PlentyofFish Hacked, Founder Emails Hacker's Mom

hellkyng writes "The online dating site PlentyofFish was hacked, and purportedly 30 million customer records were stolen. The site's founder, Markus Frind, is blaming the security researcher who discovered the vulnerability and the journalist who confirmed the issue." The researcher who reported the vulnerability is Chris Russo, one of the guys who hacked The Pirate Bay last year. He explained his side of the story as well. Mr. Frind says he tracked down Russo's Facebook page and emailed his mom.

should not affect slashdot crowd

should not affect slashdot crowd since they do not date.

Re:should not affect slashdot crowd

[Lord+Ender]

On the contrary, I recently experimented with online dating myself. In my experience, the site should actually be called "plenty of whales" though...

Re:should not affect slashdot crowd

[DNS-and-BIND]

LOL parent +5 Informative

Re:should not affect slashdot crowd

[cayenne8]

"On the contrary, I recently experimented with online dating myself. In my experience, the site should actually be called "plenty of whales" though..."

Yeah..I was looking on there the other day, and WOW...there are a lot of BIG women on there.

Hard to find anything worth hitting on on POF.

Frankly, I don't buy enough flour really to 'use' on those women I've seen on that site, and I tend to shop in bulk at Sam's clubs......

Re:should not affect slashdot crowd

[Nadaka]

You must have seen my little sisters profile, she will kill me if she know I was joking about her.

She keeps telling me about how I can meet a nice girl there after breaking up with my whore ex.

Right after she tells me about all the dirty old men, halfwits and creeps she has to filter through.

Re:should not affect slashdot crowd

[EMR]

When I first saw the site, I thought it was Plenty Offish :-D

Re:should not affect slashdot crowd

[DarkIye]

Ha ha ha, ha ha ha, ha ha FUCKING HA.

Re:should not affect slashdot crowd

My wife and I met via online personals. She was telling me that about 95% of the emails she got were from men with user ID's along the lines of "Bigpenis69" and "Bigstud72" and the like. That's the reason why she even talked to me, because I didn't have a name that was in any way reflecting my supposed virility. I have no trouble believing that most of your sister's replies come from old, creepy dudes.

Also, regarding the "plenty of whales" comment above... it amuses me to no end that many lonely geeks and nerds will judge less attractive women to be not worth asking out, only to turn around and moan and whine when attractive women use the same methods to exclude them from consideration.
Q: "Why don't pretty women like me?"
A: Because they're just as shallow as you are and judge as much by appearance as you do.

Re:should not affect slashdot crowd

[DNS-and-BIND]

Being pretty or not has little to do with how much weight you choose to carry. I have seen so many lovely women - from the neck up. From the neck down it's a disaster area. If she only weighed 130 instead of 250, she's be perfect.

Re:should not affect slashdot crowd

Perhaps your little sister is indirectly trying to tell you that she thinks you are a half-witted creep?

Re:should not affect slashdot crowd

[Lord+Ender]

regarding the "plenty of whales" comment above...

What? Fat chicks need love too... but they gotta pay. [/quagmire]

Re:should not affect slashdot crowd

[pieceofstone]

Not to sound pointlessly pedantic, but in some cases, people honestly do not have as much control over being fat as the next person, such as people with thyroid disorder or polycystic ovary syndrome. Although you weren't referring to these kinds of people.

Re:should not affect slashdot crowd

[Simon80]

I'm always incredulous at how many people still use PoF despite how bad it is. OKCupid is so much better (still free though), because the questions help you automatically weed out all the icky people you don't want to have anything to do with.

Re:should not affect slashdot crowd

[alien9]

wait, you went online to get a date with yourself?

Re:should not affect slashdot crowd

[sumdumass]

I tried online dating once.. Let me tell you something, the online part is just to lure you into it. They expect to see you in real life,.

God I miss the good ole days when cyber actually meant phone sex over the interweb.

Re:should not affect slashdot crowd

[Sectoid_Dev]

Speaking from personal experience, fat girls "try harder". And I for one appreciate that.
So thanks for being such an asshole.

Re:should not affect slashdot crowd

[Stregano]

They expect to see you in real life,.

Well that just kinda spoiled it all for me.

Re:should not affect slashdot crowd

[Stenchwarrior]

Heh...tell us how you really feel.

Re:should not affect slashdot crowd

[thetoadwarrior]

If only weight was the only problem. It's a free site so it attracts the dregs of society.

Re:should not affect slashdot crowd

[cayenne8]

"Something tells me you are one of those who only wants to date a supermodel and every other woman is "too fat"

No...while yes, I have dated some women that were exceptionally beautiful, some that had modeled before...

No..that's not all I date. I do however consider fat women to be....fat women. I'm not looking for anyone that is over weight. I'm working hard on diet, and regular exercise to try to keep myself in good healthy shape. I expect the same from my woman.

I'm not looking for any women, that if they are on top...that I'll risk suffocation. I'd like in the 5'8 range..in the 170lbs or less range....at the very lest, I don't want women with a gut...or muffin tops....big asses.....and even if not fat, I'm a bit hesitant about thick wrists or thick ankles, so far those have been proved to be almost sure signs of weigh problems down the road.

Re:should not affect slashdot crowd

[diskofish]

We need a catchword for that like, like butterface.

Re:should not affect slashdot crowd

[Ihmhi]

Not all nerds are unattractive. Very many are just socially inept.

Re:should not affect slashdot crowd

[tmp31416]

the biggest problem with PofF (and all the other dating sites i've been on), is that people... huh, women lie.
big time.

(i'm writing this from a guy's perspective. i'm sure the reverse can be quite true...)

they lie about their age -- i've lost count of the "38yo" females who'se personal picture clearly show they're 48-50yo. and fat (no, really)

they lie about their financial status -- "financially independant" more often than not means "i need a sugar daddy with deep pockets".

they lie about their job status -- "self employed" / "entrepreneur" / etc. 99.99% of the time mean "i can't keep a job even if my life depended on it".

they lie about what they want -- "i've really looking for the love of my life" 9x% of the time mean "i'm looking for a sucker i can fleece".

they lie about their hobbies (if they have any) -- for example, "cycling" truly means "i have this wal-mart bike i've found in my neighbour's trash, that i use to go around the block... every blue moon". and don't get me started about "hiking", "camping" and/or anything remotely outdoorsy. (i never thought saying i'm a scuba diver could be taken in the same way as if i said i was a necrophiliac pedophile. whoa)

and then there's the laundry list of requirements you have to meet. as the parties involved get older, the list gets more and more insane. so, gents, even you are in your 40s, you have to be in absolutely perfect shape, absolutely no medical issues, you have to be wealthy, no baggage, etc. and, preferably, you must not be divorced, widowed, whatever. it's like if they want a 27yo rich athletic subservient virgin... whilst, of course, they can be unemployed and going nowhere fast, fat, looking like beaten hag, etc. unless they're the insane cosmetic surgery addicted athlete wannabe who'se the mahogany row witch of BigCorp inc.

are dating sites a good thing, should geeks look to them to find "the one"?

i don't know. theoretically, it sure beats the bar scene, but my experience and that of other guys at the office who let it slip they tried those sites, is not positive.

maybe Clifford Stoll is right, maybe we do need to turn the tube off and "get out there".

i know that how i met my late wife, "out there"...

Re:should not affect slashdot crowd

[tmp31416]

maybe i should have qualified my rant.
i'm in my 40s... er, late 40s (damn).
i've tried these dating sites between 2003 and 2007.
my observations about the women on these dating sites are more about the females in their 40s, and not about young chicks in their 20s.
maybe only the bad women end up on these dating sites when they are in their 40s... or their "30s" (yeah, right).
again, it's from my own experience and that of a few other guys at the office.

p.s.: not to be petty Taco, but the new slashdot still sucks. even logged in we can't have the "old skool" /. anymore! arrgh!

Re:should not affect slashdot crowd

[phoenix321]

Being overweight is a matter of input vs. output, no matter the circumstances. It just might be a lot harder for some because of the reasons you mentioned, but not impossible.

People that gained weight on 1500 calories a day could, if anything, save money on food. As long as they're gaining weight, they're not starving.

Ask yourself: would these people lose weight if they'd only be eating a single leaf of lettuce per day? Yes, they would, otherwise we'd have found a simple solution for everyone in Ethiopia and Somalia.

Unless people can starve AND gain weight at the same time, they can lose weight by eating less.

Re:should not affect slashdot crowd

[monkyyy]

lol, try asking 4chan to start a /d/ating board

Re:should not affect slashdot crowd

[CTLz]

True my Fiancée and I met through online, infact i found her on POF and another, and sent her an email we have been together now for 4 1/2 years.

Re:should not affect slashdot crowd

[glittalogik]

stopputtingbutterinyourface?

Re:should not affect slashdot crowd

[JWSmythe]

Something tells me you've never been to the site.

    Some of it may have to do with the fact that the site screws with the aspect ratio of every picture. They squeeze whatever you submit into a square box on the main page, and search results. Even still, when you go to the profile you may see how hard they try to make themselves look good. Really, you have to be careful. I do prefer thin women, but some of the women ... well ... lets just say I'm surprised the camera didn't turn around and strangle the photographer for trying to take the picture. :)

    Then again, I've met a few who just had a horrible picture, but were some of the most beautiful, and as you said, model quality, women I've ever met. They were also ditched for serious emotional or habitual problems. A little crazy, I can handle. A little drinking is fine. Lines of coke, heroin, not so good, and even worse if you want *me* to get it for you. Sorry, a hot chick on my arm isn't worth a felony possession charge.

    But back to the fat and the ugly of it, no, if your face looks like the result of a mack truck hitting a water buffalo, and your 400 pounds of sweet lovin' wants to ride the 160 pounds of Smythe, I prefer to survive than to get laid. :) And when we go out, I don't like to be one of the few people left in the club, because everyone ran away scared that they'd be eaten. You may think that's mean. Try being the one to have her crying on your arm afterwards. It's really not a pretty sight.

Re:should not affect slashdot crowd

[Pete+Venkman]

it's because they have to

Re:should not affect slashdot crowd

[meyekul]

God I miss the good ole days when cyber actually meant phone sex over the interweb.

I'm sure the other guy probably misses it to. Seriously, how many women do you think go online to flick the bean while talking to strangers?

Re:should not affect slashdot crowd

[pieceofstone]

You're right, let me go back and amend my earlier comment where I say such people have absolutely no control over their weight rather than less contr... oh, I didn't say that. Never mind.

Re:should not affect slashdot crowd

[eugene+ts+wong]

I agree with what you are saying, but I based my approaches on compatibility, and tried to ignore the photos if they were super awesome. I think that women are just so shallow, even though they don't know it. My user name wasn't like "Bigpenis69" and "Bigstud72" either. Women can be really pathetic sometimes.

Re:should not affect slashdot crowd

[eugene+ts+wong]

It would be a bit more poetic if you said something like, "If she only weighed 130 instead of 310, she's be perfect.".

That being said, she isn't pretty if you have to ignore her from the neck down.

Re:should not affect slashdot crowd

[d6]

Jesus christ. I really LOL'd. Thank you.

WTB +5 funnycuzitstrue mod

Re:should not affect slashdot crowd

[GeorgeS]

You might be surprised. Check out all the women on anywebcam.com someday.

Re:should not affect slashdot crowd

[eugene+ts+wong]

You're right in that it is much better, because of the questions, but then again, you get some pretty stupid people who are very compatible with you. They don't quite understand certain questions. For example, they might not smoke, and they might be intolerant towards smokers. You might not smoke, but you might be tolerant towards smokers. That person might completely reject you, even though you won't smoke around her. She's stupid. It's very sad.

I've even seen people get turned off because of the other person's interpretation of "wherefore", or the answer to a brainy question [e.g. "stale" is to "steal" what 12345 is to...", etc.]. It's 1 thing to not bother working it out on paper, and to not bother looking it up in the dictionary, but it's a whole new level of arrogance to go ahead and reject somebody who answers correctly. For many of you readers out there, it's easy to brush off the people who reject us, when we have a lot to choose from, but when they are basically the only people showing an interest in us, then it becomes very discouraging.

I say all of this with the mindset that this past August, I began to suspect that I probably have Asperger's Syndrome. As I interact with more people, it's becoming more and more believable. I'm 37, and it's really demoralizing to think that a lot of the failures in my life are related. I am only discovering this at age 37?? That's sad.

Re:should not affect slashdot crowd

[eugene+ts+wong]

How do you know that they lied? Did you meet up with them?

What type of a place did you meet your wife at?

Re:should not affect slashdot crowd

[sumdumass]

You mean like this?
http://www.bloodninja.org/view.php?id=7

Probably not work safe..

Re:should not affect slashdot crowd

[goose-incarnated]

Something tells me you are one of those who only wants to date a supermodel and every other woman is "too fat"

Actually, no. I want to date a woman who's not obese. I find obese woman physically unattractive. Should this now be my fault? I take great pains to keep in shape; I'm not dating someone who doesn't take equally great pains to keep in shape.

Re:should not affect slashdot crowd

[tehcyder]

Glad to see you're not worried about trivialities like intelligence, character, morals, beliefs, sense of humour, everyone knows they don't matter in the long run.

Re:should not affect slashdot crowd

[Putr]

Whales are not the problem. I meet my current girlfriend on okcupid, the thing i didn't expect was THE CRAZY. I should have seen the "crazy eyes". The problem is i cant even dump her cuz the crazy is so bad she mite kill herselfe :| So you see, I'm a bit stuck.

