Sounds like scaremongering (or just a rather poor hoax) to me.
Ask em for *proof* such as your username/password that they say they were
able to view.
If they won't/can't provide forward the email to ihugs mail abuse team ;)

Lance

----- Original Message -----
From: "Zsolt Brandt" <zsolt.brandt@xtra.co.nz>
To: <adsl@lists.unixathome.org>
Sent: Wednesday, June 19, 2002 7:38 PM
Subject: FW: Your Jetstream/ADSL connection is NOT secure

> hey has anyone else seen this? was in my mailbox this evening. we all
> know there are simply things we can make our routers more secure. does
> anyone know if this is legitimate or someone;s idea of a scaremongering
> hoax? cheers, Zsolt
>
> -----Original Message-----
> From: File-IT Software Productions Ltd [mailto:file-it@ihug.co.nz]
> Sent: Wednesday, 19 June 2002 01:25
> To: file-it@ihug.co.nz
> Subject: Your Jetstream/ADSL connection is NOT secure
>
>
> Hi there,
> I feel it is appropriate to inform you that your Jetstream/ADSL
> connection is not secure. Let me give you an overview of the security
> problem;
>
> As you should know, your adsl modem/router has a webpage type
> configurable screen this is accessable from your local network by typing
> something such as http://192.168.1.1 in your browser, where the
> 192.168.1.1 is the IP address of your router on your local network.
>
> You have been sent this message because we HAVE been able to connect to
> your modem from an external connection and view ALL of the configuration
> information on your modem. This includes the login/password your modem
> uses to connect to the internet. In almost all cases, this
> login/password combination would also be the same as your isp's POP3
> email password. This could allow a spammer to send email from your
> email account!
>
> Fortunately, we are on your side. We found out about this problem
> first, and we are not going to take advantage. And we certainly do not
> want hackers to be able to take advantage of you.
>
> If you do not believe us about this problem, send us an email to
> file-it@ihug.co.nz and we will gladly email you back a copy of your
> modems configuration settings. This is a real problem, with very real
> consequences!
>
> Also, in most cases, the adsl modems also allow a 'telnet redirection'
> which could allow a hacker to connect to your modem, then connect
> through yours, to a number of other modems, then perform anythign they
> want almost untraceable. A hacker with New Zealand only internet
> access, or to minimize their international downloads, set up a 'port
> rediraction' allowing them to download large amounts of data via your
> connection. If this were to happen, you could be paying a large fee for
> internet traffic you didn't use!
>
> Obviously the possible ways that a hacker could take advantage of this
> problem are limited only by their imagination.
>
> You are not alone in this security issue. As of today, there are almost
> 500 New Zealand users affected by this security problem.
>
> This problem has not been publicly released. Please do not report this
> problem yet, hackers use the media everyday to find out about new
> problems and take advantage of them before they are patched up. By
> informing the media, you will be putting at least another 500 users in
> the same boat as you at risk. Once this number has reduced to
> manageable numbers, I will then inform the media of the issue.
>
> How to fix this problem:
> Change all passwords to access the configuration mode of your modem -
> Note that some modems have separate http and telnet administration
> passwords
> Change your internet access password
> Turn off the option for your modem to allow 'external administration'
>
> How can I help you?
> If you are unsure of how to change these passwords, we can do this for
> you for a small fee.
> Once you have fixed the problem, we can test it to make sure it is
> corrected for a small fee.
> In case you didn't already know, I have already helped you immensely by
> informing you of this problem!
>
> What will this cost?
> If you require our assistance to help you change these passwords, or to
> do a post-fix test, we will charge you NZ$45 + gst for the service -
> This price includes both services. We found out about this problem
> first, we are the best people to fix the problem for you. In almost all
> cases, we have a less than a day turnaround so by tomorrow you can be
> assured you will not be at risk!
>
> One last note:
> This email was sent to you unsolicited, however we feel that we have a
> very good reason to send this message. If you are unhappy about
> receiving this message, we are sorry, but please, fix the problem now as
> we will inform the media within 7 to 10 days
>
> Although we gained access to your modem/router, at no time were we
> trying to gain access for illegal purposes, we did this for your own
> gain. You should note though that if we can do this, there must be some
> hackers who have already done it too and you may just be their next
> target!
>
> What should you do once you have fixed the problem?
> The best thing you can do is inform us that you have by email. We will
> be keeping track of numbers fixed and will inform the media soon
> Thank us :)
>
> I hope this information is of great use to you
>
> - John Burns
> file-it@ihug.co.nz
>
>
> --
> This message is part of the NZ ADSL mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@lists.unixathome.org
> with "unsubscribe adsl" in the body of the message
>
>

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.371 / Virus Database: 206 - Release Date: 13/06/2002
-- 
This message is part of the NZ ADSL mailing list. 
see http://unixathome.org/adsl/ for archives, FAQ, 
and various documents. 
To unsubscribe: send mail to majordomo@lists.unixathome.org 
with "unsubscribe adsl" in the body of the message