Ashley Madison CEO Steps Down, Reporter Finds Clues To Hacker's Identity 215
Dave Knott writes: Following the recent hacks on the infidelity website Ashley Madison, Noel Biderman has stepped down as CEO of both AshleyMadison.com and its parent company. Avid Life Media Inc., the company that owns the site and many others, announced Biderman's move in a short press release on Friday: "Noel Biderman, in mutual agreement with the company, is stepping down as chief executive officer of Avid Life Media Inc. (ALM) and is no longer with the company. Until the appointment of a new CEO, the company will be led by the existing senior management team." Before the data hack, the company was planning an IPO in London that would have taken in as much as $200 million from investors. According to regulatory filings, the company had $115 million in revenue last year, more than four times the amount it obtained in 2009.
Meanwhile, in related news, Brian Krebs (the reporter who first uncovered the hack) says he has uncovered clues to the possible identity of the hacker. Krebs says he noticed the Twitter account operated by a known hacker recently posted a link to Ashley Madison's stolen proprietary source code before it was made public. Intrigued by the poster's apparent access, he examined the account's posting history and noticed a predilection for the music of Australian hard rock band AC/DC. This jibes with the behavior of the hacker(s), who had displayed threatening messages on the computers of Ashley Madison employees, accompanied by AC/DC song Thunderstruck. In a series of tweets, the owner of the account, one Thadeus Zu, appears to deny that he was behind the hack, and indeed makes several suggestions that the account itself isn't even run by one person, but is instead an amalgam of like-minded digital vigilantes. The NY Times also reports that people whose details were contained in the leak are beginning to face threats of blackmail.
Meanwhile, in related news, Brian Krebs (the reporter who first uncovered the hack) says he has uncovered clues to the possible identity of the hacker. Krebs says he noticed the Twitter account operated by a known hacker recently posted a link to Ashley Madison's stolen proprietary source code before it was made public. Intrigued by the poster's apparent access, he examined the account's posting history and noticed a predilection for the music of Australian hard rock band AC/DC. This jibes with the behavior of the hacker(s), who had displayed threatening messages on the computers of Ashley Madison employees, accompanied by AC/DC song Thunderstruck. In a series of tweets, the owner of the account, one Thadeus Zu, appears to deny that he was behind the hack, and indeed makes several suggestions that the account itself isn't even run by one person, but is instead an amalgam of like-minded digital vigilantes. The NY Times also reports that people whose details were contained in the leak are beginning to face threats of blackmail.
That really narrows it down (Score:5, Funny)
There must only be a handful of people that could match such a specific description: listens to AC/DC, uses twitter, and denies any culpability. AC/DC has only sold around 200 million albums, so that alone dramatically restricts the possible culprits. The intersection between AC/DC aficionados and Twittter's 300M active users must be minuscule, maybe only one or two possible people.
Re:That really narrows it down (Score:5, Informative)
Re:That really narrows it down (Score:5, Interesting)
Didn't a variant of stuxnet play Thunderstruck when it pwned the Iranian nuclear facilities? So, one does not have to be an AC/DC fan to think up taunting AM with Thunderstruck during the hack. Just giving a nod to stuff better hackers than you did before.
Re:That really narrows it down (Score:5, Funny)
Re: (Score:3)
Ahh, so the whole Ashley Madison hack was actually a surreptitious promotion of AC DC https://www.youtube.com/watch?... [youtube.com]. So hacks are bad and some a truly hilariously glorious. What is even funnier is data analysis of the Ashley Madison information tended to indicate that by far the majority of 'females' were fake entries and it is not the data leak killing the company but the rampant fraud by company being exposed (so many rats caught by so much fake cheese). Who knows perhaps AC DC is hacking music.
He should be going to jail (Score:5, Informative)
He ran a fraud:
Almost None of the Women in the Ashley Madison Database Ever Used the Site [gizmodo.com]
...
About two-thirds of the men, or 20.2 million of them, had checked the messages in their accounts at least once. But only 1,492 women had ever checked their messages.
...
... a member had last replied to a message from another person on Ashley Madison. 5.9 million men had done it, and only 9700 women had.
...
Out of 5.5 million female accounts, roughly zero percent had ever shown any kind of activity at all, after the day they were created.
...
Re: (Score:2)
I sincerely doubt it would legally be a fraud, I imagine they had those bases covered with ToS language. I agree that it was certainly misleading given the fact that they apparently had bots pretending to be females.
There were definitely women who used the service, however. Both the credit card records and some reports of females who had used it make that pretty clear.
