Top 5 Car

1.6 VTi 120bhp 3dr
petrol, man, met
Citroen
DS3
Grass
Click Here
£288.00
per month, inc VAT
Sky
Top 5 Car

1.6 i BlueE... 153bhp 2dr
petrol, man, met
Mercedes
C-Class Co
Grass
Click Here
£348.30
per month, inc VAT
Sky
Top 5 Car

2.2 d 160bhp 4dr
diesel, auto, non-met
Jaguar
XF
Grass
Click Here
£390.00
per month, inc VAT
Titanic
Spacer
LINGsCARS customer mosaic!
Spacer
Ryanair
Spacer
Bottom trumps. Play me! Can you win???
PLAY BOTTOM TRUMPS!
Spacer
Live Google
Spacer
FREE Badge
...get a FREE BADGE!
Collectors item - FREE!

APPLY NOW!
Spacer
Traffic
Spacer
Contact Ling
Spacer
Nuclear Truck
My Nuclear
Missile Truck
Spacer
Portrait
Spacer
LINGsCARS is verified by Norton Security
Spacer
Duncan Bannatyne
Spacer
Titanic
Spacer
As seen on TV
Spacer
Extra Cheap Cars
EXTRA CHEAP
CARS
HERE
See 30 cheapest cars!
Spacer
Play Ling's quiz
Win!
Play my brilliant motoring quiz!
Spacer
Free Delivery
Spacer
Dragons' Den
Spacer
Webcams
Spacer
Honest John
Spacer
Honest John
Spacer
Not sponsored by


...don't do lease cars, but if they did, they would be done like this - Ling
Spacer
Tyres
Spacer
Want a Quote?
Spacer
Ling's Awards
Spacer
Spacer
Viz
Spacer
FREE Badge
...get a FREE BADGE!
Collectors item - FREE!

APPLY NOW!
Spacer
Auto email updates
Car update me!
Get my latest EMAIL car updates!
Spacer
LIVE customers
Click to see my LIVE lease car customers! - Ling
Spacer
Workers
Spacer
As seen on TV... Plus over 30 movies!
Spacer
KFP
Spacer
Ling's Awards
Spacer
Traffic
Spacer
Duncan Bannatyne
Spacer
Nuclear Truck
My Nuclear
Missile Truck
Spacer
Extra Cheap Cars
EXTRA CHEAP
CARS
HERE
See 30 cheapest cars!
Spacer
Workers
Spacer
As seen on TV... Plus over 30 movies!
Spacer
Live Google
Spacer
/* */