Slashdot Mirror
Ashley Madison Hack Claims First Victims
wired_parrot writes: Toronto police are reporting that 2 unconfirmed suicides have been linked to the data breach. This follows pleas from other users of the site for the hackers to not release the data before it was exposed- an anonymous gay Reddit user from Saudi Arabia, where homosexuality is illegal, pleaded for the data to be kept private: "I am about to be killed, tortured, or exiled," he wrote. "And I did nothing." And when The Intercept published a piece condemning the puritanical glee over the data dump, one user who commented on the article said she's been "a long term member" of the site because her spouse's medical condition has affected their intimate life. Her spouse knows she's engaged with other Ashley Madison members, she says, but now fears she will likely lose friends and have to find a new job now that her association with the site is out there.
Ashley Madison has now offered a $380,000 reward for information that leads to the arrest and conviction of the hackers who leaked the data. Security researcher Troy Hunt has also posted about the kind of emails he's received from users after the data leak.
Toronto police are reporting that 2 unconfirmed suicides have been linked to the data breach.
so, basically corollary conjecture pertaining to sets of potential outcomes of a data breech.
Dont get me wrong, as a homosexual I'm not at all condoning the death of a person for their sexuality. I think puritanical elation is at best inappropriate as a response to the incident. But frankly Ashley Madisons catchphrase was 'lifes short, have an affair.' As a saudi national, someone is unfortunately about to find out exactly how short that life can really be. Standard issue infidelity aside there are numerous gay dating sites you could have chosen. numerous potential outlets for gay, straight, questioning, bisexual, whatever your heart desires. But selecting Ashley Madison shows a puerile approach to interpersonal relationship as well as sexual orientation in general. Homosexuality is not the same as a casual extramarital affair.
Good people go to bed earlier.
Seems ridiculously low. They have already been sued for over half a billion CAD. This is likely to end their business. Is that really all they can afford or are willing to pay?
Shows how much they care about their users. Presumably they are hoping to get someone to grass on the cheap, and only ramp it up later if no-one comes forward. Even more alarming, it suggests that they have no idea who it is and their security is so poor they have nothing to go on.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
When he was CEO of SUN, Scott was once quoted as saying "You already have no privacy. Get over it."
If telephones are outlawed, then only outlaws will have telephones.
Forgive me for being the odd duck out here, but what ever happened to "Personal Responsibility"? I, too, think it's wrong for the hackers to release that information. It sounds like a despicable act of misguided morality to me, but that's irrelevant.
These people took their own lives, the external stressers don't really matter; they CHOSE to commit suicide. Maybe if signing up and using that site was such an emotional risk for them, they shouldn't have done it?
Mod me down with all of your hatred and your journey towards the dark side will be complete!
Cheating necessarily implies deceit.
If consenting adults want to have physical intimacy with someone who isn't their spouse, and everyone involved (spouse included) is okay with it, then it isn't cheating.
Your relationship might be so fragile that sexual exclusivity is a requirement to keep it going, but not everyone is that insecure in themselves or their partner.
This is a bit like saying you're going to send someone to jail for getting rear-ended waiting at a traffic light.
I totally agree, data security is a big deal - but I think "gross negligence" probably covers the fact that someone did not put proper security in place. Beyond that, it's an arms race. You can't hold someone responsible for being hacked, unless they've demonstrated that they didn't even try to avoid it. Reasonable preventative measures.
The same reason you can't claim insurance when you don't have any locks on your house. But if they really want to, that moat and electric fence won't stop someone from breaking into your house.
.
If I leave my door open, and my stuff gets stolen, I am the one who has been punished.
If some asshole corporation fails at security, and my stuff gets stolen, I am still the one who has been punished.
See, the stuff being stolen here ... It's not the property of the corporation, and they're not the ones who suffer when it is stolen. They've deemed themselves trustworthy to hold onto your data, and failed to safeguard it.
Oh, sure, they might get a little bad PR, and the stock might slip a little. But that asshole executive who decided security was too costly? It's not his data being stolen, and it's not him who has to deal with it.
So he, being an asshole executive, says "wow, we're not really sorry but if we say it will you shut up and go away?"
This is more like I've got stuff in my safe deposit box, and the bank gets robbed, and the bank say "wow, that's totally not our fault".
Your analogy sucks.
Corporations failing to protect the private and sensitive information they have been entrusted with are not the fucking victims, and they don't get to play the victim card.
Lost at C:>. Found at C.
Actually, some of us do. For instance, those of us who try to follow Christ also, by definition, try to give at least some consideration to how Jesus defined it:
"27 You have heard that it was said to those of old,[c] 'You shall not commit adultery.' 28 But I say to you that whoever looks at a woman to lust for her has already committed adultery with her in his heart."
(Matt. 5:27-28, NKJV)
The lesson: Big sins usually start off as small ones. Don't lust after other women, don't think about cheating, don't put yourself in the position where you might, don't neglect your marriage to the point where you feel you need to, and chances are pretty good that you won't.
We also try to remember that if God has forgiven us our sins against Him, then we also ought to be willing to forgive those who sin against us. Most marriages can be saved if both partners are willing to save it, and, sometimes, even if one of them is not.
Nonaggression works!
not changing anything about how corporations have to secure data, or even (god forbid!) be punished for having sloppy security.