There's also the fact that once a female made a response in that sort of environment, you'd probably have a date and be able to take it off
Re:He should be going to jail (Score:5, Funny)
Ladies night in you neck of the woods involves a bunch of men in dresses trying to fool someone?
You need to find some new bars to go to, unless that's what you're into of course.
Re:He should be going to jail (Score:5, Insightful)
I imagine they had those bases covered with ToS language.
A judge may not side with them just due to ToS. And A.M. misrepresented the facts pretty grossly here, and failed to live up to its obligations (paid delete).
Canada is pretty pragmatic about contracts; and its pretty common to side with the "little guy" if the contract is deemed to be deliberately constructed to weasel out of what a reasonable person should think they were signing up for.
There's also the fact that once a female made a response in that sort of environment, you'd probably have a date and be able to take it off the site,
Even so... only 9700 accounts by women ever sent a single message. And we don't know how many of those 9700 sent only one and then vanished, or how many of them had been online in the last 3 years... the number of active women on the site could well have been in the middle HUNDREDS.
As you pointed out, the numbers of women actually participating were overwhelmingly dwarfed by number of males, just as they are on most dating sites
1) Were not talking overwhemlingly dwarfed. I consider 10 or 20 to 1 to be overwhelmingly dwared. We're talking thousands to 1, maybe even 10s of thousands to 1. You could spend your whole month sending female profiles messages without getting a response... not because the women weren't interested in you, but because you never actually sent it to an account a woman actually even used.
Given that AM is charging you to send messages to these women (over and above "membership")... they are literally taking money so you can send a message to a fake account that no woman has ever used. Men may have to accept that not every message they send will be responded too, or even read, but to accept (without clear disclosure) that they have *vanishingly small odds* the messages they are paying to send will even be delivered to an account a real person even uses is beyond the pale. That's fraud.
just as they are on most dating sites. Most of the money in those sites is getting males to stay interested enough to keep shelling out money.
All that suggests is that fraud is probably pervasive in the industry and perhaps we should regulate these sites to disclose membership numbers, and for those numbers to be independently audited.
So that consumers can make an informed buying decision.
It's like ladies night at the bars.
I can see pretty clearly whether or not there are any ladies at the bar. And its not terribly hard to tell if they are all hookers and hostesses paid by the bar itself to be there.
Re:He should be going to jail (Score:5, Insightful)
He ran a fraud:
That seems possible, and perhaps even likely. But the Gizmodo story overlooks something.
From your link:
There are definitely other possible explanations for these data discrepancies. It could be that the women's data in these three fields just happened to get hopelessly corrupted, even though the men's data didn't. Or maybe most of those accounts weren't deliberately faked, but just represented real women who came to the site once, never to return.
There's an obvious missing alternative possible explanation here -- The hackers could have tampered with the data.
This hack is notable because of its specific target of embarrassing and destroying the reputation of the company. Erasing or tampering with very specific database fields that make it look like Ashley Madison was perpetrating a complete fraud... well, that's certainly a convenient way to provide the final knife blow to any credibility the site or its management might have had.
Don't get me wrong -- I have no doubt that the site likely fabricated thousands or maybe even tens of thousands of female profiles, perhaps as initial enticement to get the site going in the beginning (since female numbers obviously are going to be less, as on any dating site). But the Gizmodo analysis wants us to believe that the ratio of active male:female members was something like 1000:1 or greater. Men and women certainly are different, but it's a little hard to believe that they're THAT different.
I'd say it's at least POSSIBLE that this data has been altered or tampered with by hackers who clearly have a specific moral agenda. This kind of tampering -- if it happened -- would effectively further their agenda to discredit the company. But perhaps it also serves other purposes... certainly there's been speculation that this moral attack was motivated by a personal affront or something. Perhaps the hack was partly motivated by someone specifically angry about a situation involving men cheating. Erasing data from most of the female accounts makes the men look even more desperate and pathetic than before, while simultaneously making the women look more "innocent."
I don't much care either way. But the reality is that the only data being used to support these claims has passed through hackers who clearly have their own agendas. Thus, we should be suspicious about apparent trends in that data which also conveniently further the hackers' moral agenda.
Not saying my hypothesis here is true, or even that it's likely. But it shouldn't be completely ignored as a possibility.
CEOs stepping down (Score:5, Informative)
Protip: The CEO stepping down after a public embarrassment has never been anything other than a publicity stunt to save face. It does not represent remorse or an intent to change policy. At most, it means "we want someone who will do continue to do the same things we've always done but, somehow, will magically make these revelations stop happening".
