Slashdot Mirror
Ashley Madison Security Protocols Violated Canada, Austrialia Privacy Laws (www.cbc.ca)
The Office of the Privacy Commissioner of Canada said Tuesday that the Canada-based online dating and social networking service Ashely Madison used inadequate privacy and security technology while marketing itself as a discreet and secure way for consenting adults to have affairs. CBC.ca reports: "In a report Tuesday, the privacy watchdog says the Toronto-based company violated numerous privacy laws in Canada and abroad in the era before a massive data breach exposed confidential information from their clients to hackers. The hack stole correspondence, identifying details and even credit card information from millions of the site's users. The resulting scandal cost the company about a quarter of its annual revenues from irate customers who demanded refunds and cancelled their accounts. Working with a similar agency in Australia, the privacy group says the company knew that its security protocols were lacking but didn't do enough to guard against being hacked. The company even adorned its website with the logo of a 'trusted security award' -- a claim the company admits it fabricated." The report found that "poor habits such as inadequate authentication processes and sub-par key and password management practices were rampant at the company" and that "much of the company's efforts to monitor its own security were 'focused on detecting system performance issues and unusual employee requests for decryption of sensitive user data.'" What's more is that Ashley Madison continued to store personal information of its users even after some of which had deleted or deactivated their account(s). These people then had their information included in databases published online after the hack.
This is twice in the last couple days, I've been browsing slashdot comments on my android phone in chrome. Suddenly my browser is redirected to a spammy page with a data:text/html;base64 url. The full URL is below. The spammy website won't let me go back and just keeps me on the page. This shit is unacceptable slashdot. Fix your fucking advertisers.
Filter error: That's an awful long string of letters there.
Yeah, it's a long fucking string of letters. You should know. You gave it to me to begin with. OK, since I can't post it, I'll pastebin it
http://pastebin.com/PVumFUiA
FYI it decodes to the following:
"www.aotq4jgqy9n71.info" sure sounds like a totally reputable advertiser! Loading the page, it appears to be a scam claiming I won a free iPhone. They're illegally misappropriating a few Facebook trademarks. Answering the survey questions, I can reserve my free new iPhone by clicking a link to:
http://qswotrk.com/mt/03644364...
That redirects through a few different servers, ultimately landing me at:
http://www.onlinelectronicsusa...
If these ads are really being served by Slashdot, that's pretty fucking shady. As a bonus, I wonder who's hosting these scammers?
$ host onlinelectronicsusa.com
onlinelectronicsusa.com has address 104.28.31.128
onlinelectronicsusa.com has address 104.28.30.128
Oh, surprise surprise!
NetRange: 104.16.0.0 - 104.31.255.255
CIDR: 104.16.0.0/12
NetName: CLOUDFLARENET
If CloudFlare would stop providing bulletproof hosting for criminals and spammers, the internet would be a better place. But CloudFlare apparently loves its criminal customers. DDoS purveyors, terrorist websites, malware distributors, CloudFlare seems to welcome them all to its hive of scum and villainy. Maybe it's time to revive the concept of the Usenet Death Penalty and apply it to all traffic to and from CloudFlare. They're the sewer of the internet and should be null routed and de-peered.
See also: CloudFlare Watch