Slashdot Mirror

← Back to Stories (view on slashdot.org)

Monster.com Attacked, User Data Stolen

Posted by Zonk on from the rarr-snarl dept.

Placid writes "The BBC has an article detailing a successful attack on the US recruitment site, Monster.com. According to the article, 'A computer program was used to access the employers' section of the website using stolen log-in credentials' and that the stolen details were 'uploaded to a remote web server'. Apparently, this remote server 'held over 1.6 million entries with personal information belonging to several hundred thousands of candidates, mainly based in the US, who had posted their resumes to the Monster.com website'. The article also links the break-in to a phishing e-mail sent out recently where personal details were used to entice users to download a 'Monster Job Seeker Tool.'"

5 of 196 comments (clear)

  1. Porn by Porn+Perez · · Score: -1, Offtopic

    WWW.PORNPEREZ.COM Less than $10 bucks a month for thousands of minutes of erotic movies.

  2. This is yet another reason to use Linux by Anonymous Coward · · Score: -1, Offtopic

    If the HR/recruiter people used Linux, then this would've been considerably less likely to happen. MS Windows is a plague, because it's so easy to corrupt the entire operating system. I doubt that Mac OS is much better, either (Apple likes to pretend security holes Just Don't Happen To Them).

    Here's how these offices should be doing it:

    Linux Terminal Server Project

    That's how the City of Largo, Florida (USA) does it. They have just about every city employee on a LTSP terminal, and I understand that they simply don't have a virus problem. Even the so-called "Aunt Tillie" secretaries are able to do their jobs quite well. Furthermore, the city's IT maintenance and expenditure is way, way down from what it is for other comparable city governments--less than half. I've had similar experiences with LTSP and my own customers that Largo has had.

    Linux is simply fundamentally better than MS Windows, *especially* in corporate offices.

  3. Re:Blame the data security officers & project by UbuntuDupe · · Score: -1, Offtopic

    Any Linux distro programmer that wants Linux to be more widely used should be asking "When bootloader has an error, what's the maximum damage that can occur? What can we do to minimize the impact?" Frankly, there is no reason at all that one "HIGHLY RECOMMENDED" option should be able to lock a user out of his box, including internet connection and CD burner (the tools he'll need to get help) when he burned all the recommended CDs already. That's an incredible disaster!

    I'm shocked to think Ubuntu's designers HIGHLY RECOMMEND you to overwrite the MBR when it's not even necessary. I don't know how many test installs they did, but I'm thinking closer to "1" than "100".

    --
    Apology to Ubuntu forum.
  4. Re:Blame the data security officers & project by UbuntuDupe · · Score: 0, Offtopic

    Yes, it's a bit off-topic. But it's interesting to note how "obvious" it is to make these considerations for a database, and how they were completely overlooked on a distro that's supposed to be "easy" for newcomers. People gave me crap for criticizing the design of Ubuntu, and yet here this guy gets modded up for making my EXACT SAME CRITICISM, i.e., that no one sat down and said, "okay, if X goes wrong, how bad are the consequences? What can we do to minimize that?" The failure of GRUB locks you out of getting internet help or burning CDs with that computer, both of which are the main troubleshooting tools -- I'd say that's pretty severe. And yet it all could have been avoided if I had confined Ubuntu to a secondary hard drive, which I would have done had not GRUB been arrogantly "HIGHLY RECOMMENDED".

    So, don't get upset when I say Ubuntu's designers didn't follow basic software design principles.

    --
    Apology to Ubuntu forum.
  5. Re:Blame the data security officers & project by UbuntuDupe · · Score: 0, Offtopic

    What I care about is the thread-jacking. How should I put it... this is not an article about Linux, Ubuntu or GRUB.

    Well, logically, "This isn't 'about' X, it's about Y" is an invalid argument, and in my experience, used exclusively by people who can't (or don't bother to) reconcile the contradictions in their beliefs. For example:

    "You shouldn't shoot trespassers because that involves violence."
    "Fighting in a war involves violence too; should no one ever be a soldier?"
    "I'm not talking about soldiers, I'm talking about shooting trespassers."

    Or, more Godwinesque (I forgot who said this):

    "I won't let Jews in my university because a lot of them cheat."
    "A lot of non-Jews cheat too."
    "That's irrelevant. We're talking about Jews here."

    When you appeal to a general principle as a justification, but selectively apply that principle (or not) only when it's convenient, those inconsistencies become relevant.

    The OP was originally talking about how obvious, how common-sense it is to think "Okay, what's the severity of failure mode X? What can we do to mitigate X?" And how *stupid* it is not to consider such things. But then when a widely-lauded "user-friendly" Linux distro's programmers failed to do exactly this, well ... then it's not so stupid of an oversight, now, is it?

    --
    Apology to Ubuntu forum.