I would be shocked if Biderman wasn't receiving a nice golden parachute along with it. Or at least silver.
Re:CEOs stepping down (Score:5, Interesting)
I'm not sure what the point of any of this is. Between the hacks and the revelations that the site is little more than a few hookers, some staff trying to titillate members, and a whole fucking lot of men, I'd say AM is pretty much dead at this point.
When I'm tinfoil hat mode, I wonder if this hack was really about some competitor committing an act of commercial homicide. It sure would be one way to wipe out a dominant player in the "find you a fuck buddy" industry.
Re: (Score:2)
Is this an actual industry?
Wow, I'm out of touch with this stuff.
Re: (Score:2)
Is this an actual industry?
Personal ads back in the paper days, craigslist, etc...
Yes, it's an industry. However, most at least maintain the pretext that it's 'singles' seeking others.
Re: (Score:2)
Never heard of Tinder, Adult Friend Finder, Fuckbook, etc?
Re: (Score:2)
Technically it's the second oldest profession...
Re: (Score:2)
Then they may have just shot themselves in the foot as well. If there were only 15000 women on the world's largest site and millions of men, it is hard to believe that the second tier sites are not the same. Lol, the world's biggest sausage fest. Good luck 'rest of industry'.
Re: (Score:2)
I long ago heard some anecdotal claim that most of the people on lesbian web forums were middle-aged men dirty talking to each other.
Re: (Score:2)
I think it's more revealing that AM with full consent of the executives were caught doing the same thing to a competitor. AM is not clean and neither are its exe
Re:CEOs stepping down (Score:4, Insightful)
I expect they'll hire someone from a well-known tech company to be CTO, who will give a buzzword-filled speech frequently referencing encryption and 'best practices' and how incredibly secure their new system will be. The new CEO will announce that they won't hold on to personal data any more once one pays to delete it, that financial data will be held in a separate system/outsourced, and steps will be taken to improve the male/female ratio. They might even change their TOS to remove reference to the 'for entertainment only' women, and claim to stop using them. They'll almost certainly change their website name, maybe just to the initialism 'AM', to make it harder years from now to find out that it'd been hacked.
One might remember that Plenty of Fish and Adult Friend Finder have both been hacked in recent years, which didn't kill those sites.
Re: (Score:2)
Biderman was a founder of AshleyMadison.com. You can be sure he's already been paid. Unless he's been squandering his money on hookers and blow (which admittedly is something he might do), he's not going to lose his shirt.
Any lawsuits that breach the corporate barrier may be an issue, though.
He quit because that is what a CEO does who has presided over such a disastrous set of events. At least in this case, he was the man in power during all of those actions, so he did richly deserve it. He's not just t
Re: (Score:2)
Not to worry. (Score:2, Insightful)
He'll find another place to lose control of people's data.
Revenue numbers (Score:2)
Has anyone compared the claimed $115 million in revenue to the leaked data? I've read some suggestions that their revenue was a lot higher.
I'm not sure this is the right response (Score:5, Insightful)
Just because they used illegal techniques to attack a morally reprehensible company doesn't mean their techniques are magically vindicated. Celebrating the hack is immoral as well.
Re:I'm not sure this is the right response (Score:5, Insightful)
I do not think many people are celebrating these hackers. I have no personal stakes in the story but I follow it because I find it socially interesting. It shows that security of webservices is critical to the life of many people. Ashley Madison is one thing with measurable but small social impact. If facebook's database was made public, the uproar would be much bigger.
Overall, this story makes it more clear why I would rather not participate in so called social networks. And it also gives a good example to give my student when talking about SQL injection, stack overflows and user input validation in general.
Re:I'm not sure this is the right response (Score:4, Insightful)
I do not think many people are celebrating these hackers
Admittedly, it is hard to say how many people are celebrating them. However, there have been plenty of posts and stories here on slashdot that have been. And when hackers (and wannabe hackers) see that publicity they might consider going that way against something that they dislike as well...
Re: (Score:2)
Ashley Madison is one thing with measurable but small social impact.
Clearly you haven't seen my profile. Just ask all my ladies about my "social impact".
[bonus joke: that's what she said]
Re: (Score:2)
Re: (Score:2)
You do a good job covering the "Two wrongs don't make a right" argument, but that does not excuse AM from it's wrong doing. Look at this from a slightly different perspective.
AM doing shitty things resulted in vigilantism because these people are operating illegally (AFAIK at least) and nobody was doing any investigating or prosecution. I'm sure that Canada has laws to protect consumers from deceptive advertising tactics and fraud. If not, the US could request that Canada extradite the people responsibl
Re: (Score:2)
Re: (Score:2)
Ashley Madison was not intentionally deceiving people to make money? The Police were all over them ensuring prosecution for fraud? Regulators were investigating? AM had no notice to come clean long before the breach? None of those are true and you know it.
So what you are saying is those guys can lie for some reason. Is it because they have lots of money? You happen to have morality that sympathizes with cheaters? Sorry, I don't see them as any better than the people selling "grow 3 inches" medicine.
Re:I'm not sure this is the right response (Score:4, Insightful)
The hackers didn't blackmail the users. Or, they're really, really bad at blackmail. There's two parts to blackmail:
A) "Hey everyone! Here's what this guy did!"
B) "Hey buddy, pay me or I'll tell everyone what you did."
For blackmail to be effective and profitable, which should come first, A or B?
Re: (Score:2)
nobody was doing any investigating or prosecution.
I'm not so sure that nobody was doing any investigating or prosecution. Just because there wasn't front-page news about such an action doesn't mean it wasn't being done. The wheels of justice don't always turn quickly, and fraud investigations in particular are seldom quick.
I'm sure that Canada has laws to protect consumers from deceptive advertising tactics and fraud.
I'm pretty sure they do as well.
If not, the US could request that Canada extradite the people responsible and provide full criminal prosecution.
That would be difficult (although I expect the Canadian laws would be more than sufficient). There are many cases of international fraud being committed over the internet with American victims, and v
Re: (Score:2)
I'm not so sure that nobody was doing any investigating or prosecution. Just because there wasn't front-page news about such an action doesn't mean it wasn't being done. The wheels of justice don't always turn quickly, and fraud investigations in particular are seldom quick.
First, you would need to prove this. We know they were acting illegally, no need for that proof. Second, delays in law are generally a corruption and no different than no charges. This tactic has been used for decades to my knowledge with US Politicians and uber wealthy people, but I study history and this was also done throughout our written history. More often in the most corrupt societies, less often after revolutions and cleaner societies.
Intentionally dragging feet leads to vigilantism for the same
Re: I'm not sure this is the right response (Score:2)
Sure, they broke the law. Do did Batman, Robin Hood, Han Solo, Edmond DantÃs, Malcolm Reynolds and a host of other characters.
As a society, we absolutely love stories where some rogueish antihero skirts the law to bring down or expose some greater villainy. Is it any wonder that we react similarly when it happens in real life?
Re: (Score:2)
I think you completely missed the GP's point... which was that we craft our fiction to reflect our reality. As a society we do, in fact, love vigilantism. Even if we do outwardly claim to despise it.
Re: (Score:2)
who was MLK? i am not allowed to find out because his estate has kept a deathgrip on all his speaches. [motherjones.com]
His children seem more interested in making an easy buck than spreading his message, whatever that was about...
Re: (Score:2)
I don't condone hacking but I have to wonder if the original intent was to find specific people of prominence to blackmail. But when they found out that there were basically no women on the site and all the men were being systemically defrauded, they decided to expose the whole company instead. That to me makes a certain amount of sense.
No matter the original intention of the hackers and how it led to the release of the records, I have to wonder how long it will be until the class action lawsuit is filed
Re: (Score:3)
I don't see the blackmail-type of hacker becoming an "outraged" type of hacker. Someone who blackmails a site like this doesn't care how they get their money, they just want a cut of it. It's a very pragmatic business. They're parasites, why would they kill a site that they know they could knock over every few months or years?
I think this was an inside job due to someone who sounds like they flew into a righteous rage about what ALM was and was not doing. Or not-so-righteous rage if ALM somehow failed t
Re: (Score:2)
Re: (Score:2)
Just because they used illegal techniques to attack a morally reprehensible company doesn't mean their techniques are magically vindicated. Celebrating the hack is immoral as well.
If the hacker gets caught, he'll end up in jail, but tell me you didn't smile when you first heard about the hack. It's pretty hilarious.
Re: (Score:2)
Just because they used illegal techniques to attack a morally reprehensible company doesn't mean their techniques are magically vindicated. Celebrating the hack is immoral as well.
If the hacker gets caught, he'll end up in jail, but tell me you didn't smile when you first heard about the hack. It's pretty hilarious.
I don't care for AM. If what I read about them on wikipedia (in particular the number of bogus "female" accounts that exist primarily to separate men from their money) is true they are a terrible operation. However, the hack did not show us what is written about them on wikipedia, other work did. This is the information that will be the most useful towards shutting them down (as a fraudulent operation).
Pretending that the hack did some kind of great public good itself does no public good.