She's hot tho.

Re:should not affect slashdot crowd

[cyclomedia]

Feeling your pain, i became suspicious aged late 20s but the final nail in the coffin - scoring 37/50 on the autism test (normal humans get about 15 IIRC) - came when I was in my 30s.

Fortunately by that time I'd decided to get over it. A lot of which involves acting the part of someone who has self confidence (as opposed to the reality of total self doubt) and actually talks to girls on occasion (as opposed to spending too long trying to think of what to say and talking myself out of it).

The most important lesson I've learnt about interacting with humans is that if you stop TRYING so hard and are honest then what look like pitfalls - she talks about a book and author you've never heard of - become opportunities: you tell her you've never heard of either and show an interest. Turns out humans love it when you show an interest in them and the things they like, so just keep em talking and use your geek powers to remember this information for the next encounter: Did you finish that book you were reading? Who was the author again? (It's enough that you remembered this much, really!)

Re:should not affect slashdot crowd

[tehcyder]

I seem to have been transported to the "Men's Health" website. Let's all swap pix of our six packs and bitch about how women don't understand us.

Re:should not affect slashdot crowd

[goose-incarnated]

Well, forgive me for not wanting to date an obese woman.[sarcasm]it's not like woman refuse to date a habitually unemployed man[/sarcasm].

Face it - women have certain requirements, and I take care to fulfill them as best I can (remaining employed, getting a degree, owning my own free-standing property *and* remaining in shape) in order to attract and retain a mate. I don't want a woman who can't fulfill my requirements (basic hygiene, BMI of over 21 and under 23, no psychotic tendencies, things like that).

The most important requirement for the majority of women (who are searching for a partner) is that the partner can provide food, clothing and shelter. The most important requirement for the majority of men is that the partner is physically attractive. No amount of stupid people trumpeting PC crap is going to change that.

Re:should not affect slashdot crowd

[eugene+ts+wong]

Thanks for the tips and your reply.

Unfortunately, I tend to be forgetful, so I can really miss out on a lot of things. That being said, I'll try to start memorizing things that people say.

Why is it so important for people that we check up on things [e.g. "How are your parents?"; "How is your family?"; "Did you finish ___?"; "Who was the author again?"; etc.]? Sometimes people seem so thankful, and I do not understand the significance.

On a more humourous note, I find that if I claim to possibly have Asperger's, then I can get away with a bit more. It would be almost like saying, "You are very smelly today, and your bottom is huge. Oh by the way, I might have Asperger's Syndrome.". ;^P I'd never say that, but there are times, when the conversation is flowing well, and I don't want to spend too much time thinking about what to say. Part way through a sentence, I begin to have doubts about the appropriateness of what I'm saying, so I just add at the end, "Oh, by the way, I might have Asperger's Syndrome.", and then they just brush it all away, as if nothing happened.

Re:should not affect slashdot crowd

[AmiMoJo]

Your post nicely illustrates why these sites are mostly useless for anyone who is not physically attractive. In the real world big women manage to get partners because they meet them as casual acquaintances or co-workers and get to know them first, by which point looks are not as important as personality and shared interests. On web sites all you see is a photo and a few vague lines about how they have a GSOH and enjoy going out.

Re:should not affect slashdot crowd

[drunkennewfiemidget]

Wow! What an original response!

Re:should not affect slashdot crowd

[_0xd0ad]

women have certain requirements, and I take care to fulfill them as best I can (remaining employed, getting a degree, owning my own free-standing property *and* remaining in shape) in order to attract and retain a mate

Since when do those things have anything to do with attracting women?

My gainfully employed, 4-year-degree holding, property owning, 21.5 BMI ass is obviously doing something wrong, because it's not working.

Re:should not affect slashdot crowd

[goose-incarnated]

YMMV - ItWorksForMe; what do they say when you introduce yourself? Do they giggle or even smile at the tiny attempt at humour you made in the first 30 seconds of meeting them? Because, if you can't make it past the first minute, they never get to hear that your property-owning ass is gainfully employed with a B degree. Some things are an indicator - non-cheap clothing, non-cheap car, non-cheap deodorant, etc - that the man is gainfully employed.

Anyway, it's moot; of course there are statistical outliers in every population (sucks, man, sorry), but that doesn't invalidate my point (in that I'd rather be attractive to the majority of women, than look in the minority for "true love" (*spits), and that I'm certainly well-within the norms when I decide not to date someone based on looks).

Re:should not affect slashdot crowd

[cayenne8]

"My gainfully employed, 4-year-degree holding, property owning, 21.5 BMI ass is obviously doing something wrong, because it's not working."

How many women are you approaching each day? How many on weekdays vs weekends?

If you aren't approaching as many as you can...well, a good looking smart one isn't just going to fall in your lap. Most guys I find that say this...aren't trying hard enough. Make it a point that each day..you talk to the most beautiful women you see out...each and EVERY day. Even if it is just saying hello....asking for the time...etc...practice makes perfect.

Re:should not affect slashdot crowd

[km_2_go]

As a 40-something that has met some on POF, I wonder if it's because "the good ones are taken" by the time we get to be this age. Of course, that goes both ways, but I'm attractive, fit, healthy, make a decent living and has very little debt. The problem is there's very few suitable candidates out there. I kept waiting for the "perfect one" to come along, and didn't settle for "good enough". Now, all that's left are the dregs.

Re:should not affect slashdot crowd

[tmp31416]

yes, i connected with them.
out of quite a few dates from which i bailed out quickly, i ended up in two rather unsuccessful relationship -- quite a learning experience.

one turned out to be a very undesirable human being, someone i could not trust at all, who would have gotten me in trouble through her sheer stupidity and irresponsibility: financially, legally and even worse.

the other is a wingnut who's still psychologically stuck in her native country, a few decades ago. acquaintances from the same country all say "why is she doing x, she's not in ${native country} anymore, and even then, we don't do this anymore back home". she's got such a weird idea of what a husband should be that she's never been in any true relationship. at every level. and when she decides you're not a perfect suitor for her, she turns beyond nasty on you. that one hurt.

i met my wife at work (previous workplace), and i was not even looking for a girlfriend.
it all started with a bad hair joke and went downhill from there -- a few weeks after that, i was moving in with her... and i was not even supposed to be staying in that city for more than a few months! talk about "out of town" work that takes an unexpected turn...

Re:should not affect slashdot crowd

[tmp31416]

yeah, that's what i ended up thinking, that all the good ones are already taken.
(maybe it depends on the service you're on -- do the "freebies" attract the wrong crowd?)

there's a lot of angry women out there: divorced, ex-battered wife, etc. it's funny that they demand that *you* have dealt with your past, that you have gotten over your ex (or whatever), but _them_, on the other hand...

and i agree that waiting for the perfect one won't work... you have to take a chance, as long as there are enough common points or good points to bootstrap the process, who knows where it's going to lead?

though i wonder: should one consider looking "out of town" or is it too risky?
and, no, i'm not talking about getting a mail-order bride from china or russia... (one poor sap at the office did it and all the worse clichés happened to him. ouch)

Re:should not affect slashdot crowd

[eugene+ts+wong]

You sound like you have had a lot of difficulties in relationships through no fault of your own. Sometimes I find it so hard to believe that this stuff happens often, and that it happens often to normal people.

makes sense

[Charliemopps]

The "hacker" found a weakness in the websites security and exploited it. Then the website found a weakness in the hackers security and did the same in turn. You'd think the hacker in question would be a little more secure about their own personal information.

Re:makes sense

[SIR_Taco]

What's worse, after his Mom reads the e-mail, she'll probably kick him out of the basement!

Re:makes sense

[locallyunscene]

What "weakness in the hackers' security" are you referring to? The one where they gave them their names because they were trying to disclose a vulnerability? I wasn't aware searching for a name on Facebook was considered hacking now. Silly comment.

Re:makes sense

[rvw]

The "hacker" found a weakness in the websites security and exploited it. Then the website found a weakness in the hackers security and did the same in turn. You'd think the hacker in question would be a little more secure about their own personal information.

Disturbing! Finding his Facebook page is quite an impressive hack. Then emailing his mom - wow man - that will definitely scare him off. One hacker down!

Re:makes sense

[bemymonkey]

You should read the articles linked in the summary - quite an entertaining read. Chris Russo comes off looking like the victim, and the dating site (which appears to be the same to dating sites as blogs are to serious journalism) founder comes off looking like a complete jackass.

Re:makes sense

[pawntokingspawn]

and cancel his Warcraft subscription

Re:makes sense

[Gilmoure]

Dang it!

Re:makes sense

[Onymous+Coward]

The articles linked in the summary? The PoF blog says stuff like

On January 18th, after days of countless and unsuccessful attempts, a hacker gained access to Plentyoffish.com database. We are aware from our logs that 345 accounts were successfully exported. Hackers attempted to negotiate with Plentyoffish to âoehireâ them as a security team. If Plentyoffish failed to cooperate, hackers threatened to release hacked accounts to the press.

[Emphasis mine.]

It may be a while before a more objective view is sorted out.

Re:makes sense

[PopeRatzo]

The one where they gave them their names because they were trying to disclose a vulnerability?

I find it sillier that they choose to refer to themselves as "security researchers". I mean, if you're going to hack websites and then brag about it to the website to rub their faces in the fact that you defeated their security, go ahead and call yourself a "hacker". Don't try to perfume the turd by pretending that you've got some altruistic motive.

I've met quite a few of these "whitehat" types and of them all, only one actually cared about trying to prevent people from getting hurt. The rest were all weenie-waggers who sought some measure of approval for their antisocial behavior.

Re:makes sense

[Toze]

Specifically, there's a link in the article to Marcus Frind's blog, in which he claims in the same paragraph that "This was an incredibly well planned and sophisticated attack" and that "It took Chris Russo 2 days to break in; he didn’t even try to hide behind a proxy, signed up under his real name and executed the attacks while logged in as himself." Fortunately, Frind then "closed the breach if indeed there was one."

Now, it's entirely possible- since both of them obviously want to sound as cool as possible- that Chris Russo was hoping to land a security gig with POF, and said some things to suggest urgency and encourage Frind to hire him. But, frankly, Frind, on his own blog, sounds like a disjointed paranoid, talking about how damn clever he is for foiling this wily hacker. Who discovered the plaintext password storage the site uses. If they're both wankers, I'd still give credit to Russo rather than Frind. I use POF myself (with the requisite sense of shame), and the site's asking for password resets because "an argentinian hacker accessed the site." Oh, and here's the brilliant method of getting new passwords; first you enter your email (which an exploiter would already know), then you enter your current password (which the exploiter would know), and your new password. So I guess all the users are pretty much safe! :D

Re:makes sense

[Sectoid_Dev]

I googled "hacking" once. Now I am one!

Re:makes sense

[Kizeh]

Also, you can just re-enter your old password as the new one. There's no enforcement of password history. Not to mention, no email alerting one of the need to change the password.

Re:makes sense

[hellop2]

Just more examples of why PoF is one of the most poorly designed websites that ever existed.

Password in plaintext email

[RobertB-DC]

I was on the site for a while. It was always slightly clunky, but I'd prefer a free, one-man labor of love to a buy-in site that basically tries to promise sex for money. It was particularly helpful in helping me discover that I wasn't as bad as most of the creeps out there... and conversely, creepiness doesn't belong exclusively to those of the male persuasion. That was good to know -- it helped me realize that I need to be picky. (And my pickiness was rewarded many times over when I found my fiancee. In my Sunday School class).

But on the tech side, it irritated the living crap outta me that POF would send me a weekly e-mail with my password IN PLAIN TEXT. Every week, just as a reminder of how easy it would be to log in. Yeah, easy for *anyone* to log in as me and, if I were foolish enough to put important information on POF, to mess with my life. And, of course, if I were foolish enough to use that password for my bank account... well, I think anyone on this site knows the rest.

So I'm not at all surprised that someone found a way to hack POF. Sending a password in plaintext is bad, but not uncommon. Heck, T-Mobile does it. But sending it every week, unsolicited? I'm sorry to be rude, but that's just stupid.

Re:Password in plaintext email

And my pickiness was rewarded many times over when I found my fiancee. In my Sunday School class.

Please confirm that you weren't the teacher, and she's not a student in this class...

Re:Password in plaintext email

I used POF, and found its interface to be absolute shit. I still get emails from them on a bi-weekly basis, with password still in plaintext (after noticing this the very first time I immediately changed it to something more appropriate to something emailed in plaintext). The guy who runs it makes like $1mil+ a month in ad revenue, so I don't really feel bad about his baby getting hacked when he has the money to hire someone with half a brain.

Re:Password in plaintext email

[religious+freak]

Agreed. I've used it. And honestly I think online dating is the most efficient way to find someone you're compatible with. You have a list of people answering questions you wouldn't dare to ask them before you see them naked a few times (e.g. what religion are you, do you want to get married and/or just have fun) and you've got a whole list of them. Select your criteria, weed out the fatties and the uglies and email the rest. A couple of them respond, talk to them go on dates with a few and 'viola' - instant girlfriend and/or friend with benefits. It's beautiful. And like you said, most of the competition is just deadbeat dudes. Pretty easy to beat.

But as you also said, it's one dude's project and the interface... well, it kind of shows it. I'm not surprised they're hacked. But honestly, these dating services are generally public anyway, so if these sites are not hacked, they're definitely farmed. The way I look at it... fuck it. I'm looking for titties!

