EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

08.20.15

Ashley Madison Disaster Apparently the Fault of Microsoft Windows

Posted in Microsoft, Security, Windows at 6:50 am by Dr. Roy Schestowitz

What kind of company uses Windows for security?!

Hilton Manchester

Summary: New reports serve to show that Ashley Madison’s data which got leaked includes complete dump of corporate Windows passwords

TWO months ago we wrote about the Office of Personnel Management (OPM) breach and Microsoft Windows. It’s quite unusual for large, high-profile breaches to involve anything but Microsoft, but the media rarely call out Windows, not even when Stuxnet is clearly all about Windows (not surprisingly because Microsoft aids the NSA and the NSA developed Stuxnet) and the Sony were reportedly the fault of a leaky Window server, irrespective of who infiltrated it (an entirely separate question).

Another day, another crack. Because OPM contains the personal details of many rich and powerful people. OPM still dominates the news to some degree (although Windows is rarely mentioned) and now it’s Ashley Madison [1,2]. A lot of people, including very high-profile people, can now be publicly shamed and/or blackmailed.

“Well done, Microsoft. Instead of helping just the NSA (and by extension Five Eyes) hoard weapons of blackmail against billions of people the company has now got weapons of blackmail scattered all around the Web, targeting many millions of people.”According to this report, the leak “included a full domain dump of corporate passwords (NTLM hashes) of the Windows domain of the company” (hello Microsoft!).

“According to security experts, including Krebs,” wrote Gordon in IRC, “it’s definitely a legit dump” and there are articles that explain why. “The database dump,” to quote this one report, “appears to be legitimate and contains usernames, passwords, credit card data (last four), street addresses, full names, and much much more. It also contains an extensive amount of internal data which looks like the hackers had maintained access to their environment for a long period of time.”

Ashley Madison’s owners are in panic because a lot of lawsuits may be imminent. They are trying to DMCA sites that share the data, but history teaches that this is a futile effort. They now pay the price of using Windows and many people (perhaps dozens of millions) pay the price of relying on a company that uses Windows.

Well done, Microsoft. Instead of helping just the NSA (and by extension Five Eyes) hoard weapons of blackmail against billions of people the company has now got weapons of blackmail scattered all around the Web, targeting many millions of people. Microsoft leads to a form of global anarchy by making its software flawed by design and leaky by intention. It’s that same dumb mentality that leads some politicians to demands of back doors only for the “Good Guys” (them).

Related/contextual items from the news:

  1. Remember How The DMCA ‘Stopped’ The Release Of Ashley Madison Cheaters Data? About That…

    And… it took longer than expected, but less than a month later, the data file has leaked online, and you can bet that lots of people — journalists, security researchers, blackmailers and just generally curious folks — have been downloading it and checking it out.

    Maybe, next time, rather than claiming copyright, the company will do a better job of protecting its systems.

  2. Data from hack of Ashley Madison cheater site dumped online [Updated]

    Gigabytes worth of data taken during last month’s hack of the Ashley Madison dating website for cheaters has been published online—an act that could be highly embarrassing for the men and women who have used the service over the years.

    A 10-gigabyte file containing e-mails, member profiles, credit-card transactions and other sensitive Ashley Madison information became available as a BitTorrent download in the past few hours. Ars downloaded the massive file and it appeared to contain a trove of details taken from a clandestine dating site, but so far there is nothing definitively linking it to Ashley Madison. User data included e-mail addresses, profile descriptions, addresses provided by users, weight, and height. A separate file containing credit card transaction data didn’t include full payment card numbers or billing addresses.

    [...]

    “We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data,” they wrote in an e-mail to Ars. “We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort. Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.”

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. 'Corporate Linux' Will Not Protect Software Freedom

    The corporate model is inherently not compatible with software that users themselves fully control (or Software Freedom in general), so we must rely on another model of sovereignty over code and compiled code (binaries)



  2. IRC Proceedings: Friday, October 18, 2019

    IRC logs for Friday, October 18, 2019



  3. 26,000 Posts

    We want to thank those who help spread the word; it gives us moral support and morale.



  4. The Myth of 'Analysts'

    People with exaggerated roles (exaggerated by corporate media and corporations that control them) distort public perceptions about their clients; they're in effect just elevated marketing or Public Relations (PR) operatives



  5. The FSF Has Two Acting Presidents Now

    Alexandre Oliva, who acted as a sort of deputy of Richard Stallman in recent weeks, sheds some much-needed light on the current situation



  6. Should Anybody Dictate the Free Software Movement?

    "There's a great myth, as Jagadees reminds us, that advocacy doesn't produce software. That myth is corporate, and proper advocacy has at times produced the greatest software in the history of computing. If we want great Free software to continue, we need advocacy more than ever."



