Slashdot Mirror

← Back to Stories (view on slashdot.org)

Monster.com Attacked, User Data Stolen

Posted by Zonk on from the rarr-snarl dept.

Placid writes "The BBC has an article detailing a successful attack on the US recruitment site, Monster.com. According to the article, 'A computer program was used to access the employers' section of the website using stolen log-in credentials' and that the stolen details were 'uploaded to a remote web server'. Apparently, this remote server 'held over 1.6 million entries with personal information belonging to several hundred thousands of candidates, mainly based in the US, who had posted their resumes to the Monster.com website'. The article also links the break-in to a phishing e-mail sent out recently where personal details were used to entice users to download a 'Monster Job Seeker Tool.'"

2 of 196 comments (clear)

  1. Re:Blame the data security officers & project by UbuntuDupe · · Score: 0, Offtopic

    Yes, it's a bit off-topic. But it's interesting to note how "obvious" it is to make these considerations for a database, and how they were completely overlooked on a distro that's supposed to be "easy" for newcomers. People gave me crap for criticizing the design of Ubuntu, and yet here this guy gets modded up for making my EXACT SAME CRITICISM, i.e., that no one sat down and said, "okay, if X goes wrong, how bad are the consequences? What can we do to minimize that?" The failure of GRUB locks you out of getting internet help or burning CDs with that computer, both of which are the main troubleshooting tools -- I'd say that's pretty severe. And yet it all could have been avoided if I had confined Ubuntu to a secondary hard drive, which I would have done had not GRUB been arrogantly "HIGHLY RECOMMENDED".

    So, don't get upset when I say Ubuntu's designers didn't follow basic software design principles.

    --
    Apology to Ubuntu forum.
  2. Re:Blame the data security officers & project by UbuntuDupe · · Score: 0, Offtopic

    What I care about is the thread-jacking. How should I put it... this is not an article about Linux, Ubuntu or GRUB.

    Well, logically, "This isn't 'about' X, it's about Y" is an invalid argument, and in my experience, used exclusively by people who can't (or don't bother to) reconcile the contradictions in their beliefs. For example:

    "You shouldn't shoot trespassers because that involves violence."
    "Fighting in a war involves violence too; should no one ever be a soldier?"
    "I'm not talking about soldiers, I'm talking about shooting trespassers."

    Or, more Godwinesque (I forgot who said this):

    "I won't let Jews in my university because a lot of them cheat."
    "A lot of non-Jews cheat too."
    "That's irrelevant. We're talking about Jews here."

    When you appeal to a general principle as a justification, but selectively apply that principle (or not) only when it's convenient, those inconsistencies become relevant.

    The OP was originally talking about how obvious, how common-sense it is to think "Okay, what's the severity of failure mode X? What can we do to mitigate X?" And how *stupid* it is not to consider such things. But then when a widely-lauded "user-friendly" Linux distro's programmers failed to do exactly this, well ... then it's not so stupid of an oversight, now, is it?

    --
    Apology to Ubuntu forum.