Re:Password in plaintext email

[Whalou]

[...]I'd prefer a free, one-man labor of love[...]

So you don't date? :-P

Re:Password in plaintext email

[CCarrot]

And like you said, most of the competition is just deadbeat dudes. Pretty easy to beat. [...] Select your criteria, weed out the fatties and the uglies and email the rest. [...] The way I look at it... fuck it. I'm looking for titties!

Hmmm...and your definition of a 'deadbeat dude' includes what, exactly?

The competition may be tougher than you think...

(and it's 'voila', not 'viola'. That would be a musical instrument, or a flower.)

Re:Password in plaintext email

[cayenne8]

"Hmmm...and your definition of a 'deadbeat dude' includes what, exactly?"

Apparently, just something as basic as having a job (especially one that doesn't include wearing a nametag saying 'Hi, my name is...') is a hard thing for women to find out there.

And apparently it is even harder to find men that not only have jobs, but have decent hygiene, wear decent clothes and have a personality greater than that of a small soap dish.

At least..that's what I hear from women out there. Having a job...really gets you ahead of a LOT of the crowd of guys out there on these things. I'd guess what I described above are some things that would describe a 'deadbeat dude'.

Re:Password in plaintext email

[tokul]

Sending a password in plaintext is bad, but not uncommon.

If site can email you your password, it is not just bad. It is sign of fscked up security. The only way of knowing your password is to store it in plain text or in some automatically decypherable form. If site sends you your passwords, you should ask them why password hashes are not used.

Re:Password in plaintext email

[aliquis]

Select your criteria, weed out the fatties and the uglies and email the rest. A couple of them respond, talk to them go on dates with a few and 'viola' - instant girlfriend and/or friend with benefits.

Sadly enough the women seem to weed out the nerds living in their parents basement. So it doesn't work for me.

But a good idea .. For the successful ones, those greedy bastards who can already get one even out in the sun...

Probably contacted 10.000+, slept with 0. ;)

(Probably three possibilities though, but that doesn't count (fat by European standards.))

Re:Password in plaintext email

[danbert8]

You know, I've heard this repeated so many times, but I can't even get a response from girls on dating websites despite not only having a job, but a well paying job. Yes, I'm a nerd, but still. You'd think I could at least get a response... I'm going to go cry into a wad of cash now.

Re:Password in plaintext email

[Unkyjar]

Hot cougar sunday school teacher action!

Re:Password in plaintext email

[smooth+wombat]

I didn't mind the interface. It was nice to see something simple. However, I left when he became more like Facebook in that to read any message you had to supply information such as your income level, occupation, and related matters.

While you could falsify the stuff, the problem came in when it was discovered that when you did a search, your results were based on what was on your profile. So if you said your salary was $100K, then whatever programming was done on the backside would limit your results to people who had a salary range of $80K - $110K, for example. Someone who made $50K would not be included. Markus himself said that this was done because (paraphrasing) like follows like.

You could bypass this by doing a generic search from the main page without logging in but that shouldn't have had to be done.

There were other issues that I finally threw in the towel (to paraphrase another poster on here, "Moo!") but overall it was because in my area, there was very little selection. I'm not overly picky, but when you talk about how badly you were treated in the past or you don't take shit from anyone, I'll keep walking.

Re:Password in plaintext email

[moeluv]

I wish I had a mod point for you sir. First good laugh I've had all day.

Re:Password in plaintext email

[jd]

The creating an account page was broken when I tried the site, the tech support sent abusive mail, so I now regard them as a bunch of juveniles. A dating site that is actually usable has to be their first priority, competent and friendly tech support needs to be their next.

Re:Password in plaintext email

[Gilmoure]

Buy more dice.

Re:Password in plaintext email

[religious+freak]

Lol - I actually wrote this post in hurry, because I'm working (compile time, ya know ;-)

Point taken, but if lusting after boobs makes me a deadbeat, then I know I'm not alone! As one of the replies said, deadbeats are the guys that don't shower, work, or have manners.

Re:Password in plaintext email

[madhurms]

But sending it every week, unsolicited?

POF actually emails you DAILY with list of matches. Yeah, the latest email (sent on Jan 30) still includes password in plain text.

Re:Password in plaintext email

[dumeinst]

I wonder if anyone outside the South Eastern united states knows that there's 'Sunday School' for grown ups? I certainly didn't before I moved here!

Re:Password in plaintext email

[cayenne8]

"You know, I've heard this repeated so many times, but I can't even get a response from girls on dating websites despite not only having a job, but a well paying job. "

Hmm....just how many girls on the websites are you approaching? You know, it is really a HUGE numbers game on the internet, maybe even more so than in real life meatspace.

Are you trying to contact 100's or more of women a week?

Make yourself out a basic 'template' of an email to use...with some spaces in there to maybe personalize your message a little bit...maybe to mention one specific thing you read about her (if you bother reading them, and don't go straight from looks). Anyway, use this basic 'canned' email and send it out over and over and over and over and...well, you get the idea. Heck, even send it to chicks you might not even be interested in, just to gage response. If it doesn't work...tweak it a little.

I actually heard some guys did the reverse engineering thing...they created a fictitious account as a chick, with good looking pics and all...just for the sole objective...of seeing what other guys were posting on their profiles, and the types of emails they were sending. Some guys doing this, even would have girls that were just friends, read what they guys were sending, just to see what they thought they as women would respond to.

The researchers used all this to tune their emails to women, and started getting a lot more response (of course, they STILL sent out 100's and 1000s of emails to women, but they were better quality emails.

Re:Password in plaintext email

[asdfghjklqwertyuiop]

So if you said your salary was $100K, then whatever programming was done on the backside would limit your results to people who had a salary range of $80K - $110K, for example. Someone who made $50K would not be included.

The results would limit to other people who *themselves* made $80-110K, or to people who *wanted someone else* who makes $80-110K?

Re:Password in plaintext email

[smooth+wombat]

It would be limited to people who themselves made the range. So, if you made $85K and they made $80K, you would show up in each others search.

If you made $56K and they made $85K, neither would show in the others search.

I don't think there was a way to search for people within a salary range. I don't remember seeing anything like that. However, as I did mention, you could do a wider search from the homepage, when you weren't logged in, which would show you anyone who met your criteria regardless of salary.

That's what I did. I wanted to see everyone who met my age range. I could weed things out from there.

This is one reason I haven't gone to other sites, including OKCupid. Even though it, OKCupid, is free, I can't do a search from the main page to see if it's worth it to sign up. If it's the same people as on Fish, then what's the point?

Re:Password in plaintext email

[rwyoder]

But on the tech side, it irritated the living crap outta me that POF would send me a weekly e-mail with my password IN PLAIN TEXT. Every week, just as a reminder of how easy it would be to log in.

Oh, but it gets better: POF just now sent me an email notifying me of the breach, and sent me a *new* password, in PLAIN TEXT of course.

Re:Password in plaintext email

[asdfghjklqwertyuiop]

That's quite strange. I wonder why they do that. I don't think most people are totally uninterested others who are beyond +/- 10% their own salary. That isn't the case for me, at least.

I can tell you OKCupid is an infinitely better site interface-wise and functionality-wise, at least. Better than any other site I've tried. In particular, unlike practically every other dating site, they tell you exactly when people last logged in for free instead of playing games hiding that information to make you think there's more activity on the site than there really is.

Re:Password in plaintext email

[Toze]

Go to a goddam stylist, get a very pretty and fashionable female friend (or well dressed gay dude friend, or whatever) to help you pick out a good wardrobe. Seriously. Stylish chicks love a makeover project. It makes them feel like they're the Helpful Pretty Friend in an ugly duckling movie. I've seen a total skid theater tech transformed into a fairly dapper fellow. Unless you already wear outfits worth over $500, you will benefit greatly from a friend making you over. If you are like every other geekass bastard out there, you're wearing comfortable clothes that make you look like you rolled out of a cardboard box this morning. Get style, get ladies. Money will get ladies, but you have to show the ladies that you have it. That means you wear flash clothes, maybe drive a flash car, and you waste money to look good.

Re:Password in plaintext email

[Unkyjar]

Wow...treating dating like a corporate job hunt, form letter with demographic research and all. That's super-creepy man.

Re:Password in plaintext email

[PhreakOfTime]

The competition may be tougher than you think...

No, its not.

I've been on the site, and while I wont go into details about the 'quality' of some of the women I've met, I can tell you for sure that I have zero problem getting the initial contact. On average, I'd say about 5-6 a week come in from my local area, from me doing nothing at all.

Granted, the pool of quality women is JUST as limited as the pool of quality men available to a woman is. But then again, I'm picky.

Re:Password in plaintext email

[_0xd0ad]

(obligatory hand-wave) Those aren't the women I'm looking for.

Re:Password in plaintext email

[Unkyjar]

OkCupid is fun even if you just sign up to wander around their quiz section.

Re:Password in plaintext email

[Americano]

"In this country, you gotta make the money first. Then when you get the money, you get the power. Then when you get the power, then you get the women."

Tony Montana was right.

Re:Password in plaintext email

[swb]

It's funny, but I've heard both the "easy success" story and the "impossible to find anyone" story from both men and women.

One guy I know did multiple dating sites for at least 18 months. This guy is successful computer programmer who also had a law degree, in fantastic shape, very broad interests in terms of movies, music, etc. He went on a half-dozen "coffee" dates and the closest he came to a meaningful relationship was a 3-4 month relationship with a girl with herpes.

His complaint was that he found matching difficult, and when he did find matches he felt that there was just too much competition -- 1 girl for 100 guys, and his perception was they just picked the richest/best looking, etc.

Another guy said he went out on "dates" at least 3-4 times per month, and said he had sex with about 1/3 the girls he "dated" but hadn't gotten involved in a long term relationship. Even if he's exaggerating, he was doing well despite being an accountant/finance flunky, not very attractive, about 50 pounds overweight and so on.

My sister in law did it for a long time and never had any success -- a couple of dates, but nothing lasting more than 3-4 dates. She's attractive, a school teacher who owns her own home and is very "together" and not some kind of emotional basket case / cat lady. As far as I know, she was looking for a more "serious" type of a relationship and not just hooking up (my wife won't let me ask...)

My guess is the gimmick is to not be too hung up on "perfection" either in similarity or in looks, and be willing to try dating people just for fun, but I have a difficult time reconciling all the conflicting stories. I suspect its still easier for women than for men, since culturally we're still a little man-chases-woman. I have a hard time with the notion that you can get easy sex, but when I think about my pre-internet dating habits, it was unusual to date someone more than a couple of times and not have sex with them, and the more I'm exposed to the generation just younger than mine the more surprised at how much less sexually inhibited they are than we were, and we thought we were uninhibited.

Re:Password in plaintext email

[nasalicio]

I've heard this crap time and time again, and I have to wonder if it seriously works. I mean...long term. Besides the obvious fact that "Money will get ladies, but you have to show the ladies that you have it." is basically treating women like whores, the women that accept this pretty much are, in fact, materialistic whores...so I guess they do get what they deserve.

Sorry, but there are plenty of "real" women out there who don't give a crap about this sort of stuff. I know. I have one, and she loves me for being me, not for trying to pretend I'm some playboy wannabe. I am and will always been a jeans/t-shirt person, and I always will be. If a person of the opposite sex is too vain to accept that, then well, they're not good enough for me.

Spending $500 on single outfits is about the stupidest thing I have ever heard of, and I know rich people who spend more than that on just a single piece of their outfits. I don't understand, nor will I ever understand, why. But whatever, it's their money. They can waste it how they want.

Honestly though, if you need $500 outfits and fancy BMW's or whatever to get a girl, then you're obviously doing something wrong. I'd re-think your strategy because sooner or later you're going to need to have a conversation with your date. No money, outfit, or fancy car will be able to help with that.

Re:Password in plaintext email

[silverglade00]

What if she's the teacher and he's the student?

Re:Password in plaintext email

[Americano]

If you listen very carefully, you can hear the sound of the joke passing by high above your head.

Re:Password in plaintext email

[Capt.DrumkenBum]

A flash car is a great way to attract men, not women.
For the record I have an account on POF. That account has a crap throw away password. I met a fantastic and beautiful woman off that site just this past weekend.

Re:Password in plaintext email

[Americano]

There's a happy medium.

Unless you're trying *really* hard to identify with a particular subculture (emo, punk, urban, indie, hipster, apple fans, whatever) by wearing a particular "uniform", then a clean pair of pants and shirts and a pair of decent shoes will generally do the trick for most dates. You don't need to spend $500 on a single outfit. $500 will go a long way at someplace like Old Navy to pick up a few relatively inexpensive pairs of jeans & khakis and some presentable shirts that you can also wear to work.

If you want to do a "makeover" - get yourself a decent haircut, spend a bit of money on a good razor, and spend 20 minutes cleaning yourself up before you go out - shave, trim your nails, and generally make sure you're presentable. Show up looking like you took that 20 minutes cleaning yourself up demonstrates that you care about making a good first impression. I guarantee that she spent at least that much time trying to make herself look good for you, if she was interested enough to agree to meet you for a date.

After that comes the hard part: learn how to engage in "small talk," because you're going to need to do it. Be prepared to talk about things that interest you, and be prepared to listen to her talk about things that interest her. Take an interest in her activities and work, make her laugh, and be polite, and you'll probably get a second date. Dominate the conversation by recounting every gripping moment of the last cartoon you watched, be dismissive of her work and activities, talk about how everybody you work with is a bunch of ignorant fools and you're the only person keeping your company alive... you're probably not going to get that second date.

