Red Squirrel
No Lifer
This gets better: http://gizmodo.com/john-mcafee-ashley-madison-was-an-inside-job-1726111959
It may actually be an inside job.
It may actually be an inside job.
mmntech
Lifer
- Sep 20, 2007
- 17,501
- 12
- 0
It wouldn't surprise me. All it would take is one disgruntled employee in the IT department. Either they dump the server data themselves, or sell off admin level access to some ne'er-do-wells. They can then poke around the server all they want, completely unnoticed. No hacks necessary.
I believe that's pretty much what happened to Sony. Though they never did find the perps AFAIK.
SMOGZINN
Lifer
- Jun 17, 2005
- 14,221
- 4,452
- 136
This is the new reality that even non-techie people need to realize: Your data is not safe.
You talk about expecting the same sort of security your bank or the .gov uses, but the last few years have been rife with big government data losses. We recently found out that hackers got the entire OPM database from the government including lots of classified information. It is just a matter of time before a bank is hacked.
But this is nothing new, banks were robbed in the past and stores have been stolen from. Somehow they survived. Internet commerce will too.
Red Squirrel
No Lifer
Yep, this is why I hate the idea of companies taking so much of my info. They cannot be trusted to keep it safe. They have no motive to do so, since they have insurance to protect themselves. Cheaper to put up with the fallout of a hack than hire competent people to secure their systems. Heck most companies outsource IT to India now days. Our data is literally in the hands of the same people calling us from "windows computer" about a virus that got detected on our machine wanting 200 bucks to remove it. Would not be surprised if some of those people actually work both jobs. Scam business on the side and contract with legit companies on the other.
The companies that have data that belongs to big wig 1%ers are the ones that do end up getting in trouble when they get hacked but if no big wigs are victims then not much happens.
Imp
Lifer
- Feb 8, 2000
- 18,828
- 184
- 106
Lulz.... Posted earlier, but here it is again:
http://www.cbc.ca/news/technology/ashley-madison-s-members-by-the-numbers-1.3208152
So, estimate is around 10 thousand women and millions of men. Many of those women may have been run by the company. Sounds like the service was more like a phone sex line than an actual affair website.
http://www.cbc.ca/news/technology/ashley-madison-s-members-by-the-numbers-1.3208152
So, estimate is around 10 thousand women and millions of men. Many of those women may have been run by the company. Sounds like the service was more like a phone sex line than an actual affair website.
mmntech
Lifer
- Sep 20, 2007
- 17,501
- 12
- 0
I still stand by my previous statement that it was a dick move releasing these peoples' personal info to the web, since it's not just the cheaters who will get hurt.
However, this whole story just gets funnier and funnier. Seems like Ashley Madison was nothing more than a elaborate, and brilliant, scam. Sex sells baby.
Especially since a lot of these hackers are now either sponsored by state security agencies or organized crime. Which has given them unprecedented access to resources. That has given rise to folks like Hacking Team. Cyber-warfare mercenaries, for lack of a better term. Wasn't too long ago that this stuff was the realm of bad science fiction.
The big software vendors can barely keep up. I certainly don't trust your average corporate IT department to be that on the ball.
However, this whole story just gets funnier and funnier. Seems like Ashley Madison was nothing more than a elaborate, and brilliant, scam. Sex sells baby.
Especially since a lot of these hackers are now either sponsored by state security agencies or organized crime. Which has given them unprecedented access to resources. That has given rise to folks like Hacking Team. Cyber-warfare mercenaries, for lack of a better term. Wasn't too long ago that this stuff was the realm of bad science fiction.
The big software vendors can barely keep up. I certainly don't trust your average corporate IT department to be that on the ball.
Imp
Lifer
- Feb 8, 2000
- 18,828
- 184
- 106
That reminds me... Why the hell don't banks use two-step verification like Google, Yahoo, and Hotmail? Need a password but also need a disposable one-time code to log-in -- either to phone or a second email.
I think I remember one person being scammed repeatedly because he/she had a scammer phone in, pretend to be the person, and only have to do very basic verification.
I think I remember one person being scammed repeatedly because he/she had a scammer phone in, pretend to be the person, and only have to do very basic verification.
ImpulsE69
Lifer
- Jan 8, 2010
- 14,946
- 1,077
- 126
Because the real hacks bypass all that nonsense and go straight for the data. Trying to find l/p's is small time compared to the real dangers out there. They look for weaknesses in the overall infrastructure to get directly to what they want or get help from the inside. Strong passwords and RSA keys aren't going to fix that.
Public facing data is never going to be safe in the long run and it is best to use the internet with that always in the back of your mind.
Last edited:
MongGrel
Lifer
- Dec 3, 2013
- 38,466
- 3,067
- 121
Imp
Lifer
- Feb 8, 2000
- 18,828
- 184
- 106
That's usually what they do to steal identities and credit card numbers. I haven't heard of hackers going straight to data and editing account number totals yet -- or as often. Two-step verification should at least slow down someone who's key-logged or phished your banking info and password, then tries to transfer money... Come to think of it, I haven't heard of people logging into peoples' bank accounts and transferring money out before either -- usually an insider (family) job.
mmntech
Lifer
- Sep 20, 2007
- 17,501
- 12
- 0
Banks are still using the old "personal question" technique, despite that imformation being relatively easy to find. Best you can do is use long random passwords and hope the bank doesn't store that information in an easily crackable format.
A lot of places still don't have two factor at all. Sony is one that really irks me because they of all people should know better. PSN's security is horrendously outdated and a lot of people have been nailed because of it. I've seen at least one case on this forum. More on Reddit. Some scrip kid hacks their account, deactivates their console, then uses their credit card to buy hundreds of dollars worth of games. Then when the victim complains, Sony's like "what do you want us to do?" Uh, fix your crappy security. Maybe don't let people just activate or deactivate systems willy nilly if they're signing in from a new IP.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 20K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 12K
-
Discussion Speculation: Zen 4 (EPYC 4 "Genoa", Ryzen 7000, etc.)- Started by Vattila
- Replies: 13K
-
Facebook
Twitter