  7. Links 18/10/2019: More KDE Events and OpenBSD 6.6

    Links for the day



  8. We Don't Know Who Will Run the Free Software Foundation, But We Know Who Will Run the GNU Project

    Software Freedom is under a heavy and perhaps unprecedented attack; some people out there are paid by the attackers to celebrate this attack and defame people (cheering for corporate takeover under the blanket of “Open Source”), but the founder of the Free software movement remains alive, well, and very much active



  9. New EPO Meme: Who Wants to Make Billions From a 'Public' Monopoly?

    What was supposed to be a cash-balanced patent office became a money-making monster that fakes ‘crises’ to attack hard-working examiners



  10. EmacsConf Without Richard Stallman

    Now that emacs is being 'rebranded' this kind of meme seems apt



  11. IRC Proceedings: Thursday, October 17, 2019

    IRC logs for Thursday, October 17, 2019



  12. Guest Article: In the Absence of Richard Stallman OEM Source Software ('Open Source') is Trying to Hijack Even Emacs

    "Now they have to create some fictional history. No need to worry."



  13. Guest Article: Techies Should Not Dictate the Free Software Movement

    "We should start a second phase of the Free software movement that's making good software and putting users at the center."



  14. Links 17/10/2019: Ubuntu Turns 15, New Codename Revealed, Ubuntu 19.10 is Out

    Links for the day



  15. Free as in Free Speech (Restrictions May Apply)

    When limits of speech are not safety-related rules but political correctness or conformism



  16. There Won't be Patent Justice Until Patent Trolling Becomes Completely and Totally Extinct

    SLAPP-like behaviour and extortion/blackmail tactics using patent monopolies are a stain on the patent system; it's time to adopt measures to stop these things once and for all, bearing in mind they're inherently antithetical to the goal/s of the patent system and therefore discourage public support for this whole system



  17. EPO Staff Union and Staff Representatives Ought to Demand EPO Stops Bullying Publishers and Censoring Their Sites

    An often neglected if not forgotten aspect of EPO tyranny is the war on information itself; EPO management continues to show hostility towards journalism and disdain for true information



  18. Bribes, Lies, Fundamental Violations of the Law and Cover-Up: This is Today's European Patent Office

    It has gotten extremely difficult to hold the conspirators accountable for turning Europe’s patent office into a ‘printing machine’ of the litigation industry and amassing vast amounts of money (to be passed to private, for-profit companies)



  19. The Free Software Foundation (FSF) Lost Almost Half (3 Out of 8) Board Members in Only One Month

    As the old saying goes, a picture (or screenshot) is worth a thousand words



  20. IRC Proceedings: Wednesday, October 16, 2019

    IRC logs for Wednesday, October 16, 2019



  21. Startpage and System1 Abuse Your Privacy Under the Guise of 'Privacy One Group'

    Startpage has sold out and may have also sold data it retained about its users to a privacy-hostile company whose entire business model is surveillance



  22. Links 16/10/2019: Halo Privacy, Ubuntu Release Imminent

    Links for the day



  23. IRC Proceedings: Tuesday, October 15, 2019

    IRC logs for Tuesday, October 15, 2019



  24. No, Microsoft is Not an 'Open Source Company' But a Lying Company

    The world’s biggest proprietary software companies want to be seen as “open”; what else is new?



  25. Meme: Setting the Record Straight

    Stallman never defended Epstein. He had called him “Serial Rapist”. It’s Bill Gates who defended Epstein and possibly participated in the same acts.



  26. EPO Staff Resolution Against Neoliberal Policies of António Campinos

    “After Campinos announced 17 financial measures,” a source told us, “staff gathered at multiple sites last week for general assemblies. The meeting halls were crowded. The resolution was passed unanimously and without abstentions.”



  27. Satya Nadella is a Distraction From Microsoft's Real Leadership and Abuses

    "I’m merely wondering if his image and accolades that we’re incessantly bombarded with by the press actually reflect his accomplishments or if they’re being aggrandized."



  28. Raw: EPO Comes Under Fire for Lowering Patent Quality Under the Orwellian Guise of “Collaborative Quality Improvements” (CQI)

    Stephen Rowan, the President’s (António Campinos) chosen VP who promotes the notorious “Collaborative Quality Improvements” (CQI) initiative/pilot, faces heat from the CSC, the Central Staff Committee of the EPO



  29. Making The Most of The Fourth Age of Free Software

    "For better or for worse, we can be certain the Free Software Foundation will never be the same."



  30. FSF is Not for Free Speech Anymore

    The FSF gave orders to silence people


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts