EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

08.20.15

Ashley Madison Disaster Apparently the Fault of Microsoft Windows

Posted in Microsoft, Security, Windows at 6:50 am by Dr. Roy Schestowitz

What kind of company uses Windows for security?!

Hilton Manchester

Summary: New reports serve to show that Ashley Madison’s data which got leaked includes complete dump of corporate Windows passwords

TWO months ago we wrote about the Office of Personnel Management (OPM) breach and Microsoft Windows. It’s quite unusual for large, high-profile breaches to involve anything but Microsoft, but the media rarely call out Windows, not even when Stuxnet is clearly all about Windows (not surprisingly because Microsoft aids the NSA and the NSA developed Stuxnet) and the Sony were reportedly the fault of a leaky Window server, irrespective of who infiltrated it (an entirely separate question).

Another day, another crack. Because OPM contains the personal details of many rich and powerful people. OPM still dominates the news to some degree (although Windows is rarely mentioned) and now it’s Ashley Madison [1,2]. A lot of people, including very high-profile people, can now be publicly shamed and/or blackmailed.

“Well done, Microsoft. Instead of helping just the NSA (and by extension Five Eyes) hoard weapons of blackmail against billions of people the company has now got weapons of blackmail scattered all around the Web, targeting many millions of people.”According to this report, the leak “included a full domain dump of corporate passwords (NTLM hashes) of the Windows domain of the company” (hello Microsoft!).

“According to security experts, including Krebs,” wrote Gordon in IRC, “it’s definitely a legit dump” and there are articles that explain why. “The database dump,” to quote this one report, “appears to be legitimate and contains usernames, passwords, credit card data (last four), street addresses, full names, and much much more. It also contains an extensive amount of internal data which looks like the hackers had maintained access to their environment for a long period of time.”

Ashley Madison’s owners are in panic because a lot of lawsuits may be imminent. They are trying to DMCA sites that share the data, but history teaches that this is a futile effort. They now pay the price of using Windows and many people (perhaps dozens of millions) pay the price of relying on a company that uses Windows.

Well done, Microsoft. Instead of helping just the NSA (and by extension Five Eyes) hoard weapons of blackmail against billions of people the company has now got weapons of blackmail scattered all around the Web, targeting many millions of people. Microsoft leads to a form of global anarchy by making its software flawed by design and leaky by intention. It’s that same dumb mentality that leads some politicians to demands of back doors only for the “Good Guys” (them).

Related/contextual items from the news:

  1. Remember How The DMCA ‘Stopped’ The Release Of Ashley Madison Cheaters Data? About That…

    And… it took longer than expected, but less than a month later, the data file has leaked online, and you can bet that lots of people — journalists, security researchers, blackmailers and just generally curious folks — have been downloading it and checking it out.

    Maybe, next time, rather than claiming copyright, the company will do a better job of protecting its systems.

  2. Data from hack of Ashley Madison cheater site dumped online [Updated]

    Gigabytes worth of data taken during last month’s hack of the Ashley Madison dating website for cheaters has been published online—an act that could be highly embarrassing for the men and women who have used the service over the years.

    A 10-gigabyte file containing e-mails, member profiles, credit-card transactions and other sensitive Ashley Madison information became available as a BitTorrent download in the past few hours. Ars downloaded the massive file and it appeared to contain a trove of details taken from a clandestine dating site, but so far there is nothing definitively linking it to Ashley Madison. User data included e-mail addresses, profile descriptions, addresses provided by users, weight, and height. A separate file containing credit card transaction data didn’t include full payment card numbers or billing addresses.

    [...]

    “We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data,” they wrote in an e-mail to Ars. “We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort. Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.”

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 18/4/2019: Ubuntu and Derivatives Have Releases, digiKam 6.1.0, OpenSSH 8.0 and LibreOffice 6.2.3

    Links for the day



  2. Freedom is Not a Business and Those Who Make 'Business' by Giving it Away Deserve Naming

    Free software is being parceled and sold to private monopolisers; those who facilitate the process enrich themselves and pose a growing threat to freedom in general — a subject we intend to tackle in the near future



  3. Concluding the Linux Foundation (LF) “Putting the CON in Conference!” (Part 3)

    Conferences constructed or put together based on payments rather than merit pose a risk to the freedom of free software; we conclude our series about events set up by the largest of culprits, which profits from this erosion of freedom



  4. “Mention the War” (of Microsoft Against GNU/Linux)

    The GNU/Linux desktop (or laptops) seems to be languishing or deteriorating, making way for proprietary takeover in the form of Vista 10 and Chrome OS and “web apps” (surveillance); nobody seems too bothered — certainly not the Linux Foundation — by the fact that GNU/Linux itself is being relegated or demoted to a mere “app” on these surveillance platforms (WSL, Croûton and so on)



  5. The European Patent Office Does Not Care About the Law, Today's Management Constantly Attempts to Bypass the Law

    Many EPs (European Patents) are actually "IPs" (invalid patents); the EPO doesn't seem to care and it is again paying for corrupt scholars to toe the party line



  6. The US Supreme Court (SCOTUS) Once Again Pours Cold Water on Patent Maximalists

    Any hopes of a rebound or turnaround have just been shattered because a bizarre attack on the appeal process (misusing tribal immunity) fell on deaf ears and software patents definitely don't interest the highest court, which already deemed them invalid half a decade ago