Re:Password in plaintext email

[cayenne8]

"Wow...treating dating like a corporate job hunt, form letter with demographic research and all. That's super-creepy man."

No..not creepy, it is just a big game, and you have to be willing to play it to get success.

Read the book "The Game"...that is a good place to start to see how early on the PUA (Pick Up Artist) community started studying and analyzing what women look for and respond too. From there, look around for other sources...some guys, the ones that seem to get laid all the time without trying..they are 'naturals'. They do the things that many of the PUA crowd studied and learned to do. If nothing else, looking into this is a VERY interesting study in the human psyche...especially men/women interactions.

But, like anything...if you want success, you have to be willing to work at it..AND be willing to learn what has worked from others. Heck, I've always believed in the C.A.S.E method (Copy And Steal from Everyone).

And playing the numbers game...it makes sense. Heck, I try to make it a point EVERY single day I go out and about in life, to approach and at least say hello to the most beautiful woman I see. This helps to lower approach anxiety...it also helps to meet and approach more women. And, if later that day, I see a better looking chick...I have to go approach her.

So, yes, like any skill....you DO have to learn from others (unless you are a rare natural) and it doesn't hurt to be methodical and logical trying to figure what does and does not work, and tune your game accordingly.

Why do so many men think love and attraction just 'happen'? So many men accept this, yet think nothing of sweating, researching and studying to learn any other skill they wish to attain.

One thing I've learned...and I'm STILL a novice...getting laid or getting a girlfriend, had nothing to do with "getting lucky". It has to do with work and persistence, knowing how to project confidence and other traits women are naturally, primitively attracted to.

Re:Password in plaintext email

[TheGratefulNet]

'weed out the fatties' ?

which website are we talking about, again?

Re:Password in plaintext email

[Americano]

Having spent time on a dating site myself (dated ~15 different girls off & on over the course of about 18 months), I think a big part of being successful is personality & presentation - I'm not particularly stylish, don't wear particularly expensive clothes, and drive a decent-but-nothing-fancy car. I had good luck with 6 of them (2 turned into 3- and 5-month long 'relationships', the rest usually lasted a few dates and involved varying levels of physical involvement), and the rest were just "bad first dates, but great stories" when recounting them to my friends - like the girl who thought "Brokeback Mountain" was a perfectly natural movie to go see on a first date.

If you go into it thinking, "I'm gonna find the perfect girl SOOOO quickly," you'll be discouraged really fast. It's a way to meet people, but that's it - you have to remember that the profiles are only as honest as the person writing them, and that *everybody* on there is going to put their "best foot forward" in their profile - they'll tend to exaggerate the things they think are important/good qualities, and downplay the stuff they know is negative or that they don't realize about themselves.

So, look at it as another way to meet people socially. If you see someone who catches your eye, attracts your interest, or sounds like they'd be fun to meet, say hello. But don't make it your only outlet for meeting people, or if it is your only outlet, bear in mind that it's likely to be a long-ish search, so have fun on the ride - you'll probably get laid a few times, get a whole bunch of "funny-awful first date" stories, and learn more about what you like & don't like in your prospective dates.

Re:Password in plaintext email

[Voyager529]

honestly I think online dating is the most efficient way to find someone you're compatible with.

After a six month stint with eHarmony (and enough wasted money to have built the NAS I'm building this week a year ago), I disagree.

Granted, there is a chasm of difference between our respective goals. According to your post, you're "looking for titties", and that's your prerogative. Personally, I'm looking for a lifelong commitment, so therein may explain the difference between our experiences.

I found two major issues that are foundational with online dating, regardless of service or region. The first is that someone who is writing to you online can determine what to tell you. Obvious as that may seem, it's still an important thing to consider - you don't hear their real reaction. You hear their revised, calculated, desired response. It is simply human nature to avoid conflict in the beginning stages of a relationship, and the fact that it's the written word instead of the spoken word which includes vocal intonations and, if in person, body language and eye contact. It's a LOT of information that's being lost when discussing online that can skew one's perception of the other person. The second issue is that, especially with free services, you still don't ultimately know who you're talking to. There are the people who are the creeps you hear about on the news (i.e. those which the ladies especially tend to be wary of), and then there are simply people who are like me and just plain bad at striking up a discussion from nowhere, with someone who doesn't know you whatsoever. That can be a good thing if your general circles have a general negative opinion of you as it can be a place to start anew, but that's not really a guaranteed ideal situation.

If anyone particularly cares about some of the more specific issues I found with online dating, feel free to ask, but I figured that it'd warrant a tl;dr response. I don't hold anything against online dating sites, but I have noticed that there are issues that it seems no one manages to quantify.

Re:Password in plaintext email

[cayenne8]

"Be prepared to talk about things that interest you, and be prepared to listen to her talk about things that interest her. Take an interest in her activities and work, make her laugh, and be polite, and you'll probably get a second date"

I try to listen to them, and get the woman to talk...que off of thing she says, and keep the conversation going that way.

There has never been a woman on the planet earth that was out with a man, and complained that "she didn't get to talk enough about herself".

One good thing to do...while doing this, try to generate good feelings with her with what she says, get her to associate good feeling from places and stories she tells you...to sitting and talking with you.

And...do NOT do the interview questions...where you from, what do you do, etc. You can start with where are you from, but listen to what she says...if she's from Knoxville, TN...ask her how she liked growing up there. Often if she liked it...she'll mention what she liked about it, if not that is your next question. Get her to tell you about things she did as a kid that she liked.

From things like that, you can usually find something common with your childhood...and you can mention that...in how you now relate to her and her experiences...etc. This is one way to build a rapport, with her....just guide her through conversation...throwing in bits and pieces how you relate to things she does.

There are tons of other methods...but this is a good basic thing anyone can do.

You generally start off a little stand offish...do the banter thing...a good joke...or whatever...and as you start to talk with her and move into the rapport phase of things...when you talk and mention things in common, make sure and reach out..touch her on the arm (but be natural about it)...touching and talking like this, will put you more and more into her trust zone...touch is also VERY important while doing this.

What I mentioned above, is also one reason I almost NEVER go out on a first date to eat at a restaurant, how do you do this sitting across from each other? I like to do something different on first dates...something that stands out from what every other guy she dates does....maybe stop at a bar , have a couple of shots and go to the bug museum..you can talk there, get close to her...etc.

Re:Password in plaintext email

[TheGratefulNet]

ok, so we 'dress up' and show them we have taste in clothes (we don't but we fool them). and THEN what? we are expected to wear that uncomfortable stuff for HOW long?

you may be able to get her attention with better clothes, but those that 'demand' better clothes want you to be fashion concious all the time. are you really ready to CHANGE? I know I'm not. my engineering job lets me be comfortable and its kind of hard to go back once you've had that.

you're better off with a girl who does not care about such surface level things. they are out there, even though its more rare (sigh).

Re:Password in plaintext email

[hellop2]

I think you should get a job as a writer. Good stuff.

Re:Password in plaintext email

[TheGratefulNet]

where does the sugar come in? I did think there was sugar in there somewhere.

Re:Password in plaintext email

[Toze]

Personally, I agree with you; women who pay attention only to how many collars a guy has popped are brainless whores and deserve disdain, not attention. On the other hand, there's a difference between "holy shit bling" and "looking good" and "looking homeless," and I think we both know that nerds left to their own devices tend toward the "homeless" end of the scale. I know nerd dudes who wear fanny packs, T-shirts, and sweat pants to go to the mall. I know a lot of nerd dudes whose "good outfit" is 2-year-old khakis, a worn golf shirt, and running shoes without duct tape.

I'm not saying there's anything wrong with wearing that. I am saying that women are interested in dudes who are going to be able to take them out every so often, and nerd outfits don't scream "I'm a reasonable bet on income levels and personal hygiene." If a nerd wants to attract women, and he's on a dating site, where the other dudes are showing off ripped abs and sweet tans, he may want to move from "homeless" to "I can dress myself and not embarass you when you're seen with me at the movies." Maybe $600 outfits is a bit wonky for most nerds, but the dude said he was loaded. If he wants to communicate that he's loaded and thinks it'll improve his chances, he needs to _look_ like he's got money to spend, or the broke dudes who spent their last paycheck on looking richer than he does are going to land dates, and he won't. Sure, the ladies will be disappointed with the slick-looking guys...

But there's a difference between "I'm okay with dating guys that don't look like the Fonz/Vin Diesel" and "I'm okay with guys that look like they live in a van." And I *don't* think ladies are unreasonable in disregarding guys that dress like crap.

Re:Password in plaintext email

[aliquis]

buttseckz?!

"Ligga?"

Re:Password in plaintext email

[Toze]

A flash car is a great way to attract men, not women.

HAH! XD +1 Insightful, my friend.

Re:Password in plaintext email

[Americano]

You just hit the nail on the head: if your presentation on the first date amounts to an attempt to "fool" the girl into thinking you're some sort of super-stylish fashion plate, you're wasting your time: either it's necessary, and she's not the girl for you, or it's unnecessary, and you're wasting money and possibly turning her off by appearing as a brand-obsessed idiot. Spending a bunch of money on a bunch of expensive clothes is stupid unless you have the money to blow on a whole wardrobe, and it's the type of clothing you wear *all the time,* and you *actually like* the clothing.

But, as I mentioned above, *there is a happy medium* - if your idea of everyday clothing is ripped underwear and a stained tank top, you're going to need to put forth a *little* effort. But a couple pairs of khakis, a couple pairs of jeans, a few decent t-shirts, a few polo shirts, a few oxfords, a decent belt, and a couple decent pairs of shoes will serve you fine on dates & at any job you're likely to get working IT, and can be had for cheap from numerous places.

I'd also suggest, however, that if you find anything more than sweats and a t-shirt to be "uncomfortable stuff," you're probably buying clothes in the wrong size and need to select better fitting articles of clothing. There's NO reason a pair of jeans should be uncomfortable. There's NO reason a suit should be uncomfortable. There's also NO reason why a pair of shoes should be terribly uncomfortable for more than a day or two as they break in and flex around your foot, either. If you're not sure how to pick out something that fits properly: ask for help from one of the employees.

Re:Password in plaintext email

[Americano]

I especially loved the whining about "the futility of reality." That was totally fresh stuff I've never heard from anybody else. Ever. An amazing, original, American voice. Best post of 2011. Front-runner for the Academy Award nod.

Re:Password in plaintext email

[Americano]

I think "the sugar" is what you ask the women for. As in: "Now gimme some sugar, baby."

Re:Password in plaintext email

[Toze]

Good clothes are not uncomfortable. Ties are a pain in the ass, maybe, but if the clothes pinch or sag they're not good. You want to dress like an engineer and be "true to yourself?" Fine and dandy- but you don't get to complain that women "care about surface level things." You don't gaze with unrestrained lust on bag ladies, hot babes don't fawn all over your pocket protector, that's the deal. Personally, I'm into women with massive brains, but I'll pick the one with massive brains and hot legs before I pick the one with massive brains and a dumpy outfit- why expect them to choose differently?

Wearing nice clothes changes who I am precisely as much as TCP headers change the contents of a packet.

Re:Password in plaintext email

[Altus]

I'm pretty sure that's step one.

Re:Password in plaintext email

[MaWeiTao]

Absolutely you have to put effort into making yourself presentable. But you don't need money to pull it off. And a good personality can get you quite far. You don't have to be overly outgoing, but you have to at least be interesting to talk to and be willing to listen. And sometimes it's just about being in the right place at the right time, and especially knowing people. Keep yourself locked in your room, hang out with the same circle of friends, follow the same old routine and it's pretty much guaranteed you're never going to find anyone.

It's really not that hard, but a little bit of self-confidence and good presentation goes a long way.

Flaunting wealth works, but only if you're really wealthy. Most guys will go broke trying to pull that one off.

Re:Password in plaintext email

[halcyon1234]

Dear GOP, the above advice-- plain and simple, do not do it.

You know all that personalize junk mail you get (both e and otherwise)? You know all those personalized phone calls you get from marketers? You know all those "glad to meet you" greetings you get from salespeople?

You know how they all reek of being fake, slightly creepy, and utterly unbelievable?

Yeah, that is exactly the vibes you will be saying to any potential date with a canned response. It comes across screamingly loud and clear. It is excruciatingly obvious that you've just hit her with a Control-C. (Even more so given that many women have friends on these sites, and they will mock you once they both get the same "personalized" letter).

The only thing such a stunt will net you is being put into "that" pile. A generic cattle call that says "You are nothing more than an abstract score to me" will make a deep an lasting first impression-- just not the one you're hoping for.

And yes, I met my wife via a social site. We still get a laugh out of the poorly written, pasted chat-ups she gets that start with "I loved reading your profile...". =)

Re:Password in plaintext email

[SpeZek]

Yes! Read the Game, because women are just like Pavlov's dogs!

Re:Password in plaintext email

[idle12]

> If site sends you your passwords, you should ask them why password hashes are not used.

And get an auto responser to some FAQ that doesn't have anything with what you asked other than it matched 4 out of 5 keywords in your email.

Even if you get a human, the tech support jockey on the end probably A) won't have any clue what your talking about and even if he does B) won't have any power what so ever to change it.

Re:Password in plaintext email

[swb]

Of the three people I knew that did it, only one would I consider having a decent personality, and she was unsuccessful -- and she's otherwise very socially active (well liked, tons of friends, etc).