Re: (Score:2)
Re: (Score:2)
Did you not also smile when you first heard of the Fappening?
Re: (Score:3)
Look, you got caught cheating. We get it. I suggest you make the best of it and move on.
Re:I'm not sure this is the right response (Score:4, Insightful)
Make no mistake, I don't like what Ashley Madison did. . They've been exposed for running a scam web site designed to sucker men out of lots of money quickly. However, that doesn't justify the hack - which is almost certainly a criminal offense at this level.
Just because they used illegal techniques to attack a morally reprehensible company doesn't mean their techniques are magically vindicated. Celebrating the hack is immoral as well.
And Rosa Parks should have gone to jail for disobeying a bus driver right? If an activist didn't break the law, they probably aren't getting anything done.
The "protesters" holding signs and singing songs in the designated free speech zone behind parking lot D and signing whitehouse.gov petititions... those guys are accomplishing jack and shit.
You want real change? You need need real activism, a few hundred thousand people blocking all the streets around the state capital, and refusing to disperse... protesting with out a permit?! gasp. But they're breaking the law... and we shouldn't celebrate them.
Whether its Rosa Parks breaking the law that said she had to move to the back when the bus driver said so. Or activist journalists violating the law in some state preventing them from videoing or photographing animal treatment in farm facilities. Breaking the law is sometimes the right thing to do; sometimes the necessary thing to do.
At the same time, yes, vigilantism, bypassing the legal system to mete out punishment directly is often a miscarriage of justice, and that is immoral.
The upshot is that morality of an illegal act hinges on a lot more than simple legality.
The law tries to reflect morality... not the other way around.
Celebrating the hack is immoral as well.
In this case maybe. Or maybe not. The fact that the hack was illegal does not automatically make it immoral. Given the extent of fraud perpetrated, maybe it was moral. Given the "innocent" victims... maybe it wasn't.
So far, I think the balance is that it was moral.
Re: (Score:2)
What was the point of that post? Are you suggesting that the hackers are some sort of vigilante activist group out to stomp out infidelity or immorality in general? Is that what you think this is about?
From the first statements by the hackers it seemed pretty obvious that this was personal, an attack against that specific company (and the CEO personally) for fraud, personal enough that it sounds like the hackers got burned by the company at some point. I don't see any crusade against immorality here. Th
Re: (Score:2)
Are you suggesting that the hackers are some sort of vigilante activist group out to stomp out infidelity or immorality in general?
Huh? I felt the hackers made a stand against the fraud perpetrated by the company, not infidelity in general. Where did you infer infidelity from my post?
From the first statements by the hackers it seemed pretty obvious that this was personal, an attack against that specific company (and the CEO personally) for fraud,
Agreed. (emphasis mine)
What was the point of that post?
Primarily to refute the claim made in the post I replied to that "because the hackers committed an illegal act that what they did was immoral, and it's immoral to 'celebrate' their hack."
I didn't raise the topic of infidelity or its morality at all in my post.
Re:I'm not sure this is the right response (Score:4, Insightful)
Few people are "celebrating."
We're sitting here with our popcorn. You've got fuckers (Impact Team) fucking fuckers (AM) who were fucking fuckers (cheaters). Impact team also fucked those last fuckers.
Oh and if they get caught then more fuckers (the government) will fuck those first fuckers (Impact Team). And may also fuck those second fuckers.
I feel a tiny bit bad for any innocents who may have been on AM who had their data leaked. But, well, you lie down with dogs...
Re: I'm not sure this is the right response (Score:2)
Dead. (Score:2)
Spending More Time With 'Family' (Score:4, Funny)
He decided he 'wanted to spend more time with his mistress... err, wife.'
Re: (Score:2)
He decided he 'wanted to spend more time with his mistress... err, wife.'
I had to look it up to confirm, but yes, apparently Noel Biderman did in fact find the most gullible woman in the world to marry him. He's also admitted to multiple affairs.
Shit I'm sorry, I should have started this post with a warning to get your fainting couch ready. Hopefully I didn't harm anyone with these stunning revelations.
Where do these people go? (Score:5, Interesting)
I've often wondered what happens to people like this after the fact.
For example, recall Aaron Barr [wikipedia.org], the guy running HB Gary and who claimed he could "out" the Anonymous members by dubious correlation of social media accounts.
Or that guy Paul Christoforo [kotaku.com] who threw down with Penny Arcade founder Mike Krahulik (and got fired, banned from PAX, and his marketing company's client dropped them).
Do these people find jobs somewhere on this planet? Does Kevin Mitnick's security firm have a lot of customers?