  7. Links 17/4/2019: Qt 5.12.3 Released, Ola Bini Arrested (Political Stunts)

    Links for the day



  8. Links 16/4/2019: CentOS Turns 15, Qt Creator 4.9.0 Released

    Links for the day



  9. GNU/Linux is Being Eaten Alive by Large Corporations With Their Agenda

    A sort of corporate takeover, or moneyed interests at the expense of our freedom, can be seen as a 'soft coup' whose eventual outcome would involve all or most servers in 'the cloud' (surveillance with patent tax as part of the rental fees) and almost no laptops/desktops which aren't remotely controlled (and limit what's run on them, using something like UEFI 'secure boot')



  10. Reader's Claim That Rules Similar to the Code of Conduct (CoC) Were 'Imposed' on LibrePlanet and the FSF

    Restrictions on speech are said to have been spread and reached some of the most liberal circles, according to a credible veteran who opposes illiberal censorship



  11. Corporate Media Will Never Cover the EPO's Violations of the Law With Respect to Patent Scope

    The greed-driven gold rush for patents has resulted in a large pool of European Patents that have no legitimacy and are nowadays associated with low legal certainty; the media isn't interested in covering such a monumental disaster that poses a threat to the whole of Europe



  12. A Linux Foundation Run by People Who Reject Linux is Like a Children's Charity Whose Management Dislikes Children

    We remain concerned about the lack of commitment that the Linux Foundation has for Linux; much of the Linux Foundation's Board, for example, comes from hostile companies



  13. Links 15/4/2019: Linux 5.1 RC5 and SolydXK Reviewed

    Links for the day



  14. Links 14/4/2019: Blender 2.80 Release Plan and Ducktype 1.0

    Links for the day



  15. 'Poor' (Multi-Millionaire) Novell CEO, Who Colluded With Steve Ballmer Against GNU/Linux, is Trying to Censor Techrights

    Novell’s last CEO, a former IBMer who just like IBM decided to leverage software patents against the competition (threatening loads of companies using "platoons of patent lawyers"), has decided that siccing lawyers at us would be a good idea



  16. Guest Post: The Linux Foundation (LF) is “Putting the CON in Conference!” (Part 2)

    Calls for papers (CfP) and who gets to assess what's presented or what's not presented is a lesser-explored aspect, especially in this age when large corporate sponsors get to indirectly run entire 'community' events



  17. Patent Maximalists Are Enabling Injustices and Frauds

    It's time to come to grips with the simple fact that extreme patent lenience causes society to suffer and is mostly beneficial to bad actors; for the patent profession to maintain a level of credibility and legitimacy it must reject the deplorable, condemnable zealots



  18. Further Decreasing Focus on Software Patents in the United States as They Barely Exist in Valid Form Anymore

    No headway made after almost 4 months of Iancu-led stunts; software patents remain largely dead and buried, so we’re moving on to other topics



  19. Links 13/4/2019: Wine 4.6 and Emacs 26.2 Released

    Links for the day



  20. Links 12/4/2019: Mesa 19.0.2, Rust 1.34.0 and Flatpak 1.3.2 Released

    Links for the day



  21. Caricature: EPO Standing Tall

    A reader's response to the EPO's tall claims and fluff from yesterday



  22. The EPO is Slipping Out of Control Again and It's Another Battistelli-Like Mess With Disregard for the Rule of Law and Patent Scope

    The banker in chief is just 'printing' or 'minting' lots and lots of patents, even clearly bogus ones that lack substance to back their perceived value



  23. Global Finance Magazine Spreads Lies About the Unitary Patent and German Constitutional Court

    Alluding to the concept of a "unified European patent," some site connected to Class Editori S.p.A. and based in Manhattan/New York City tells obvious lies about the Unified Patent Court (UPC), possibly in an effort to sway outcomes and twist people's expectations



  24. New Building as Perfect Metaphor for the EPO Under the Frenchmen Battistelli and Campinos

    The EPO is in "propaganda mode" only 9 months after the latest French President took Office; the Office is seen as dishonest, even under the new leadership, which routinely lies to the public and to its own staff



  25. Links 11/4/2019: Twisted 19.2.0 Released, Assange Arrested

    Links for the day



  26. EPO Still Wasting Budget, Paying Media and Academics for Spin

    EPO money continues to flow like water into hands that are complicit in legitimising the EPO's management and policies; this highlights the grave dangers of lack of oversight at the EPO, not to mention lawlessness or lack of enforcement



  27. Links 10/4/2019: Microsoft's GDPR Trouble, New Fedora 29 Images

    Links for the day



  28. Linux Magazine is Run by Advertisers, Not GNU/Linux (and It's Hardly the Exception)

    Advertising is big money — so big in fact that publications no longer care what’s true but instead focus on what text brings them more income (from advertisers, of course)



  29. Guest Post: The Linux Foundation (LF) is “Putting the CON in Conference!” (Part 1)

    Proprietary software giants with their sponsorships and gifts are more like Trojan horses or parasites striving to infect the host; how can the LF be protected from them?



  30. EPO Benefits European Patent Trolls With Dodgy European Patents

    The EPO is a stepping stone for parasitic entities looking to leverage patents for exploitative extortion rackets all over Europe; if they get their way, companies that manufacture and sell things will pay a hefty tax to those who create nothing at all and are often not European, either


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts