Bonum Certa Men Certa

Ashley Madison Disaster Apparently the Fault of Microsoft Windows

What kind of company uses Windows for security?!

Hilton Manchester



Summary: New reports serve to show that Ashley Madison's data which got leaked includes complete dump of corporate Windows passwords

TWO months ago we wrote about the Office of Personnel Management (OPM) breach and Microsoft Windows. It's quite unusual for large, high-profile breaches to involve anything but Microsoft, but the media rarely call out Windows, not even when Stuxnet is clearly all about Windows (not surprisingly because Microsoft aids the NSA and the NSA developed Stuxnet) and the Sony were reportedly the fault of a leaky Window server, irrespective of who infiltrated it (an entirely separate question).



Another day, another crack. Because OPM contains the personal details of many rich and powerful people. OPM still dominates the news to some degree (although Windows is rarely mentioned) and now it's Ashley Madison [1,2]. A lot of people, including very high-profile people, can now be publicly shamed and/or blackmailed.

"Well done, Microsoft. Instead of helping just the NSA (and by extension Five Eyes) hoard weapons of blackmail against billions of people the company has now got weapons of blackmail scattered all around the Web, targeting many millions of people."According to this report, the leak "included a full domain dump of corporate passwords (NTLM hashes) of the Windows domain of the company" (hello Microsoft!).

"According to security experts, including Krebs," wrote Gordon in IRC, "it's definitely a legit dump" and there are articles that explain why. "The database dump," to quote this one report, "appears to be legitimate and contains usernames, passwords, credit card data (last four), street addresses, full names, and much much more. It also contains an extensive amount of internal data which looks like the hackers had maintained access to their environment for a long period of time."

Ashley Madison's owners are in panic because a lot of lawsuits may be imminent. They are trying to DMCA sites that share the data, but history teaches that this is a futile effort. They now pay the price of using Windows and many people (perhaps dozens of millions) pay the price of relying on a company that uses Windows.

Well done, Microsoft. Instead of helping just the NSA (and by extension Five Eyes) hoard weapons of blackmail against billions of people the company has now got weapons of blackmail scattered all around the Web, targeting many millions of people. Microsoft leads to a form of global anarchy by making its software flawed by design and leaky by intention. It's that same dumb mentality that leads some politicians to demands of back doors only for the "Good Guys" (them).

Related/contextual items from the news:



  1. Remember How The DMCA 'Stopped' The Release Of Ashley Madison Cheaters Data? About That...
    And... it took longer than expected, but less than a month later, the data file has leaked online, and you can bet that lots of people -- journalists, security researchers, blackmailers and just generally curious folks -- have been downloading it and checking it out.

    Maybe, next time, rather than claiming copyright, the company will do a better job of protecting its systems.


  2. Data from hack of Ashley Madison cheater site dumped online [Updated]
    Gigabytes worth of data taken during last month's hack of the Ashley Madison dating website for cheaters has been published online—an act that could be highly embarrassing for the men and women who have used the service over the years.

    A 10-gigabyte file containing e-mails, member profiles, credit-card transactions and other sensitive Ashley Madison information became available as a BitTorrent download in the past few hours. Ars downloaded the massive file and it appeared to contain a trove of details taken from a clandestine dating site, but so far there is nothing definitively linking it to Ashley Madison. User data included e-mail addresses, profile descriptions, addresses provided by users, weight, and height. A separate file containing credit card transaction data didn't include full payment card numbers or billing addresses.

    [...]

    "We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data," they wrote in an e-mail to Ars. "We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort. Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business."




"Our products just aren't engineered for security."

--Brian Valentine, Microsoft executive



Recent Techrights' Posts

Comparing U.E.F.I. to B.I.O.S. (Bloat and Insecurity to K.I.S.S.)
By Sami Tikkanen
New 'Slides' From Stallman Support (stallmansupport.org) Site
"In celebration of RMS's birthday, we've been playing a bit. We extracted some quotes from the various articles, comments, letters, writings, etc. and put them in the form of a slideshow in the home page."
Thailand: GNU/Linux Up to 6% of Desktops/Laptops, According to statCounter
Desktop Operating System Market Share Thailand
António Campinos is Still 'The Fucking President' (in His Own Words) After a Fake 'Election' in 2022 (He Bribed All the Voters to Keep His Seat)
António Campinos and the Administrative Council, whose delegates he clearly bribed with EPO budget in exchange for votes
Adrian von Bidder, homeworking & Debian unexplained deaths
Reprinted with permission from Daniel Pocock
Sainsbury’s Epic Downtime Seems to be Microsoft's Fault and Might Even Constitute a Data Breach (Legal Liability)
one of Britain's largest groceries (and beyond) chains
 
