Bonum Certa Men Certa

Ashley Madison Disaster Apparently the Fault of Microsoft Windows

What kind of company uses Windows for security?!

Hilton Manchester



Summary: New reports serve to show that Ashley Madison's data which got leaked includes complete dump of corporate Windows passwords

TWO months ago we wrote about the Office of Personnel Management (OPM) breach and Microsoft Windows. It's quite unusual for large, high-profile breaches to involve anything but Microsoft, but the media rarely call out Windows, not even when Stuxnet is clearly all about Windows (not surprisingly because Microsoft aids the NSA and the NSA developed Stuxnet) and the Sony were reportedly the fault of a leaky Window server, irrespective of who infiltrated it (an entirely separate question).



Another day, another crack. Because OPM contains the personal details of many rich and powerful people. OPM still dominates the news to some degree (although Windows is rarely mentioned) and now it's Ashley Madison [1,2]. A lot of people, including very high-profile people, can now be publicly shamed and/or blackmailed.

"Well done, Microsoft. Instead of helping just the NSA (and by extension Five Eyes) hoard weapons of blackmail against billions of people the company has now got weapons of blackmail scattered all around the Web, targeting many millions of people."According to this report, the leak "included a full domain dump of corporate passwords (NTLM hashes) of the Windows domain of the company" (hello Microsoft!).

"According to security experts, including Krebs," wrote Gordon in IRC, "it's definitely a legit dump" and there are articles that explain why. "The database dump," to quote this one report, "appears to be legitimate and contains usernames, passwords, credit card data (last four), street addresses, full names, and much much more. It also contains an extensive amount of internal data which looks like the hackers had maintained access to their environment for a long period of time."

Ashley Madison's owners are in panic because a lot of lawsuits may be imminent. They are trying to DMCA sites that share the data, but history teaches that this is a futile effort. They now pay the price of using Windows and many people (perhaps dozens of millions) pay the price of relying on a company that uses Windows.

Well done, Microsoft. Instead of helping just the NSA (and by extension Five Eyes) hoard weapons of blackmail against billions of people the company has now got weapons of blackmail scattered all around the Web, targeting many millions of people. Microsoft leads to a form of global anarchy by making its software flawed by design and leaky by intention. It's that same dumb mentality that leads some politicians to demands of back doors only for the "Good Guys" (them).

Related/contextual items from the news:



  1. Remember How The DMCA 'Stopped' The Release Of Ashley Madison Cheaters Data? About That...
    And... it took longer than expected, but less than a month later, the data file has leaked online, and you can bet that lots of people -- journalists, security researchers, blackmailers and just generally curious folks -- have been downloading it and checking it out.

    Maybe, next time, rather than claiming copyright, the company will do a better job of protecting its systems.


  2. Data from hack of Ashley Madison cheater site dumped online [Updated]
    Gigabytes worth of data taken during last month's hack of the Ashley Madison dating website for cheaters has been published online—an act that could be highly embarrassing for the men and women who have used the service over the years.

    A 10-gigabyte file containing e-mails, member profiles, credit-card transactions and other sensitive Ashley Madison information became available as a BitTorrent download in the past few hours. Ars downloaded the massive file and it appeared to contain a trove of details taken from a clandestine dating site, but so far there is nothing definitively linking it to Ashley Madison. User data included e-mail addresses, profile descriptions, addresses provided by users, weight, and height. A separate file containing credit card transaction data didn't include full payment card numbers or billing addresses.

    [...]

    "We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data," they wrote in an e-mail to Ars. "We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort. Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business."




"Our products just aren't engineered for security."

--Brian Valentine, Microsoft executive



Recent Techrights' Posts

Techrights Will Spend the Next Few Years Writing a Lot About Strategic Lawsuits Against Public Participation (SLAPPs)
It's a growing problem
The State of EPO Staff's Health in Rijswijk or The Hague
We're going to cover the EPO some more later in the month
NVIDIA Corp Lost 36% of Its "Value" Since Cheeto Inauguration, But "Gen Hey Hi" (GenAI) is Totally Not a Bubble
Selling loads of unneeded hardware based on hysterical hype; like selling shovels during a Gold Rush
 
