Slashdot Mirror
Ashley Madison Security Protocols Violated Canada, Austrialia Privacy Laws (www.cbc.ca)
The Office of the Privacy Commissioner of Canada said Tuesday that the Canada-based online dating and social networking service Ashely Madison used inadequate privacy and security technology while marketing itself as a discreet and secure way for consenting adults to have affairs. CBC.ca reports: "In a report Tuesday, the privacy watchdog says the Toronto-based company violated numerous privacy laws in Canada and abroad in the era before a massive data breach exposed confidential information from their clients to hackers. The hack stole correspondence, identifying details and even credit card information from millions of the site's users. The resulting scandal cost the company about a quarter of its annual revenues from irate customers who demanded refunds and cancelled their accounts. Working with a similar agency in Australia, the privacy group says the company knew that its security protocols were lacking but didn't do enough to guard against being hacked. The company even adorned its website with the logo of a 'trusted security award' -- a claim the company admits it fabricated." The report found that "poor habits such as inadequate authentication processes and sub-par key and password management practices were rampant at the company" and that "much of the company's efforts to monitor its own security were 'focused on detecting system performance issues and unusual employee requests for decryption of sensitive user data.'" What's more is that Ashley Madison continued to store personal information of its users even after some of which had deleted or deactivated their account(s). These people then had their information included in databases published online after the hack.
Or just take the easy way out and blame the company?
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
This is twice in the last couple days, I've been browsing slashdot comments on my android phone in chrome. Suddenly my browser is redirected to a spammy page with a data:text/html;base64 url. The full URL is below. The spammy website won't let me go back and just keeps me on the page. This shit is unacceptable slashdot. Fix your fucking advertisers.
Filter error: That's an awful long string of letters there.
Yeah, it's a long fucking string of letters. You should know. You gave it to me to begin with. OK, since I can't post it, I'll pastebin it
http://pastebin.com/PVumFUiA
We could just have one rule, and it would be likely as efficacious as the convoluted, attorney-necessary system we presently operate under.
A corporate entity that promises something they don't deliver has to forego executive bonuses this year. And maybe next year's, depending on whether or not the beaver sees his shadow.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
what does it take to put someone out of business? Isn't there a legal responsibility (in Australia and Canada at least) to shut this business down until they can prove they're no longer being criminally negligent and deceptive?
FYI it decodes to the following:
"www.aotq4jgqy9n71.info" sure sounds like a totally reputable advertiser! Loading the page, it appears to be a scam claiming I won a free iPhone. They're illegally misappropriating a few Facebook trademarks. Answering the survey questions, I can reserve my free new iPhone by clicking a link to:
http://qswotrk.com/mt/03644364...
That redirects through a few different servers, ultimately landing me at:
http://www.onlinelectronicsusa...
If these ads are really being served by Slashdot, that's pretty fucking shady. As a bonus, I wonder who's hosting these scammers?
$ host onlinelectronicsusa.com
onlinelectronicsusa.com has address 104.28.31.128
onlinelectronicsusa.com has address 104.28.30.128
Oh, surprise surprise!
NetRange: 104.16.0.0 - 104.31.255.255
CIDR: 104.16.0.0/12
NetName: CLOUDFLARENET
If CloudFlare would stop providing bulletproof hosting for criminals and spammers, the internet would be a better place. But CloudFlare apparently loves its criminal customers. DDoS purveyors, terrorist websites, malware distributors, CloudFlare seems to welcome them all to its hive of scum and villainy. Maybe it's time to revive the concept of the Usenet Death Penalty and apply it to all traffic to and from CloudFlare. They're the sewer of the internet and should be null routed and de-peered.
See also: CloudFlare Watch
AUSTRIALIA?
Not that Ashley-Madison may have violated privacy laws and that they had poor security and slapped a bogus 'trusted security award' on their site, but that people seem so surprised that they did.
I suspect almost everything I see on the internet is a lie, but of course that's not right either. Some things can be trusted, but everything you see has to be evaluated on its own merits. How anyone could look at AM and decide they were trustworthy without the least little twinge of doubt is beyond me.
I think one of the craziest ideas a marketer ever had was to put up ads with a sexy woman pretending to send you a private message saying she only lives 2 miles away from you and she wants to have sex, right now!
So.....I'm supposed to believe that some horny woman who has never seen me and knows nothing about me other than I visited some porn site knows exactly where I live and not only that she wants me to come over and do whatever I want with her. Yeah, that sounds legit.
Goddammit, what if it's true and I'm missing out?
And where did Ashley-Madison advertise on the web? Porn sites.
For good or for ill most websites actually think my IP address is about 50 miles away from where I actually live. It really would creep me out if it were so trivial to find the physical address of someone else's IP address.
I can't say I have ever seen that issue, are you sure your computer isn't compromised?
I would suggest running http://housecall.trendmicro.co... to see if it finds anything (if you are using Windows at least). The reason to use that is that it bypasses the viruses that have bypassed your installed virus scanner. You could also use other scanners, but that is a good starting point.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
1) as I said, it was my android phone in chrome. And I'm pretty certain it isn't compromised. If it were, it would be very interesting because it's only happened 3 times, all this week, and only on slashdot. Slashdot accounts for about 1% of my browsing time, so thats either a very huge coincidence, or a very targetted virus.
I just posted about it again today, with screenshots:
https://slashdot.org/comments....
Thanks for doing some digging. I decoded it and saw the amazon URL, but didn't go any deeper, and I certainly don't have any familiarity with cloudflare's shady hosting.
I just posted again today. Got the same thing popup on slashdot today. I posted screenshots in that post, showing that chrome still thinks the website is on slashdot (must be some symptom of the "data" url that chrome doesn't realize the page has changed)
https://slashdot.org/comments....