The Ashley Madison guy - that's 'gotta be an awkward interview, you know.
"Why did you leave your previous place of employment?"
Re: (Score:2)
Well, Krebs is a legit security researcher. He's been on /. many times.
I think he's overstating things here, as "Thunderstruck" played during a hack to me doesn't say "AC/DC fan" it says "stuxnet lolz nice one." But, announcing that may have been a tactic. Zu, there, ah, the lady doth protest too much...
Re: (Score:2)
For example, recall Aaron Barr
After he shot Hamilton he did just kind of fade into obscurity.
It pays to resign. (Score:2)
It's the music's fault! (Score:2)
Never have I been more ashamed (and afraid) of having an AC/DC collection ;) .
Of Course Biderman Steps Down! (Score:3)
Biderman has milked the fake cow for all it's worth. Time to move on.
inside job (Score:5, Interesting)
This whole thing screams "inside job".
A lot of the information that has been released, most notably employee emails and internal company documents, couldn't possibly have also been on the servers that held the databases for the AM site. So either (1) the hackers thoroughly penetrated the company and got *everything*, or (2) the people running AM were stupider than I believe possible (actually you would have to *work* to put all of your eggs in one basket that way), or (3) someone swiped backup tapes when they were on their way out the door.
The last theory is the simplest.
Most places I worked at did offsite backups. The backups were left at the front desk for the courier to pick up each day. If some backups went missing there probably wouldn't be a freakout -- they'd just figure someone had thrown them in the trash or picked them up by mistake. Even if they did freak out they would do so very privately.
Re:inside job (Score:5, Insightful)
This whole thing screams "inside job".
A lot of the information that has been released, most notably employee emails and internal company documents, couldn't possibly have also been on the servers that held the databases for the AM site. So either (1) the hackers thoroughly penetrated the company and got *everything*, or (2) the people running AM were stupider than I believe possible (actually you would have to *work* to put all of your eggs in one basket that way), or (3) someone swiped backup tapes when they were on their way out the door.
Well, compromise a Domain Admin account, and you pretty much own all of the servers an all-Microsoft shop. Lazy Linux administration can lead to a similar fate (excepting Exchange email, perhaps). Given the sorry state of security I've seen pretty much everywhere, once you get a foot in the door, it's not hard to expand your reach.
Re: (Score:2)
Well, compromise a Domain Admin account, and you pretty much own all of the servers an all-Microsoft shop.
Pretty much.
Lazy Linux administration can lead to a similar fate
I'm not sure why you are calling it "Lazy" for a Linux admin?? even a competent and proactive linux admin would still be thoroughly vulnerable if his credentials were compromised.
This company really wouldn't need to be terribly big or complicated, so the IT team probably had keys to everything, like pretty much any small/medium business with a small IT team, or it could have been via outsourced IT or credentials used by outsourced IT...
Or the attack just needed to be against the backups. If the
Re: (Score:2)
Lazy Linux administration can lead to a similar fate
I'm not sure why you are calling it "Lazy" for a Linux admin?? even a competent and proactive linux admin would still be thoroughly vulnerable if his credentials were compromised.
I mean things like using the same password for root on every server. I've even seen places that had admin users' usernames all given UID 0, so they didn't have to bother with sudo or su. So no, Linux isn't invulnerable by any means, but you can certainly make it much worse.
Re: (Score:2)
I mean things like using the same password for root on every server.
Gotcha; one can do that on windows too. Every server has a local admin account. So if that were reused you could jump from server to server even without a domain admin.
I've even seen places that had admin users' usernames all given UID 0, so they didn't have to bother with sudo or su.
Heh. That just seems dangerous. I'm not sure it really makes things more vulnerable though to penetration.
So no, Linux isn't invulnerable by any means, but you can certainly make it much worse.
Fair enough. But the reality is that even a competent active linux admin is going to have the equivalent ease of access to his server pools as a domain admins in windows.
I just felt that by contrasting windows and linux admins the way you
Thadeus Zu!? Gotta be him! (Score:3)
Thadeus Zu can't claim innocence while having an actual cyberpunk hacker name on his birth certificate :-P
I like AC/DC (Score:2)
What does this have to do with anything? Well, nothing really, just thought nerds might be interested in it.
Re: (Score:2)
Blackmail? (Score:2)
Re:Ironic (Score:5, Informative)
Than all of them, probably.
The guy who ran a website for cheaters was always open about that fact.
I'm less convinced in the transparency or honesty of pretty much any political candidate.
Re: (Score:2, Funny)
I'm less convinced in the transparency or honesty of pretty much any political candidate.
Apparently some people find Trump to be a little too transparent and honest.
Re: Ironic (Score:2)
Re: (Score:2)
Re: (Score:3)
Donald Trump has had many employees of his come forward as illegal aliens. No other candidate has had any do the same.
Re: (Score:3)
Businesses Trump has been involved with have filed for corporate bankruptcy 4 times
So he signed the paperwork on 4 bankruptcies, but never went bankrupt. That makes logical sense only to an insane fanboy.
He has been incredibly successful in business by any reasonable metric
And, like most rich people, was born rich and white. Yay white privilege. He worked hard to be born rich and white. Eminem has more "business" experience than Trump. Eminem's net worth is many more times greater than Trumps, comparing today to birth. Yes, trump did well with the millions he was born with, but he was born a multi-millionaire. If you want to talk success, try talking
Re: (Score:2, Insightful)
Trump isn't remotely honest, but he does say the xenophobic things
Please keep making comments like this. Comments like this are what is fueling Trumps campaign.
We are so fucking sick of being called out as racists or mean or anti-woman or anti-science or whatever sanctimonious bullshit phrase you want to throw at us.
And yes, I'll get a flamebait mod with a few smug responses like "well then don't be conservative" or some variation of that but these comments are getting old.
Just look at this thread...
http://slashdot.org/comments.p... [slashdot.org]
For me to defend Bush makes me sick but
Re:Ironic (Score:5, Insightful)
look at my user name.
Trump went on air and intentionally mocked Asians by using a stereotyped pinyin/coolie accent. he went on air another time and labeled latino immigrants as criminals and worse things.
that is racist in my book. and if you don't see it, consider that you might actually be a racist, too. racism isn't just wearing white hoods and going around burning crosses. it's ALSO staying silent or even applauding utter garbage like that uttered by Trump.
the most disgusting part of it: Trump knows EXACTLY what he's doing. he's riling up the ultra-conservative base to build primary support. that is solid proof of what powers the modern GOP.
Re: (Score:2, Offtopic)
We are so fucking sick of being called out as racists or mean or anti-woman or anti-science or whatever sanctimonious bullshit phrase you want to throw at us.
So stop being racist, mean, anti-woman, anti-science sanctimonious bullshit?
In all seriousness though, this article has an interesting take on Trump:
http://www.huffingtonpost.com/... [huffingtonpost.com]
Re: (Score:3)
Well actually, I would say he plays to a broad demographic of uneducated, mostly poor, white people. He is, and always has been, playing a public character. His public character started when he inherited his fortune and spent the next decade or two pretending to be a shrewd business man just because he is rich.
Like most politicians, his words have no meaning, and his real backers know that. They know what side he will be on when the decisions come, and, its the same side all the other candidates are on.
It r
Re: (Score:3)
It doesn't matter what her stance is. So many hate her as a person that her politics don't matter. To the conservatives, this is a personal issue, not a politica
Re: (Score:3)
Re:Ironic (Score:5, Informative)
The guy who ran a website for cheaters was always open about that fact.
On the other hand he was less than honest about how many actual women were on the site. (Fewer than 15,000 vs millions of clearly fake profiles) and also less than honest about what a "paid delete" actually paid for.
So men paid money to join a site to cheat with women that didn't exist, were then charged extra to send messages to women's accounts that were fake, and then when they paid even more to delete their accounts, well that didn't happen either.
If that's your idea of honesty and transparency, I don't know what you think counts as "dishonest".
Re: (Score:3)
Re: (Score:2)
So freelance blackmailers are encroaching on their paid delete quasi-blackmail-wink-wink.
> people whose details were contained in the leak are beginning to face threats of blackmail.
"I see you joined Ashley Madison, Mr. Slashdotter, but nobody cheated with you. I will reveal your pathos unless you pay me 400 quatloos in Bitcoin."
Re: (Score:2)
Fewer than 15,000 vs millions of clearly fake profiles
We'll never know exactly how many women were actually using the site. 12,000 seems awfully low, frankly. That number only comes from the number of female accounts who paid to have their information deleted, which is the single best indicator that an account belonged to an actual person. On the men's side, only around 173,000 thousand men (out of over 31 million accounts) paid to have their information deleted. If the same proportion of men and women paid to have their accounts deleted then that would in
Re:Ironic (Score:4, Informative)
Like I said, I doubt we'll ever know the exact number, but the truth is probably somewhere between 12,000 and 2.1 million.
http://gizmodo.com/almost-none... [gizmodo.com]
The truth is probably somewhere below 15,000 'real' members, and probably much lower, like 1000. After all, someone joining and responding to a couple messages and then never coming back is being counted as an "active" member here. I'm willing to bet of the 10k women who had replied to "at least 1 message", a majority of even them were gone within a week or two. And that 15,000 includes people who were active in the past but might not have used the site in 2 years... how many active women were there in the last 3 months? I think one could credibly suggest it was in the hundreds.