Open Source Initiative (OSI) Privacy Fiasco in Detail: What Was Reported to the California Privacy Protection Agency (CPPA)
We hope to finish this whole lot within a week, then move on to election, lobbying etc.
Links 05/04/2025: Tariffs Backfiring, YouTuber Arrested, X/Twitter Set to be Fined
Links for the day
Gemini Links 05/04/2025: Offline is For Everyone, Copyright Colonialism, and More
Links for the day
Links 05/04/2025: TikTok Unsold (Still), Royal Society is Dead
Links for the day
GNU/Linux Growing in East Asia, Windows by Default No More?
GNU/Linux is now on the shelf
Slopwatch: Anti-Linux 'Articles' From Linux-Hostile LLMs
It is almost always negative things and nobody can be held responsible for it except the charlatans prompting the LLMs
Links 05/04/2025: Fentanylware (TikTok) "Sale Looks Highly Imminent" (US), Stock Market Drowning in Panic
Links for the day
Gemini Links 05/04/2025: Moving Plants, No to Smartwatches, RAID Hygiene
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 04, 2025
IRC logs for Friday, April 04, 2025
Techrights Has Dealt With More Potent SLAPPs Than Violent Microsofters Begging to Hide What They Did to Women
I became accustomed to SLAPPs
Links 04/04/2025: Fury in South Korea, Flight MH370 Remains Mystery
Links for the day
Gemini Links 04/04/2025: Anger and Raspberry Pi CM4
Links for the day
Links 04/04/2025: LLM Slop Bubble Bursting and Korea Music Copyright Association Bans Slop 'Music'
Links for the day
Traf-O-Data, the Company That Jeffrey Epstein's BFF (Bill Gates) (Co)Founded 53 Years and Went Out of Business Due to Heavy Losses
Who will die first, Bill or Microsoft?
Why Microsoft's Shares Sank Almost 20% in Recent Months (the Bubble is Imploding)
verified press reports from the past 24 hours
A Note on SimilarWeb
Or why SimilarWeb is meaningless for more than 99% of the sites on the Web
GNU/Linux Rises to Almost 5% in Algeria While Windows Sinks to All-Time Low
GNU/Linux grew tenfold
Where to Get More Gags
A valued reader recommended that to us
Links 04/04/2025: Tech Stock (Inc. GAFAM) Fall, Google Pretends to Do End-to-End Encrypted Emails (With Google in Control)
Links for the day
IBM Said to be Shutting Down Offices or Sites in the United States
the press can no longer avoid admitting that IBM moves many jobs to India
To Participate in Fedora Diversity You Must Use Proprietary Software
Not for the first time either
LLM Slop as Attack Vector on the Reputation of Linux
The attacks on Linux have escalated to information warfare
Yandex About to Be Three Times Bigger Than Microsoft (Bing) in Asia
That's about 60% of the world's population
Gemini Links 04/04/2025: Decoupling Updates, Elaho as Gemini Client
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, April 03, 2025
IRC logs for Thursday, April 03, 2025
Microsoft's Trouble in Africa and Asia
A new all-time high for GNU/Linux
Brett Wilson LLP Reported to the Solicitors Regulation Authority (SRA)
The saddest thing in all this is that law firms can maintain high standards shall they wish to
Links 03/04/2025: Tariff Pains and C.D.C. Cuts
Links for the day
StatCounter: Microsoft is Masking a Disaster, It's Way Behind DeepSeek Already and Interest in LLMs Has Waned
it turns out the money "raised" for "Open" "AI" may not even exist at all
Links 03/04/2025: SoftBank Money for Microsoft "Open" "AI" Probably Doesn't Even Exist, Wikimedia Foundation Blasts LLM Nuisance While Microsoft Admits Demand Has Shrunk
Links for the day
Gemini Links 03/04/2025: Patch Panel and Pictures
Links for the day
Islamic Republic of Iran: GNU/Linux at All-time High This Month, Windows Falls to 12%
Vista 10 is up this month despite being "end of life" (EoL) soon
Indonesia: All-Time Highs for GNU/Linux
What's noteworthy right now is the growth of GNU/Linux
statCounter Says GNU/Linux Usage is Up Again (Internationally)
some preliminary April data
Only on April 1st Can the Free Software Foundation Associate With Microsoft's Open Source Initiative (OSI)
We saw some pranks that day linking the FSF to Microsoft (e.g. "endorsing" Windows)
Confirmed in the Mainstream Media: A Lot of Microsoft "Workloads" Were Just LLM Slop (Helping to Fake Growth for Years, as Microsoft Had Paid "Open" "AI" to Become a "Client") and Demand is Rapidly Waning, Datacentres Canceled and/or Shut Down
Anything to facilitate further accounting fraud
Taiwan's Media Covers Closure of Microsoft's "AI" Lab, It's Time to Talk About the Gradual Death of Windows and Implosion of the "AI" Bubble
Earlier this week we showed that mostly Asian media had the 'nerve' to mention Microsoft silently shutting down its 'AI' lab
IBM Gets Rid of Kelly Chambliss as Mass Layoffs Reported in IBM Consulting, IBM Loses Key Contracts/Graft
IBM Consulting has been in disarray lately
More Gains for GNU/Linux, Based on Web Surveys
the Steam site shows rapid growth for "Linux" this month
Slopwatch: Anti-Linux Articles, Not Even Written by Humans
Why aren't Web sites more vocal about this problem?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, April 02, 2025
IRC logs for Wednesday, April 02, 2025
Links 03/04/2025: Apple Fined Over Secret Surveillance, "Elegant Writer For A More Civilized Age"
Links for the day