People Don't Just Kill Themselves (Same for Other Animals)
And recent reports about Boeing whistleblower John Barnett
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 18, 2024
IRC logs for Monday, March 18, 2024
Suicide Cluster Cover-up tactics & Debian exposed
Reprinted with permission from Daniel Pocock
Gemini Links 19/03/2024: A Society That Lost Focus and Abandoning Social Control Media
Links for the day
Matthias Kirschner, FSFE: Plagiarism & Child labour in YH4F
Reprinted with permission from Daniel Pocock
Linux Foundation Boasting About Being Connected to Bill Gates
Examples of boasting about the association
Alexandre Oliva's Article on Monstering Cults
"I'm told an earlier draft version of this post got published elsewhere. Please consider this IMHO improved version instead."
[Meme] 'Russian' Elections in Munich (Bavaria, Germany)
fake elections
Sainsbury's to Techrights: Yes, Our Web Site Broke Down, But We Cannot Say Which Part or Why
Windows TCO?
Plagiarism: Axel Beckert (ETH Zurich) & Debian Developer list hacking
Reprinted with permission from Daniel Pocock
Links 18/03/2024: Putin Cements Power
Links for the day
Flashback 2003: Debian has always had a toxic culture
Reprinted with permission from Daniel Pocock
[Meme] You Know You're Winning the Argument When...
EPO management starts cursing at everybody (which is what's happening)
Catspaw With Attitude
The posts "they" complain about merely point out the facts about this harassment and doxing
'Clown Computing' Businesses Are Waning and the Same Will Happen to 'G.A.I.' Businesses (the 'Hey Hi' Fame)
decrease in "HEY HI" (AI) hype
Free Software Needs Watchdogs, Too
Gentle lapdogs prevent self-regulation and transparency
Matthias Kirschner, FSFE analogous to identity fraud
Reprinted with permission from Daniel Pocock
Gemini Links 18/03/2024: LLM Inference and Can We Survive Technology?
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 17, 2024
IRC logs for Sunday, March 17, 2024
Links 17/03/2024: Microsoft Windows Shoves Ads Into Third-Party Software, More Countries Explore TikTok Ban
Links for the day
Molly Russell suicide & Debian Frans Pop, Lucy Wayland, social media deaths
Reprinted with permission from Daniel Pocock
Our Plans for Spring
Later this year we turn 18 and a few months from now our IRC community turns 16
Open Invention Network (OIN) Fails to Explain If Linux is Safe From Microsoft's Software Patent Royalties (Charges)
Keith Bergelt has not replied to queries on this very important matter
RedHat.com, Brought to You by Microsoft Staff
This is totally normal, right?
USPTO Corruption: People Who Don't Use Microsoft Will Be Penalised ~$400 for Each Patent Filing
Not joking!
The Hobbyists of Mozilla, Where the CEO is a Bigger Liability Than All Liabilities Combined
the hobbyist in chief earns much more than colleagues, to say the least; the number quadrupled in a matter of years
Jim Zemlin Says Linux Foundation Should Combat Fraud Together With the Gates Foundation. Maybe They Should Start With Jim's Wife.
There's a class action lawsuit for securities fraud
Not About Linux at All!
nobody bothers with the site anymore; it's marketing, and now even Linux
Links 17/03/2024: Abuses Against Human Rights, Tesla Settlement (and Crash)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, March 16, 2024
IRC logs for Saturday, March 16, 2024
Under Taliban, GNU/Linux Share Nearly Doubled in Afghanistan, Windows Sank From About 90% to 68.5%
Suffice to say, we're not meaning to imply Taliban is "good"
Debian aggression: woman asked about her profession
Reprinted with permission from Daniel Pocock
Gemini Links 17/03/2024: Winter Can't Hurt Us Anymore and Playstation Plus
Links for the day