My sense is that too many people go into looking for something specific, as part of a larger life agenda involving long-term life & family choices or to find some kind of fulfillment they think they are missing.

I think these people are disappointed the most but mostly because their goals are unrealistic, either online or in real life.

Re:Password in plaintext email

[Leebert]

If site can email you your password, it is not just bad. It is sign of fscked up security.

Not necessarily. It really depends on what exactly it's protecting. Security isn't full of absolutes.

For example, GNU Mailman will e-mail you your password in plaintext monthly. It goes out of its way to tell you when you first create the password to tell you to not use a valuable password. But all it's protecting is your mailing list preferences, so it's no big deal.

(Yes, in this case, clearly personal and financial information were leaked, and it should have been designed far more securely)

Re:Password in plaintext email

[Americano]

I'm trying to work up a good self pity and you're not helping.

I don't know, I'd expect that being kicked while you're down would only help you get into a really deep "self pity" state.

You're welcome.

Re:Password in plaintext email

[cayenne8]

"Yes! Read the Game, because women are just like Pavlov's dogs!"

Well...we all ARE animals....and we have behaviors and wants and needs that do work on that low level. You just need to modify things to make it work in today's world.

The Game is a bit old and long in the tooth..but it does set down a good idea of how to start learning how women work...and start to relate to more modern works.

And at the very least...it is hard to argue with what does work for many men.

Re:Password in plaintext email

[Omestes]

The best methods are probably patience, and being yourself (honesty in general), at least for catching a serious, long term, girlfriend.

I met my long term girlfriend (been dating for around five years, living together for two) in college. I drank too much, dressed like a moron (well, jeans and black t-shirts with boots or sandal.... when we met camo and chains with a shaved head), ran around like an idiot, got into long rants about politics, religion, philosophy, computers, Star Wars, and such. I was also a pretty large egotistical, pompous asshole (though I turned into a mere moderate one). She was rather normal, not into pretty much anything I was into. If we would have met 5 years earlier we would have hated each other on sight. Then somehow we end up dating. No pretension, no trying, no lying about who I am. We got along, warts and all.

I always ponder why people feel the need to lie, or do extensive self-engineering, and come up with huge complex strategies just to date. I'm a nerd, I'm merely average in appearance. Being a nerd I'm socially awkward, and prone to strange behavior and transitory obsessions. I've never had a hard time with relationships (outside of the 4 year period that I quit trying because of a nasty breakup). Sure, girls don't flock to me as if I was rich, or some athletic wunderkind, or a good member of some cool subculture. But I've managed to have some form of girlfriend pretty much my whole life since turning 18, a couple of whom were long term. I've never tried to impress (girls are as smart as you are, they can tell your full of shit, or desperate), I've never read a book on it, I've never drawn up a flow chart.

Most of the girls I've dated told me that they dated me because I WAS myself, and confident in being myself. Put yourself in their shoes, how many idiotic men are approaching them trying to be something they are not (impressive)? Girls are people too, respect them, be honest with them, and don't be fake around them.

Yes, there are girls who are material whores, who want men with large bank accounts, fast cars, and won't look at you unless you own at least one expensive suit. Who cares? They are shallow and vapid, and would make a shitty girlfriend (longterm) for a geek. If your looking for a one night stand, they are fine, if your going for anything bigger, then let them be whores (sex for money = whore).

Re:Password in plaintext email

[cayenne8]

The trick is...you don't put your template together with cliche stuff...start with something you'd write to one person.....leave space to put something personal in it...

And also...your first email is not going to be a tome telling everything about yourself....you want it to be brief...and leading to meeting in person.

You WANT to keep emails to the bare minimun....save most of what you want to talk about (mostly her) for doing in person.....keep as much mystery about yoursel...you want HER to statt to want dig in and find out who you are..don't volunteer too much...etc.

And..you do need to contact as many chicks as possible on these sites....play the numbers game.

Re:Password in plaintext email

[russotto]

You know, I've heard this repeated so many times, but I can't even get a response from girls on dating websites despite not only having a job, but a well paying job. Yes, I'm a nerd, but still. You'd think I could at least get a response...

You probably can't change your personality, so you might want to work on the hygiene and clothing angles.

I'm going to go cry into a wad of cash now.

Or try posting this on the dating website. Though I'd be worried that anyone who responded to that would have a boyfriend with a blackjack.

Re:Password in plaintext email

[cayenne8]

And one thing I learned.

For some reason...women look at and notice SHOES. Get a couple of nice pairs of shoes. Dress shoes.at least one pair with laces, and spend at least $170 or more on them.

Women know shoes....and do notice, often the 1st or 2nd thing about you what is on you feet. I don't understand it, but then again...don't have to, just do it.

Re:Password in plaintext email

[eugene+ts+wong]

I knew. I'm in the Metro Vancouver area. I've been to many churches, and it's common to have them, as far as I can tell. 1 of them even gives credit towards a college education.

Re:Password in plaintext email

[corsec67]

This.
That they even KNEW my password was bad enough, but to express that every single week was just insane. (They should only know a salty-hashed version of my password, and never be able to recover it under any circumstances)

It is like these people never took security 101!

Re:Password in plaintext email

[pyrrhonist]

Go on...

Re:Password in plaintext email

[canadian_right]

POF has lots of women as it is free, and it has a very simple, useful interface. And a big plus is the number of out right prostitutes is quite low. Depending on what age bracket you are in and your location the quality of available women varies a lot. As you get older the "good ones" really do get taken.

I found on average I got one response per ten emails sent out. Out of that ten maybe half would seem worth a first coffee date after the usual handful of emails followed by a couple of phone calls. DON'T drag out the emails unless you just want a pen pal. Ask for the phone number after 3 or 4 emails. If the phone calls go ok ask for a date after 2 or 3 calls. DON'T drag things out.

Don't lie or exaggerate on your profile. Don't be profane or rude. Spelling and grammar counts. Don't brag about guns or body parts. DO tell all the important stuff: kids, goals, etc...

First dates:

• 20% out right lied about age, photo, forgot to mention the three kids under age 5, etc...
• 20% not over the divorce and just complain about ex for an hour
• 20% gold diggers - this usually is obvious after the first phone call.
• 30% just no mutual chemistry - that is no ones fault.
• 10% worth a seconds date.

Took me 6 years to find anyone I wanted to date more than 4 times, but I'm picky and not the typical macho-male many women seem to want. I'm also over 40 so everyone has baggage, myself included. And if a women seems to have read "The Rules" or otherwise playing games - don't see them again.

I'm thinking this would not take as long for younger men as there is a higher percentage of single women available, and I imagine most guys are not quite so picky. Nothing like a failed first marriage to teach you want to look for in a good woman.

Re:Password in plaintext email

[jjohnson]

And yet, every day, straight white men without college degrees work at jobs they find meaningful and fuck women they find attractive.

I knew a guy who placed second in the state wrestling championship in high school, and decided he didn't need college. Then he knocked up his girlfriend and developed a nasty coke habit. Knocked up two other women, one twice. Wrecked everything in his life, and racked up a five figure debt to his dealer.

I knew him about 15 years after this, at the factory at which I was the IT manager. That guy was the inventory supervisor. He had a wife who ran a basement daycare so good that my brother and his wife used her for their firstborn. On his time off he detailed cars--I paid him $80 to detail mine, and he did a fantastic job of it too. He still received an annual beating from his dealer, but was steadily paying off that debt, so the beating was, at that point, just one good punch to the face. He was looking forward to the first bastard he made turning 18 so that the child support would stop and he'd have some extra money. He never missed a payment on any of his four kids.

So, you can be a pathetic basement-dwelling pity junkie, or you can deal with the world as it is, rather than how you fantasize it should be, and make your way in it. It's up to you.

Re:Password in plaintext email

[vegiVamp]

See, that's another of those silly prejudices. I'll have you know that the vatican is an equal opportunity abuser, and that we currently have nuns accused of child molestation, as well.

Re:Password in plaintext email

[tehcyder]

Meanwhile, in the rest of the civilized world "Sunday School" refers solely to establishments for the religious indoctrination of middle class children.

Re:Password in plaintext email

[tehcyder]

The guy who runs it makes like $1mil+ a month in ad revenue

How can you possibly know that? are you his lawyer or accountant or something?

Re:Password in plaintext email

[tehcyder]

You sound like a fucking sociopath, good luck in your search for true romance.

Re:Password in plaintext email

[tehcyder]

"In this country, you gotta make the money first. Then when you get the money, you get the power. Then when you get the power, then you get the women."

Tony Montana was right.

Yeah, follow Tony Montana's rules for life, you can't go wrong.

Re:Password in plaintext email

[tehcyder]

spend 20 minutes cleaning yourself up before you go out - shave, trim your nails, and generally make sure you're presentable. Show up looking like you took that 20 minutes cleaning yourself

I can't believe that anyone over fourteen needs to be told this.

Re:Password in plaintext email

[tehcyder]

You seem to be putting way too much thought into all of this, why not just go out and enjoy yourself and see what happens?

Re:Password in plaintext email

[tehcyder]

Or he could just fucking grow up a bit.

Re:Password in plaintext email

[tehcyder]

He still received an annual beating from his dealer, but was steadily paying off that debt, so the beating was, at that point, just one good punch to the face.

Who knew drug dealers were so meticulous and reasonable?

Re:Password in plaintext email

[arth1]

POF has lots of women as it is free, and it has a very simple, useful interface.

Are you implying that women are penurious and that interfaces men would use are too complex for them?

And a big plus is the number of out right prostitutes is quite low.

... and that hidden prostitution is better than open?

I imagine most guys are not quite so picky

Men may not be as picky with who they fuck. But I believe we are just as, if not more, picky when it comes to marriage. Getting cold feet tends to be a male thing.

Re:Password in plaintext email

[Americano]

It's surprisingly fresh advice for a lot of guys, from what I've heard from female friends who are dating. It seems like "be yourself," often turns into, "be the Sunday morning after a 2-day-bender version of yourself."

Re:Password in plaintext email

[cayenne8]

"You sound like a fucking sociopath, good luck in your search for true romance."

Really? Wow..that's pretty strong language.

I'm fairly successful, and pretty happy. Am I looking right now for really LONG term, permanent live in or marriage in a woman. No. Not looking for that.

I like variety...and actually, I like dating multiple women at once, keeps me from getting bored...etc. And yes...I'm up front about this too. If a girl doesn't like that, well, she's free to go on about her merry way and I wish her the best of luck.

Am I saying I'll never find one and just settle down? No...I'm open to that. I've had several long term (4-7+ year relationships) with women...been engaged once..lived with some...etc. But just never felt with any of them, I could just stay with them forever, that is just not me. I'm still friends and in contact with most of them...

Anyway, I dunno why the harsh words...meeting, dating, and yes...bedding women, is a skill just like any other a man can learn. And it takes work and study like any other skill, but for some reason, society has made men think it is something that just 'happens'...well, it 'can' but very seldom does.

Re:Password in plaintext email

[cayenne8]

"You seem to be putting way too much thought into all of this, why not just go out and enjoy yourself and see what happens?"

I DO enjoy myself...but I also enjoy results. I got tired of the old days...going out - nothing. going out - nothing...etc.

I rather like going out and getting results...numbers, dancing, fun...next dates...and yes...SEX.

Re:Password in plaintext email

[danbert8]

I meant this as a funny comment, but as there were so many inqueries I can give some more info.

My job pays over 75k/year (pre-tax unfortunately), I am 24, have no debts (already paid off college), own a 1 year old car, and play a decent number of sports. I'm an old fashioned guy, would never cheat on anyone, and have decent manners. My flaws (that I can think of, since no girl will tell you the true reason she won't date you) are that I am pretty awkward until one gets to know me, I tend to be right too much, and maybe I believe in saving sex for marriage (maybe the ladies want sex?).

Tried POF, never had any luck. I have been on OKCupid for almost a year, and have had a few first dates, many fewer second dates, and no serious relationship. I've sent probably close to 250 messages over the course of the year, maybe got 25 girls that actually responded, maybe 10 of those turned into first dates, and only about 5 into second dates. All my messages were personalized and unique.

The real problem for me is living in a small town decently far from any metro area. If I lived in a populated area, I'm sure I'd get more matches, but sadly my well paying job is not in a major city.

Also my standards have not been high thus far, and I've only ruled out drug users and single mothers at this point. But if they can't spell it doesn't attract me (yes, I'm a grammar nazi...). But I'm sure there is someone out there for me.

In summary, if there are any single ladies on Slashdot that are interested in living in a medium sized town in Ohio. Let me know. (but really, who am I kidding?)

Re:Password in plaintext email

[CCarrot]

I'd mod you up if I hadn't already posted. Reading your description vs cayenne8's cold calculations, I certainly know who I'd date.

My husband and I are the same way, we didn't try to hide our warts from each other, even when we first met. I couldn't have cared less what car he drove, or how much money he made, it was his natural openness, kindness and lack of posturing that attracted me in the first place.

I do appreciate a sense of style and hygiene, but honestly, the uber-dapper fellows that think they're all that because they're wearing a Luis Vuitton jacket, designer clothes and a $200 haircut always turned me off, since their personality tended to be about as deep as their clothing. How many of the women cayenne8 has 'dated' would've actually have agreed to even be in the same room with him if they had had a chance to read about his 'strategies' here? Being two-faced seems to work for some people (read 'salesmen'), but unless your only goal is a quick roll in the hay, it's definitely not a long term option.

(and yes, I'm a geek girl on /.)