And why should it? For the sake of argument do you think the government should tell you that you MUST install a home security system, have dead bolts on every exterior door, require exterior doors be steel or solid wood, limit the side of windows to no more than 1" by 1" or require bars? If you violate any of these rules on your structure fine or punish you? Should we lighten up the sentences for "breaking and entering" or even burglary?
Personally I think with certain exceptions like public Utilities etc that already enjoy a special relationship with government and a captive market, that companies ought to be allowed to have whatever security posture they like. They should simply have to be honest about it with consumers. Government ought to do one of the few things its Constitutionally supposed to do and set some standards of measure.
Develop some NIST definitions for overall information security postures. If companies then want to claim they have a 'Double plus good can't hack me bro' rating there is a way to prove that. Then if one of these breaches happens and its done in a way that should not have been possible while in compliance like 'plain text data on laptop found on bus' we would all be able to go after them for contract fraud or false advertising etc.
Additionally we should have some disclosure laws, just like food labels there need to be some standardized categories and forms companies that maintain any information that is personally identifiable other than firstname, lastname, current address, billing address, and primary phone number, should be required to disclose that on a standardized and both electronically readable and human readable format. Maybe a nice TML or INI like file.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
The website did not willing give up the account information- it was stolen.
I'm confused. Does Ashley Madison not have possession of the information? When these hackers broke in, did they take the information and not leave anything behind?
I ask because many times on here when talking about people stealing songs the argument is always brought up that nothing was actually stolen since the original owner still had the song. Therefore, there was no theft but is instead considered "sharing".
If the above analogy is correct then there's no problem. Nothing was stolen, only shared because information wants to be free. So which story are we going to use today?
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Considering that Ashley Madison as a whole is illegal in most jurisdictions I would be really surprised if those laws had no effect.
In NC, USA, the Ashley Madison website is in direct violation of several marriage statutes, namly around willful alienation of affection, which is punishable with jail time.
Affairs are probably illegal in most states in the U.S. If not all. Facilitating criminal conduct intentionally IS a crime in every state in the U.S.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
My question: Where would laws be aimed at?
I fear that we would get laws like the CFAA aimed at stringing up intruders in the US, but because most attempts are coming from overseas where the local governments either ignore or actively encourage security breaches, it would not help anything. However, with the cosplan ban that the TPP [2] gives, we likely will see effort along these lines just as scare tactics and security theater.
If we get laws at businesses, it may not help either. Sarbanes Oxley and HIPAA were to address security, and the last time I've heard of someone going to jail under those was someone who caught too many fish and was prosecuted under SOX because he tossed his stash of dead grouper.
If a law stipulates "reasonable measures", a lot of companies would do nothing at all, throw their hands up and say that the bad guys can get through anything, and point to Target and Sony as being heavyweights, but yet nailed [1].
If a law stipulates exact OS methods taken, the OS controls in Windows NT are significantly different from the ones available in Windows Server 2016.
[1]: Even though basic network segmentation would have stopped Target's attack, and locking/warning IT about brute force AD password guesses would have helped mitigate Sony... and an IDS/IPS would have stopped both.
[2]: Here in the US, treaties come before laws. Even Marbury vs. Madison doesn't allow judicial reviews on treaties.
Your own Apples to other people's Orangutans comparison.
The Government requires you to have vehicle insurance because you impact other people if you wreck on a road. Banks are required to have insurance protecting a specific percentage of deposited wealth. You will go to jail if you kill someone while driving even if it was on accident if you don't have insurance. Banks have had people go to jail when they lied about or have not met obligations required by law. Why should a business be treated differently exactly? No reason, except that we lack enforceable regulation.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
And that is the root cause of this whole situation. We need to find a way to change the overall mindset (especially in these here Unitee States) towards other people's personal sexual congresses. Not only should it be nobody else's business, but nobody should even **care** what some person they're neither related to nor dating is doing.
If someone's cheating on a spouse (and the spouse does not approve of extramarital sex), the spouse will likely find out one way or another at some point. What happens to the couple is up to them. But what your employees, or Congressional reps, or sports/music/theatre idols do in their personal lives including sex, just plain shouldn't matter.
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
Yes, this is quite unfortunate. However: given a random selection of 30 million individuals, at what rate would suicides be observed? Make sure you know the answer to this question before jumping to conclusions.
No, I'm saying everyone is responsible for their actions. The people who snitched are responsible for snitching, the people who killed are responsible for killing. If you put it all on the snitches, you're making the nazis as machines, like they don't make their own choices. Turning someone in to the gestapo is not the same as pushing someone in front of a train. The train is a machine, it obeys the laws of movement, it can't stop, so the blame is with whoever pushed the person. Someone who kills someone else for being gay or cheating on their spouse is not a machine, is a person that can make choices, and is responsible for the consequences of those choices.
--
Stay tuned for some shock and awe coming right up after this messages!
Social media is for fools. It's not just Ashley Madison. It's Facebook too. It is just amazing to me how people will pony up so much personal information and entrust other people to "manage" it.
How long is it going to be before someone hacks into Facebook and steals millions of user account details? Email addresses, phone numbers (in some cases), family photos, where you work (in some cases), all your friends (in some cases), you name it.
Buyer beware.