The website AshleyMadison.com has been hacked, and has verified the breach. The attacker (calling themselves the Impact Team) apparently claims to have credit card details and detailed profiles of people registered on the site, and also released details of staff working there. They are apparently protesting that the paid-for full profile delete function does not do as advertised.... and threaten to release more information if the site is not closed down. http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/ According to this report, Cougar Life and Established Men are also affected. http://www.theguardian.com/technology/2015/jul/20/ashley-madison-hacked-cheating-site-total-shutdown
Normally I don't subscribe to the idea that "two wrongs make a right" but this is just too good. From the article: Anyone stupid enough to put that kind of info online gets exactly what they deserve. I'd love to see the list of "rich and powerful people" before the next elections.
I'm sorry folks, I don't support these sites either. However, I do support privacy rights and the rights of individuals as adults. No one deserves to have their information hacked and displayed to the entire world. You can't say you support internet privacy while at the same time condone the work of hackers. P.S. Please do not insinuate from this post that I support or condone what the people who have profiles on this site do.
Ah, the heady whiff of moral rectitude and vigilante justice, applied to 37 million people (presumably not all men as the hacker(s) assert), whose situations we do not know... and not exactly relevant to the forum, although possibly the attackers motivations are somewhat. The more scary conclusion, for everyone, is that the internet is dangerous and untrustworthy, and its use should be minimised/anonymised. The toxic mixture of weaponisation. attack (rather than defence) and suspicion-less surveillance by the TLAs, the routine unprincipled data mining by the corporations, and the attacks of the criminal or disgruntled, mean that no-one is safe:- between them, they have killed the golden goose.
Anyone that doesn't live in a cave has heard about the mass hackings of late and that those behind the hacks have been dumping the personal info online for all to see. Nothing online stays private for very long. This isn't the first or second "matching site" to be hacked. Anyone who puts embarrassing and potentially damaging info like their sexual fantasies online on such a site using their real name is a complete fool and deserves what they get. Privacy starts with using the brain when deciding what should be put online, not their genitals.
Trouble is, no-one gets to say what morality others are applying to our own views and behaviors as expressed online, or how those people might respond to your detriment. It's pretty much guaranteed that you will offend someone with sometimes completely anodyne views, or sometimes have a moment of weakness preserved for unwanted posterity. Second, the market is busy pretending that it's isolated incidents - the denial phase. A bit like a beach resort passing off the risks of shark attack when, it is now clear, there are a lot of sharks and a lot of blood in the water. So, people will keep on swimming for a while, and not altering their careless behaviors. After all, most people have been pretty blasé about the Snowden revelations.
There's an online arms race, and it's heating up. It's heavy on offense. Criminals of all sorts are riffing off each other, stealing tools from each other, consulting with each other, etc, etc, etc. And most citizens are clueless, and in denial. So it goes.
I won't be coherent when I state that, if I cannot agree with a whatever hack, some are incentive of revolt when others rather participate to a smile. In this case, a wide smile... but I shouldn't As we say, "All women besides one or one besides all the others" - That's for morality. Without being a moralist (I appreciate all but one). But when a Web site uses immorality to make business, when it charges 20 bucks to get a user's data removed without removing the data in its servers... I smile again, and this time with greater ease, when the place gets hacked.
In a desperate attempt to get technical here, I have (as a developer), had various looks at encrypted databases, and it's obviously not straightforward. Clearly, some things can be easily hashed (where they are keys for example), as you would do for password hashes. But encryption will remove most db search capability, and that's nasty. The other factor is that, presuming the attacker is running a process with direct access to the db machine, they can just write a suitable query to dump the data unencrypted and that can then be exfiltrated as normal. In this case, because they were likely a contractor with knowledge of the schema and code, that would be easy enough. I'm not aware of a hardened solution to this, certainly not a general one, and clearly the market desperately needs something better. It's also why the mass surveillance databases are so extraordinarily dangerous. They cannot be fully secured, despite the claims made by ignorant politicians, and the aura of mystique around the TLAs.