Re:Password in plaintext email

[CCarrot]

Lol - I actually wrote this post in hurry, because I'm working (compile time, ya know ;-)

Point taken, but if lusting after boobs makes me a deadbeat, then I know I'm not alone! As one of the replies said, deadbeats are the guys that don't shower, work, or have manners.

Fair enough, however lumping women into categories like 'fatties' and 'uglies' really doesn't say much about you either...or maybe says a little more than you meant to reveal? I know, I know, men are visually oriented, but still, c'mon man!

And I'm glad you shower, work and have manners, especially while compiling! Good job! ;p

Re:Password in plaintext email

[Omestes]

(and yes, I'm a geek girl on /.)

Nope. You can't be a girl, Slashdot doesn't have girls, you're on Slashdot, therefore you can't be a girl. The tautology proves it.

I do appreciate a sense of style and hygiene, but honestly, the uber-dapper fellows that think they're all that because they're wearing a Luis Vuitton jacket, designer clothes and a $200 haircut always turned me off, since their personality tended to be about as deep as their clothing.

Hygiene is good. I probably would never date someone who completely failed at it. I should have qualified my reply a bit more. Wash your clothes, shower, shampoo, brush your teeth. These shouldn't be mentioned, but knowing some of the geeks I know I suppose it has to be. My best friend, who is a raging nerd, washes his hair less than once a month... Its a bit gross. Somehow he got married (well, I hooked them up), so I guess even that isn't the end of the world.

Women who over dress, over make-up, and over perfume (IMO any perfume is too much...) are also a bit of a turn off. I live in Arizona and there is a whole horde of women with artificial tans. I'm a nerd, yet I somehow manage to stay tan here by just walking to the car and doing light yard work. Not the scary "leather skin" look that is so chic here though.

Same thing with fitness. While fit people are generally more attractive, you can over do it. Trying to look like a supermodel is a bit off putting.

Basically the more work you put into looking good, the more leery I get. There are exceptions, sometimes dressing very well is acceptable (fine dining, etc...), but if your going to IHOP, its a bit scary.

Re:Password in plaintext email

[CCarrot]

(and yes, I'm a geek girl on /.)

Nope. You can't be a girl, Slashdot doesn't have girls, you're on Slashdot, therefore you can't be a girl. The tautology proves it.

Well then you'd better not tell my husband! ;)

Yes, I fully agree. People who obsess that much about their appearance *every day* are generally more interested in themselves than any potential partner, in my experience. Hygiene is also definitely a plus, as long as they don't take it too far. I prefer a man who's not afraid of a little dirt now and then, and won't freak out if we're camping and he can't wash his hair every day, or even has to (gasp!) wear the same shirt two days in a row...

Same thing with fitness. While fit people are generally more attractive, you can over do it. Trying to look like a supermodel is a bit off putting.

Not to mention that love handles are adorable...;)

btw, how did you like the click-fest to see this reply? I really hope Slashdot fixes this new interface soon, it's so much clunkier than the old one...

Re:Password in plaintext email

[Omestes]

When I was in college I shared a bathroom with a guy who spent around 45 minutes pruning himself every morning and evening. He must have went through $300 of hair product per month, and more in cologne. This was before "metro-sexual" was in the vocabulary. After that I shared the bathroom with a guy who had, literally, a grand worth oral hygiene accessories (he bragged about it, and mocked my $1.50 Target brand toothbrush).

btw, how did you like the click-fest to see this reply? I really hope Slashdot fixes this new interface soon, it's so much clunkier than the old one...

If Slashdot was a girl, currently, I would leave her at the curb. I find it very odd that no one seemed to test this 3.0 stuff before rolling it out. Having the ability to display italics is a VERY basic thing, for example. You can mess with the threshold slider instead of hitting every "re:" though, to expand all the comments, a bit easier, but still frustrating.

Does anyone who re-designed this site, use this site?

Re:Password in plaintext email

[strikethree]

"Please confirm that you weren't the teacher, and she's not a student in this class..."

What makes you think it was a "she"?

(and yet another prescient CAPTCHA: confides)

Re:Password in plaintext email

[_0xd0ad]

btw, how did you like the click-fest to see this reply? I really hope Slashdot fixes this new interface soon, it's so much clunkier than the old one...

I have a bookmark called "Slashdot - Open parent tree".

It looks something like this:

javascript:for(var%20d=document.getElementsByTagName('div'),i=0,e;i<d.length;i++)if(d[i].className=='currcomment'){e=d[i].id.split('_').pop();i=[e];while(document.getElementById('tree_'+e))i.push(e=document.getElementById('tree_'+e).parentNode.id.split('_').pop());while(i.length>1)if(document.getElementById('tree_'+(e=i.pop()))&&document.getElementById('tree_'+e).className.indexOf('oneline')>=0)D2.setFocusComment(Number(e));setTimeout('D2.selectParent('+i.pop()+');',500);i=d.length;}void(0);

But yeah, it would be nice if Slashdot would make a "selected" comment automatically open its parent comments. You know, so you could actually see it. And this applies to "unread" comments that get opened by keyboard navigation shortcuts, too...

Re:Password in plaintext email

[Toze]

I wish I could post and mod. I'll have to be satisfied with a post and nod; I've got a $250 pair of leather shoes I use when I want to inspire lust. ;3

Re:Password in plaintext email

[CCarrot]

Does anyone who re-designed this site, use this site?

The evidence would suggest not, unless the admin interface is substantially different (and less buggy) than the casual user interface...

Thanks for the tip on the slider, by the way! I hadn't bothered to try it, since it was always showing full comments even when the only comment visible was the root. Grabbing it and wiggling it back and forth to shake open the tree sure saves a lot of clicks, but still doesn't help my poor, poor scroll wheel...

Re:Password in plaintext email

[CCarrot]

Yikes! That's alotta script, just to see the parent comments!

But yeah, it would be nice if Slashdot would make a "selected" comment automatically open its parent comments. You know, so you could actually see it. And this applies to "unread" comments that get opened by keyboard navigation shortcuts, too...

You got that right. I also wouldn't mind seeing at least the stubs of all replies to a selected comment...right now, if two or more people reply to a comment, we have to play the "let's find the reply" game on each one individually...it's as painful as having to connect phone calls one at a time through an old-fashioned switchboard, when what I really come here for is the cool conference call features...

Re:Password in plaintext email

[religious+freak]

Eh, I'm a shallow bastard I guess. I can't stand a chick with no brains, but I don't like fat chicks or ugly chicks either. Luckily, I'm born with decent genetics by luck of the draw so I can afford to be a little picky. Also, generally speaking, I think most guys would do exactly the same thing (and definitely most women), they may just be more indirect in how they classify their actions. But this is the Internets so crass comments are the norm.

Plus I'm an incurable smartass.

Re:Password in plaintext email

[_0xd0ad]

Yikes! That's alotta script, just to see the parent comments!

The current incarnation of it is "Slashdot - Fix discussion keybindings" and looks like this:

javascript:if(window._k);else{window._k=function(e){try{if(e.target.tagName=='TEXTAREA'||e.target.tagName=='INPUT'||String('\rADFGSW\xbc\xbe\xdb\xdd').indexOf(String.fromCharCode(e.keyCode))<1)return;}catch(e){};var%20t=setTimeout(function(){for(var%20z=document,d=z.getElementsByTagName('div'),i=0,e,c=0;i<d.length;i++)if(d[i].className=='currcomment'){e=d[i].id.split('_').pop();i=[e];while(z.getElementById('tree_'+e)&&z.getElementById('tree_'+e).parentNode.id!='commentlisting')i.push(e=z.getElementById('tree_'+e).parentNode.id.split('_').pop());while(i.length>1)if(z.getElementById('tree_'+(e=i.pop()))&&z.getElementById('tree_'+e).className.indexOf('oneline')>=0)D2.setFocusComment(Number(e));setTimeout('D2.selectParent('+i.pop()+');',100);i=d.length;}},100);};window.addEventListener("keydown",window._k,false);window._k();};void(0);

But, you only need to click the bookmark once per page now (not once per post that you should see and don't...).

It's ... mostly not too glitchy.

It seems like it should be a greasemonkey script. But I'm not much good at writing those.

I also wouldn't mind seeing at least the stubs of all replies to a selected comment...right now, if two or more people reply to a comment, we have to play the "let's find the reply" game on each one individually...

Yeah, that would be nice.

Re:Password in plaintext email

[CCarrot]

Yeah, that would be nice.

Aha! I was going to ask you how you got italics when the <i> tags aren't working, but I see you used <em> tags instead. Cool, thanks!

Also, thanks for sharing your script, I'll have to try it when I get a chance. Hopefully (fingers crossed) it won't be needed for too much longer...

Cheers!

Your mom...

[meerling]

So an immature but technically competent jerk cracked you computers and is now trying to get your companies lunch money, metaphorically. Your response is, among other things, to tell his mom.
O_o
You know, that sounds about right.

Re:Your mom...

[jd]

Strange. I thought it sounded more like a line from Regular Show.

Re:Your mom...

[Demonantis]

I wish the world worked that way. Instead of people being all sue happy. It would be more about what is justice then who has the most money.

Not surprised

[Zexarious]

Not surprised that site got hacked and is full of incompetent developers and people. If you go there every other sentence has some huge grammatical error in it. The guy running it is completely illiterate. The design is horrible too. I'm sure nobody there knows what's going on at all! Who uses MSSQL?!? Get for real. I thought it was funny that the sentence 'there is a serial killer murdering people from the website' was said all non-nonchalantly in the article.

Re:Not surprised

...If you go there every other sentence has some huge grammatical error in it. The guy running it is completely illiterate.... Get for real.

Those who live in glass houses shouldn't throw stones, wouldn't you say? Your grammar is not exactly tip top yourself... What the hell does "Get for real" mean, I mean, in a proper english sense.

Re:Not surprised

[RightSaidFred99]

Who uses MSSQL?!?

Lol. Professionals? I suppose instead they should use some open source DB? You _totally_ know what you're talking about, dude.

Re:Not surprised

[Joe+U]

Who uses MSSQL?!?

The same groups that use Oracle and Sybase. People who care about database performance and support.

Re:Not surprised

[Zexarious]

Is that why we're commenting on a story about how that thing got hacked in like 4 seconds by some argentinian guy and his mom?

Re:Not surprised

[Anachragnome]

"...I thought it was funny that the sentence 'there is a serial killer murdering people from the website' was said all non-nonchalantly in the article."

One of those cases where the tangent is more interesting then the original thread, if you asked me.

Re:Not surprised

[Joe+U]

You sound like you think SQL injection attacks have something to do with database platforms and not poorly written application code.

What I would like to know...

[benjymouse]

How would a "security researcher" know that a SQL injection bug was being actively exploited if he just uncovered the bug himself?

This sounds a bit odd as using a SQL injection to expose the users' details would require you to deliberately manipulate querystring parameters or form fields. The results will display in your own browser. How would he know whether anyone else were doing this? Was it because he really didn't uncover it himself but found the 30.000 users' details somewhere else?

No, this sounds a lot more like someone mildly proficient (you can use automated tools to find SQL injections so this is just one level above script kiddie) found a bug and wanted to capitalize on it. To underline the seriousness he embellished a little on the "being actively exploited".

I take it that POF has server logs and that they can tell from those whether anyone else exploited the bug.

Re:What I would like to know...

[arth1]

We only have the site owner's word for the claim that the hacker claimed it was actively exploited.

Does this web site operator really strike you as the most trustworthy of characters?
(Not that we have any reason to trust Mr. Russo either -- that's the point, it doesn't have to be black and white.)

Take a step back and look at the few things we DO know:
- The site employed poor security practices
- The site was hacked
- The hacker contacted the site owner

Anything beyond this is at this point hearsay.

Re:What I would like to know...

[dmesg0]

What he says is that this kind of vulnerability is actively exploited by hackers, not necessarily on this particular site. It's not something very specific to the site, but a common technique, so the site is under very high risk.

Re:What I would like to know...

[Ash+Vince]

We only have the site owner's word for the claim that the hacker claimed it was actively exploited.

Does this web site operator really strike you as the most trustworthy of characters?
(Not that we have any reason to trust Mr. Russo either -- that's the point, it doesn't have to be black and white.)

Take a step back and look at the few things we DO know:
- The site employed poor security practices
- The site was hacked
- The hacker contacted the site owner

Anything beyond this is at this point hearsay.

Conducting unrequested and unauthorised penetration testing is a criminal offence, and that should always be the case. Otherwise you could have too many people who get caught hacking and then just hide behind the excuse that they were just doing some penetration testing and were going to notify the site owners if they found anything.

The reality is that a large number of sites out there have vulnerabilities as not every site can afford to have their site penetration tested on a regular basis. Coders can do their best but they are only human, and hence they occasionally make mistakes. It only takes a single mistake made on a Friday afternoon while the office was winding down and you can be vulnerable.

Not every business model can support the profit margins needed to support expert code reviews and penetration testing of every new release, especially while the entire economy shrinks and both companies and the public have less money to spend. Since creating an absolutely secure site is both very expensive and often not entirely understood by management it is a very easy corner to cut.

Hacking a site you have nothing to do with and then contacting the owner to offer your security services in return for payment is a little too close to extortion for my liking.

Re:What I would like to know...

[Stiletto]

The reality is that a large number of businesses out there do not have front doors, or keep their doors wide open, as not every business can afford to have their office facilities penetration tested on a regular basis. Maintenance staff can do their best but they are only human, and hence they occasionally make mistakes. It only takes a single mistake made on a Friday afternoon while the office was winding down and you can be vulnerable.