It's very offensive (which is extremely easy and not at all clever); and the defence is a joke. It reminds me of the start of WW1, where cavalry were sent in against the new industrialised weaponry (like artillery and machine guns). Our client systems are "terrifically weak", the TLAs have subverted and weaponised the backbone (and pass the data around to all their buddies indiscriminately), and if you do manage to get through unimpeded to the service, the services itself is busy sharing the information with whoever it can for money, and is also "terrifically weak". Not only that, whereas the low-hanging fruit argument was originally effective, that no longer applies with the industrialised surveillance and attack. The bullets are firing from a machine gun.
Then surely you must also support the FBI, NSA, and other government intelligence and law enforcement agencies hacking and exploiting users on TOR, right? I mean, they are only chasing pedophiles and drug dealers and we can all agree those people are despicable too.
The attack tools are clearly not only used for that purpose, are they? They are also combined with "evidence" from mass surveillance and 2-hops to increase risks for false positives, lack of probable cause or presumption of innocence. The tools explicitly include the capability of planting evidence - they are militarised weapons being put in the hands of law enforcement, to the detriment of rule of law. We know that NSA/GCHQ explicitly do use that to discredit opposition.
I know it was a criminal act against Ashley Madison, but have been struggling to generate sympathy for some of the recent hacks including this one.
Hacking is hacking. How one feels about it depends on whose ox is getting gored. But the tools don't care.
I don't know a lot about TOR, but if the FBI is targeting, drug dealers, pedophiles and extremists, then yes of course, I'm all for it.
Drug dealers and pedophiles have pretty defined terms but extremist is very vague term. The UK government has termed conspiracy theorists as extremists as well as people who operate just inside the law (ie lawful). Very tough definition to get right, particularly when you are using it define what FBI/NSA can do. Even more challenging when you are making these decision with a secret court (FISA) where the definitions and scope is not publically debated.
That's what they claim, but everyone on Tor is targeted simply because it's extremely difficult prove for sure who is who. (hidden agenda aside).
That is why many use VPN's before connecting to TOR. Its at the point that even being a TOR user draws way too much attention. So the unfortunate answer is to be in a place to hide our use even from our ISP. Not everybody using TOR is being "illegal", many are just connecting to private hidden servers for the sole purpose of PRIVACY.
Agreed, TOR does draw attention. They must assume that if you are using TOR that you are up to something illegal. I am sure the FISA court has signed off on this justification. Definitely a good idea to hide it from your ISP.
To be honest, since I'm not a TOR user I don't really care. If you're not doing anything wrong, you will most likely not become a target. And yes, by using TOR you might draw attention.
Yeah, caring for oneself is of more importance... On the other hand, you will be targeted if there is even a hint of suspicion on "doing anything wrong" in the real world.
Generally, we want to act normal. Provide no reason to be targeted. I only use Tor via VPN services. Using VPN services is my least distinctive option. Except maybe for hitting remote WiFi hotspots with a parabolic dish and high-power radio. But that has its own signature
The problems I have here is that: a) "doing anything wrong" seems to include being a journalist, disagreeing with government policy, being an activist for any cause whatsoever, being a trade unionist, being part of a grieving family (e.g. the Lawrence family) - etc. b) I do not believe that "targeting" means what we think it ought to mean. I.e. probable cause and a person investigating who is acting properly within the law. I fear that there will be rampant automated auto-targeting based on grotty "selectors" or combinations thereof, and automatically launched assaults, add you to no-fly lists etc. with no human involvement and no remedy. It's no effort for machines to do it - therefore, on the basis of track record they WILL do it, regardless of whether it's useful, lawful, constitutional, moral. They do not bear the costs. IOW, I no longer trust in either the "low-hanging fruit" defense, nor necessarily the utility of seeming one-of-the-crowd. A problem indeed. I think they're killing the golden goose.
Hackers Finally Post Stolen Ashley Madison Data You can search emails on https://ashleymadisonleakeddata.com