Not every business model can support the profit margins needed to purchase doors, close them, and lock them, and penetration testing of every building entry and exit, especially while the entire economy shrinks and both companies and the public have less money to spend. Since creating an absolutely secure facility is both very expensive and often not entirely understood by management it is a very easy corner to cut.

Re:What I would like to know...

[cyber-vandal]

Emailing your users their passwords in plain text suggests that someone needs to learn some basic things about security, since he doesn't seem to me to be taking reasonable steps to comply with data protection laws.

Re:What I would like to know...

[Ash+Vince]

Emailing your users their passwords in plain text suggests that someone needs to learn some basic things about security, since he doesn't seem to me to be taking reasonable steps to comply with data protection laws.

Not sure about the US as I am a resident of the UK but our data protection laws do not prohibit sending a user their username and password in plaintext via email. I would be very surprised if any countries laws prohibit this as a great many sites send password reminders if you forget your details.

Sending an unrequested reminder on a weekly basis is however somewhat stupid but you did not mention that aspect in your post.

Re:What I would like to know...

[Ash+Vince]

The main difference is that any old fool can tell if a door is left open, but penetration testing requires specialist skill and is very expensive.

If you can find me a professional penetration testing company who charge the same hourly rate as we currently pay a janitor to go round at night and check the doors are all locked then I will give them a shitload of business and you can have a referral fee of £500. Janitors cost about £8 per hour here in London at most.

Also, if a door is left open at night the first person in the next day can easily tell, securing a website is not so easy.

So you analogy was utterly worthless from every perspective.

sounds like extortion, assuming the email is legit

[seifried]

Assuming the Plentyoffish guy isn't lying (a definite possibility): http://plentyoffish.wordpress.com/2011/01/31/plentyoffish-hacked/ states:

They then start talking about money because they need to incorporate a company that can deal with companies outside of Argentina and that will cost $15,000. They also needed to know if they were going to make over $100k/year or 500k/year as that would require different registrations

I just looked it up online and found no mention of needing different incorporation types for dealing with customers only in Argentina vs. external to Argentina, The highest fee I found online (although I'm sure there are companies willing to charge more) was USD $1760 to form a "Sociedad Anónima" vs. USD $1370 to form a "Sociedad de Responsabilidad Limitada" (sounds like a standard Limited Liability Corporation, but I'm not an Argentine business lawyer so I could be wrong), far short of the $15,000 they are asking for.

Hyphens

[Barefoot+Monkey]

I realise that this is somewhat off-topic, but it can't be a good idea to have a dating site with a domain name that reads as "plenty offish". When will people learn to use hyphens in domain names?

Re:Hyphens

[arth1]

Ask the good people at penisland, expertsexchange and powergenitalia that :)

Re:Hyphens

[Stregano]

LOL, I know about experts-exchange since I have been there, but the other 2 I can't figure out outside of the awesomeness that they are in this context

Re:Hyphens

[arth1]

Yes, expertsexchange.com wisely changed their name to experts-exchange.
I'm not sure whether pen-island and powergen-italia.it have done the same. :)

Re:Hyphens

[jd]

Why bother with hyphens? plenty.of.fish doesn't use any more characters and is arguably more readable. Yes, it means you have to worry about "fish" being taken, but fish.co is currently listed as available (it's a parked address) so plenty.of.fish.co would be a perfectly good registration. For now.

The main benefit of having it done like this is that whoever owns fish.co can resell names from that without conflicting with their own site. You can't really do the same with offish.com.

Re:Hyphens

[jd]

There is no current owner of fish.co, so plenty.of.fish could buy it.

Second, it's not cyber-squatting if you're selling a subdomain. I'd regard it as far more ethical and far more in line with the notion of a domain heirarchy to encourage even-handed reselling of subdomains.

Third, why would there be any track of hits? There may be a certain number of hostname lookups (not usually tracked by anyone), but nobody would go through anyone else. All the fish.co owner would be doing is renting a prefix, just the same as any top level domain owner does.

Fourth, if I wanted to call foul on DNS abuse, I'd call foul on having businesses own one domain name per product plus their own corporate domain name, all coming directly off the TLD. It makes reusing common words extremely difficult, it clutters the TLD, it makes searches slow, and it is bloody stupid. It also isolates the product from the brand, effectively de-branding what is being sold, which even hurts those following the practice.

Re:Hyphens

[MechaStreisand]

Penisland probably hasn't, as their name is spelled without a hyphen on purpose. Too bad their pens are never in stock.

Re:Hyphens

[Mr+Z]

And don't forget molestationnursery... (Of course, they did eventually change their domain to molerivernusery. The old one goes to some NSFW domain yoinker.)

Plenty of Fish was never secure

[Japong]

Tried Plenty of Fish for a shortwhile - as a default, the service will mail 'new matches' to the email account you registered with every few days. These emails contain a a plain-text version of your password (which essentially reads as "Remember, your password is :XXXX123").

It's not entirely surprising that the site had its security compromised.

Re:Plenty of Fish was never secure

[Digicrat]

Indeed.

No secure site should even have the ability to read your plaintext password from the database, let alone email it to you on a regular basis. The only (potentially) secure password database is the one that's encrypted with a one-way hash.

Re:Plenty of Fish was never secure

[sorak]

As a side, when gawker got hacked, they had the one-way hash, and either no salt, or a known/guessable salt. Simple passwords have still been discovered, via a dictionary attack. So, you were right to put (potentially) in there.

Re:Plenty of Fish was never secure

[sangreal66]

Gawker's hash was salted with a random 2-digit string. The salt was known because it is included in the hash (standard behavior -- you need the salt in order to reproduce the hash when the user enters the password). The problem is a salt isn't really a protection against a brute force or dictionary attack on a single one-way hash. A salt is used to prevent you from using the results of your efforts on one hash on another hash. It's a defense against pre-computed rainbow tables (generating every possible hash), as you need a separate rainbow table for each salt value requiring significantly more space.

In short, in Gawker's case, two people with the password 'password' would have 2 different hashes, but if you ran a dictionary attack on each of them it wouldn't take any time at all to figure out that both passwords are the same. While you have to reproduce the effort twice, that effort is trivial. That is why they were able to point out all the users with simple passwords but not decrypt the entire database. You could still, however, simply brute force any single user in the database if you so choose.

Re:sounds like extortion, assuming the email is le

[Zerth]

If I got an email that looked like:

Hi, I'm a security researcher from Buenos Aires, Argentina.

The Last Friday 21 of Januray, we discovered a vulnerability in www.plentyoffish.com exposing users details, including usernames, addresses, phone numbers, real names, email addresses, passwords in plain text, and in most of cases, paypal accounts, of more than 28,000,000 (twenty eight million users). This vulnerability was under active explotation by hackers.

I'd assume it was somebody trying to scam me.

The security reasearcher's story

[wiredog]

here.

I bet PoF used double Rot-13 encryption.

Re:The security reasearcher's story

[suso]

I bet PoF used double Rot-13 encryption.

Wow, that sounds like a very secure algorithm, where can I get it?

Markus' Email to Chris Russo

[Japong]

Quoted from Russo's response:

If this data goes public I am going to email every single effected user on Plentyoffish your phone number, email address and picture. And tell them you hacked into their accounts.

Then i'm going to sue you In Canada, US and UK and argintina. I am going to completely destroy your life, no one is ever going to hire you for anything again, this isn't piratebay and we definately aren't fooling around.

Markus.

Re:Markus' Email to Chris Russo

[royallthefourth]

I'm sure Chris Russo's attorney would have quite a fun time talking about the libel were Markus to actually sue after doing such a thing.

Re:Markus' Email to Chris Russo

[papasui]

Not really libel if he actually did it. Just sayin.

Re:Markus' Email to Chris Russo

[papasui]

In summary, if you act like a fucktard to the wrong people, they might do bad things to you. Karma

Re:Markus' Email to Chris Russo

[ocdscouter]

Why 'argintina', I wonder?

Re:Markus' Email to Chris Russo

[El_Muerte_TDS]

Maybe because said hacker is from Argentina

Re:Markus' Email to Chris Russo

[gfreeman]

Perhaps it's a country that's definately been effected.

Re:Markus' Email to Chris Russo

[thetoadwarrior]

It's a country maybe that POF operates in (possibly with an office set up there) and would be friendly to their lawsuit?

Re:Markus' Email to Chris Russo

[sik0fewl]

It's east of chili, duh.

Re:Markus' Email to Chris Russo

[omglolbah]

In the UK it can be libel even if it is true.

That is one of the reasons so many assbags(alleged) sue there ;)

That *was* the traditional penalty

[billstewart]

Back when Cheswick and Bellovin were doing the original Bell Labs firewalls, and caught a Dutch teenager trying to hack into their site, the Netherlands didn't have any computer security laws that made it illegal. "So we called his mom...."

Re:That *was* the traditional penalty

[Kizeh]

Happened to us at work in the '90s. That being said, having a few officers knock on the door of a suburban home and having a discussion with the parents about the possible felonies the family's offspring is engaged in seemed to have the desired effect.

Re:That *was* the traditional penalty

[dutchwhizzman]

I happen to know that "teenager". He dried up pretty well behind his ears and is doing well in ICT these days.

Aren't all Dating sites more or less hacked?

[McNihil]

Who in their right mind believes anything on plentyoffish.com, match.com, date.com, cupid.com, eharmony.com... All they are optimized to do is to increase the likelihood NOT to find the correct partner so as to get as much free money as possible. Not doing it this way would be an epic loss of opportunity from a business point of view.

Re:Aren't all Dating sites more or less hacked?

[Chalex]

First, OKCupid is free. Second, what you're saying is that car manufacturers should sell us cars that break down after a year so that we're forced to buy new working cars? That's not how it works.

Re:Aren't all Dating sites more or less hacked?

[morari]

Second, what you're saying is that car manufacturers should sell us cars that break down after a year so that we're forced to buy new working cars? That's not how it works.

Actually, I'm pretty sure that is how it works. Cars are not terribly reliable contraptions, and purposefully so.

Re:Aren't all Dating sites more or less hacked?

That's not how it works.

Unfamiliar with the term planned obsolescence?

Re:Aren't all Dating sites more or less hacked?

[BBTaeKwonDo]

As a general rule, cars have been getting more and more reliable every year. They don't make them like they used to, and that's a good thing. Are there still preventable defects in cars? Sure, but they're getting fewer and farther between.

Re:Aren't all Dating sites more or less hacked?

[Gramie2]

You should look up "planned obsolescence". That's exactly how it works (albeit not on a yearly cycle).

Re:Aren't all Dating sites more or less hacked?

[cbhacking]

OkCupid and PlentyOfFish are both free sites. The OKC blog (called OkTrends) has some pretty cool analysis of why paid dating sites are in fact a ripoff, but that's not relevant here.

Re:Aren't all Dating sites more or less hacked?

[PRMan]

You didn't buy a Ford in the 90s, did you?

Re:Aren't all Dating sites more or less hacked?

[guyminuslife]

Well, considering that:

1) Your chances of finding "the one" out of any given sample of human beings, even selecting for particularly "compatible" traits, is very low
2) Sites like OkCupid need their customers to find people who are, at the very least, passable by whatever their standards are in order to maintain that customer base
3) Nobody has written a matching algorithm so good that, "By golly, we're such good matchmakers, we're putting ourselves out of business!" And if they did, it wouldn't put them out of business, it would just increase their cachet and get a lot of people on the site by word-of-mouth. ...I'd say you're full of crap.

Re:Aren't all Dating sites more or less hacked?

[WATist]

No, what they do is sell cars that need major work after 4 years or so many 1000 miles (end of warranty.) There are also parts companies who make parts that break right after the warranty runs out.

Re:Aren't all Dating sites more or less hacked?

[Rakishi]

Just because you suck at dating and being an attractive human being doesn't mean it's the site's faults.

Online dating is a field with a decent amount of competition, as a result any site that did what you claim would be bankrupt very quickly. Why? Because people will try five sites and never recommend the ones that are shit. Then when they're single again, welcome to life, they'll avoid those sites as well.

OKCupid went one step further and made it so that even if you're not single there's a reason to stay on their site. Tests, finding friends, forums and so on.

Re:Aren't all Dating sites more or less hacked?

[McNihil]

Within seven years it will be clear that my postulation is more right than anyone would like to think. The amount of relationships that last more than 18 years from these kind of sites will have statistical significance in comparison to traditional marital approaches.

I would agree with you that if everyone that uses these kind of sites knew what a good relationship is then it would be good, however I have found it to be a breeding ground of plants, whores/gigolos and psychopaths to a grander degree than anything else... "I" can not be so lucky to hit upon these kinds of personalities unless there is some underlying bias (not site specific.) I also do understand that there are many users out there that wear VERY rosy sunglasses when they uses these sites (a multitude of my women friends and some males) ... and where I have had to pick up the pieces after botched relationships that should have never started in the first place... where I sit in disbelief to their reasoning going into the relationships. Most recently case in point, she will be marrying in less than a months time that is 100% destined to a divorce and she is completely and utterly oblivious because her previous relationship was complete waste of time... ok so she has fallen for the relativism trap... but only because of the bad setup from a supposedly extremely reputable matching company.

Sadly I am not full of crap as some others have responded, I know how these con-artist-site work and everybody should stay away from them.

Re:Aren't all Dating sites more or less hacked?

[Rakishi]

So, basically you and your friends are all idiots incapable of dealing with mature relationships logically so you blame the websites. After all, picking up random people in a bar is so much more reliable of method and never leads to problems.

You know the truth? Many relationships suck period. That's life. You keep trying and dating till you find one that doesn't. Historically you simply married someone quickly and then resented them for the rest of your life while social stigma kept you from divorcing. But we're in more enlightened times nowadays.

Dating sites aren't some magical black box that gives you a perfect match. They do however give you people who are similar to you and are more likely to meet your criteria. Beyond that it's up to you. You get people, you date, you see and then you try again if they're not right.

My friends and me have had great success with them. Then again we're all generally rational, know what we want, have experience in what we want and aren't utter wastes of human flesh.

Your real problem it seems is that you've got the whole puritan mindset drilled into your head. You want to get married, period. Nothing else is of any value. That's going to fail pretty much every time. Look at the divorce and infidelity rates out there. My friends, they were all after relationships. If it didn't work out they'd break up and try again. If it did then after many years they might get married.

NEW HIGH SCORE!

[GameboyRMH]

This breaks the previous record for the most logins compromised at once by a factor of 3 (beating Trapster's 10 million)

They contacted me this afternoon...

[Burnhard]

They've changed all passwords due to the attack (I got a fresh, random one). I have a vague worry that my email address will turn up somewhere I don't want it to, but apart from that there's no other useful personal information on my profile, which, when I come to think of it is kind-of ironic for a dating site :p.

Bad Title

[Galestar]

He didn't email the hacker's mother, he emailed the security researcher's mother. Some unknown party hacked his website, and he blames the security researcher that was going out of his way to assist them in closing the vulnerability. After reading the researchers take on this, POF CEO could possibly be facing criminal charges for uttering death threats, harassment and perhaps a civil libel suit.

Re:Bad Title

[mr+exploiter]

He didn't email the hacker's mother, he emailed the security researcher's mother. Some unknown party hacked his website, and he blames the security researcher that was going out of his way to assist them in closing the vulnerability. After reading the researchers take on this, POF CEO could possibly be facing criminal charges for uttering death threats, harassment and perhaps a civil libel suit.

No, read again the article. He is accusing the security researcher of hacking the site. Technically he may be right, as making a security audit of a site without permission is indistinguishable from a hacking attempt from the site owner's point of view.

Re:Bad Title

[Galestar]

I think you need to read the researchers side of the story
http://grumomedia.com/plenty-of-fish-hacked-chris-russos-explains-how-he-did-it/

PlentyofFish.com Hacked, Blames Messenger

[Qlither]

*Headline taken from : http://www.krebsonsecurity.com/

A much easier headline.

Despite the term hacker not defining whether good or bad, instead only indicating circumvention of computer security. It has been used so virally in the media, that it now tends to infer that a malicious hack was carried out. In short the headline "PlentyofFish Hacked Founder Emails Hackers Mom"seems to suggest that the founder of PlentyofFish had found the person who breached his servers and then emailed their mother. However that is not the case.

https://secure.wikimedia.org/wikipedia/en/wiki/Hacker

Markus is acting like a bureaucrat...

[moronikos]

I have an account. I logged in some time last week and it said my password had expired and I needed to change it. The change screen was sort of crappy and I was able to "reset" my password to the old password. If the rat b@st@rd had said "we've been hacked and you need to change your password", well, I would have changed my password to something else. But, just a simple expiration? Well, really not a reason to change my password.

Bureaucrats get caught with their pants down, don't come clean for a while, and then they go and blame everyone else for their screw ups.

Markus, take a hint. Don't send people's passwords to them in an e-mail once or more a week. Geez... Now, I do have a reason to change my password.

Re:Markus is acting like a bureaucrat...

[cyclomedia]

I remember getting that screen and it being such a shit hackjob (even more so than the rest of the site) that I double triple checked the URL and everything just to make sure it wasn't a MITM attempt at password stealing. And then continued to change my password to the old one, just like you. Nice

gas station

[papasui]

There's a gas station by my house that likes to to put the names of people that bounced checks along with all their contact info on a great big billboard for the entire city to see. It's pretty entertaining.

Re:gas station

[roju]

Kind of a dick move, given that cheques have enough info on them for identify theft.

Typical CEO

[Stiletto]

Reading both accounts of the story (one from the CEO, the other from the security expert), it seems to be a case of "who do you believe". All we truly know is that the site was hacked, these guys were involved somehow, and now they're mad at each other. Everything else is just based on what one side or the other says.

That said, looking through the blog postings of the CEO, he strikes me as having the classic case of paranoid narcissist personality disorder. Every other posting is a rant about how his competitors are all out to get him. Everything they do is about HIM and a response to HIS business. When eHarmony does something, it's not just an innocent business expansion, it's a direct personal attack on this guy. I've worked with presidents and CEOs who use similar wording to this CEO in their daily speech, and whose nuances and mannerisms seem to match this guy's perfectly. Although my examples are only anecdotal, I'd be willing to bet this disorder is quite common among business leaders.

Not knowing more about the situation and only having their two accounts to go with, I would probably fall on the side of believing the security expert's account more, just looking at the level of paranoia and exaggeration in the CEO's blogging history.

Re:Typical CEO

[mr+exploiter]

Reading both accounts of the story (one from the CEO, the other from the security expert), it seems to be a case of "who do you believe". All we truly know is that the site was hacked, these guys were involved somehow, and now they're mad at each other. Everything else is just based on what one side or the other says.

That said, looking through the blog postings of the CEO, he strikes me as having the classic case of paranoid narcissist personality disorder. Every other posting is a rant about how his competitors are all out to get him. Everything they do is about HIM and a response to HIS business. When eHarmony does something, it's not just an innocent business expansion, it's a direct personal attack on this guy. I've worked with presidents and CEOs who use similar wording to this CEO in their daily speech, and whose nuances and mannerisms seem to match this guy's perfectly. Although my examples are only anecdotal, I'd be willing to bet this disorder is quite common among business leaders.

Not knowing more about the situation and only having their two accounts to go with, I would probably fall on the side of believing the security expert's account more, just looking at the level of paranoia and exaggeration in the CEO's blogging history.

Given that the "security researcher" is the same a**hole that hacked the piratebay, and that he performed a security audit of the site without the owner's permission, I'm inclined to go with the CEO's side of the story unless real evidence is presented by the hacker/security researcher.

Re:Typical CEO

[sunderland56]

Reading both accounts of the story (one from the CEO, the other from the security expert), it seems to be a case of "who do you believe".

One is a fellow geek.

One is a suit, i.e. someone who gets rich on the backs of geek labor.

This is slashdot. Who do you think we'll side with?

Re:Typical CEO

[ukyoCE]

Security researchers look around for security holes, that is hardly news. They're also way too public to actually hack/crack into a site. That's illegal and leads directly to jail. Meanwhile, how would the CEO even know *who* hacked the site? Did he triangulate their position with his ethernet prowess? At best he can claim the researcher made the security hole known and someone else took advantage of it -- if he's claiming more than that, he's plain nuts.

Re:sounds like extortion, assuming the email is le

[Stiletto]

Really?? You would, assume any notification of a security breach to be fraudulent until proven otherwise? What web site do you operate, so I can be sure never to sign up or give you any personal details.

Crybaby

[blunte]

Markus is a spoiled, rich crybaby. He's made so much money off that hideous site for so many years (and boasted about it for ages on his blog)... you would think he could afford proper security audits and support to close holes.

Basically he's been sitting on his ass technically for nearly the entire time, and now he's pissy because his lack of attention bit him.

And for the record, OkCupid.com is so immeasurably better than PoF in every way, it's time for the old whale to die.

Of course, blame, them, they wrote the code

[hesaigo999ca]

Come on, did anyone else but your programmers write the code for your site?
If someone saw a bug and then sent it to you...then guess what it is up to you to patch it right away, if 1 week later this bug is deployed in the wild...then sorry, but you had your chance...that is why you make the millions, and others don't, else we all would have our very own dating websites....you need good coders, and just anyone to do your code for you.

Extortion? Maybe...

[DingerX]

From the defense posted here:

The vulnerability was fixed and they remain in contact with us, since they were interested in hiring us as security professionals in order to make an analysis of the plataforms.

Look, here's why companies pay bounties and don't hire "security researchers" on spec, and, vice versa, here's why "security researchers" need to be very careful about how they go about getting a real job: Pointing out security vulnerabilities and asking for money IS extortion. "Gee, nice construction site you've got here. Too bad you can't afford to work 24 hours a day. Shame if someone were to vandalize your hardware while you were asleep. You know, even I could do that, let me show you*. Buy the way, I'm looking for a job. *=that's the step that's a problem; it's a double problem in the geek world, because the only accreditation that counts is being able to commit the crime that's a problem. So, sure, sleazeballs all around. What'd you expect? It's an online dating site.

Everyone is missing the point..

[microbee]

What happened after the dude emailed the other dude's mom? Did they make out? This is a nerd's ultimate revenge!

Re:Everyone is missing the point..

[DQKennard]

That would make for a much better followup letter than a threat. Hey, dude, I emailed your Mom to get you to stop hacking my site, and well, one thing led to another and she's lying here in bed next to me as I type. Man, she is one hot MILF. Oops, she's waking up. Gotta go, but thanks for hookin' us up, dude!

Re:He's done more than you have, big talker

[Americano]

Will it be written in a style similar to APK's bombastic style? I should like to read it, and ALL of its P.S. clauses, when it's published.

How should I subscribe to your newsletter, Sir? I really admire your ideas.

Why should I date someone I'm not attracted to?

[Burning1]

Seriously?

You call dating based on physical attractiveness shallow... Fair enough. I would counter with the question: Why should I date people who aren't attractive to me? Why is physical attractiveness any less important than emotional attractiveness? I'd agree that it's shallow to date on looks alone... But speaking as someone who has tried having romantic relationships relationships with people he isn't physically attracted to, I can say that it doesn't work any better than a relationship with someone I'm physically attracted to but emotionally uninterested in.

You make a great point though that you can't expect to date outside your league. Want a hot chick who's totally intellectual and into nerdy guys? Be an intellectual nerd who has a bit of a sense of style and works out.

Re:Why should I date someone I'm not attracted to?

[Cylix]

I've known some girls that had some weight, but were actually quite attractive.

It probably had to do with them being extra slutty, but I'm a sucker for slutty.

Re:Why should I date someone I'm not attracted to?

[tehcyder]

No one's saying you should date people you find unattractive. It's just that people need to be a bit more realistic about what's attractive or not, and even more importantly, they need to be realistic about how attractive they are themselves.

The number of posts on slashdot along the lines of "I am a perfect catch because I am both a nerd and I do an hour's exercise a week and so am therefore physically flawless too" are just hilarious.

Re:Why should I date someone I'm not attracted to?

[Raenex]

It's just that people need to be a bit more realistic about what's attractive or not, and even more importantly, they need to be realistic about how attractive they are themselves.

Lowered Expectations

security audit?

[SquirrelDeth]

So would walking around someone's house trying all the doorknobs to see is one is unlocked, be performing a security audit or attempting to beak into the place?

Re:security audit?

[mr+exploiter]

I don't know. How is this relevant?

Dale Carnegie

[Illicon]

You need to read How to Win Friends and Influence People, by Dale Carnegie. It's a great book that has sold a brazillion copies about exactly what you're talking about. If you really DO have Asperger's and honestly cannot understand the importance of taking a sincere interest in other people, you will after reading this book.

Re:Dale Carnegie

[eugene+ts+wong]

I did read it, actually. I think that he didn't write for people with Asperger's, because a lot of the stuff that he uses might just fly over an Aspie's head. A lot of the illustrations might make sense on a superficial level, but I don't think that they'll sink very deeply. I even have a copy. I never read it with Asperger's in mind, so I'll try doing that.

I guess I should put 2 and 2 together. Considering my comments plus your suggestion, I can assume that asking people about that book that they read gives them a chance to talk about themselves, and their interests. I guess that I found it surprising, because I didn't expect that topic to be interesting enough for them. Also, when they seem grateful, even before they answer the question, it implies to me that something else is going on. On the other hand, if there is no something else, then we can assume that they recognize that the conch has been passed to them, and that they recognize that the topic is about them. If all of this is true, then it makes sense that they would be grateful. Am I on the right track?

Re:Dale Carnegie

[Illicon]

I think you're both over-thinking it. The bottom line is people like to talk about themselves. Conversely, people in general, do not like listening to someone talk about themselves too much. So, if you can make yourself someone who not only listens, but also encourages other people talk about themselves, people will like you.

Re:Dale Carnegie

[eugene+ts+wong]

But why do they thank us for asking about things?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:argintina?

[Archwyrm]

Ah, hypocrisy at its finest.

Re:It's more than you can show YOU have done, lose

[MichaelKristopeit405]

you = stagnated. i make more every day than you've made in 10 years. you want what, a picture of my pay stub? you are nothing. you get nothing.

cower some more, feeb... still waiting for you to update that white pages listing.

Re:Oh, it's you (Stephen Alongi=Clone53421/52431)

[MichaelKristopeit405]

ea != ae

you're an idiot.

Re:What's your problem?

[MichaelKristopeit405]

so says the anonymous coward who trolls others endlessly for no good reason. you're an idiot.

Re:Speak for yourself, douchebag

[MichaelKristopeit405]

you're an idiot.

Re:So says the fool with 405++ accounts here

[MichaelKristopeit405]

you're an idiot.