Only 1,492 women had ever checked their inbox. (20 million men had)
Only 9,700 women had ever replied to a single message. (Note the article explains how this number can be higher than the above number.) (6 million men did)
Only 2,400 women had engaged in chat. (11 million men did)
The higher portion of paid deletes for women also lines up with the large number of female accounts that basically existed for one day and never came back; a good number of those may have opted for the paid delete. Especially if they were only checking to see if their husband had an account.
The proportions don't line up 100% (although it makes sense that more men checked their inboxes; they weren't getting all the messages on login that women did. So women would answer their messages directly from login, and rarely check their inbox, while men would futilely check their inbox looking for messages that would never come.)
Frankly, as I said, based on what I see there. I don't think the site even credibly had even 1000 active women on it at any one time.
Re:Ironic (Score:4, Insightful)
Yes, I know where and how you calculated based on paid deletes.
The paid delete functionality is the one good indication that an account was genuine,
a) First, no. I think "responded to at least one message" is FAR more telling. In theory they could have been faking reponses etc making that metric useless... but the fact that it is SO RIDICULOUSLY LOW tells us that they weren't, and it tells us that however many women joined only an insigifcant number deleted.
b) Also no. I think women may have been significantly more inclined to use the paid delete option then men for a variety of reasons. So your calculation is suspect. Further it evidently counts women who created an account only to lurk or see if their husband joined. Even if you want to count them as "members", the fact that they weren't responding to any messages at all is material evidence that even though they joined they simply weren't engaging in the site.
Look at "responded to at least one message" and "checked inbox".
Less than 10,000. You don't need to "correspond that with men" to come up with a number of women engaged in the site. It stands on its own. Less than 10000 accounts belonging to a female ever responded to a single message, fewer still ever checked there inbox. Half the men responded (to what exactly, I wonder?!!) and nearly all of them checked their inboxes.
You can't tell me there 2 million women on the site, when fewer than 10k ever responded to a single message or checked their inbox or enaged in chat. If they were "there" they may as well not have been as far as the men were concerned. And more likely than not, they weren't really there, or were signed up en-masse at A.M sponsored ladies night events. And they never used the site at all, beyond filling out a paper ballot with some info to get a free drink or something. (I admit I'm speculating here.) To count such accounts, where there is no evidence they logged in more than once, no evidence they logged in even once... is dishonest to say the least.
There is evidence 20,000,000+ men used the site. There is evidence fewer 10,000 women did. Whereas you call the paid deletes the "one good bit of data" I disagree... I suspect more women paid to remove there info from the site than actually used it, under a variety of scenarios.
I'm not talking about "at any one time".
I know. I brought that up after the fact to illustrate that not only was 10,000 the upper maximum of responsive women, but its extremely unlikely there were even that many women. 2 million simply lacks any credibility at all whatsoever.
Re: (Score:3)
OK then tell me which presidential candidate in the history of American politics, has ever admitted that some of his campaign promises might be for entertainment purposes only.
The president isn't the king. Anyone with basic civics knows that the president isn't really empowered to do all that much without the support of Congress; and is subject to the law and consitution, at least in theory :) and that even on something he can act on, may be challenged in court and tied up.
So an "election promise" by a presidential candidate amounts to little more than a policy statement.
That said, 45% kept, another 25% compromised isn't bad, and 7% more "in the works"...
http://www.politifact.com [politifact.com]
Re: Ironic (Score:2)
There are many analysts checking the massive data leak, this thing, the entire company & website could turn out to be scam of the century.
Don't speak too soon about integrity and the CEO.
Re: (Score:2)
A guy who runs a web site for cheaters has more integrity than a certain presidential candidate...
This is just stupid. Seriously? Hillary had her own mail server. Big deal. That doesn't make me dislike her any more than I already do because all politicians are clueless about technology. The AM CEO basically discussed hacking a rival with his CTO: http://krebsonsecurity.com/201... [krebsonsecurity.com]
Re: (Score:2)
Hillary had her own mail server. Big deal. That doesn't make me dislike her any more than I already do because all politicians are clueless about technology.
Yeah, because that's the only thing she's ever done [factcheck.org].
Re: (Score:2)
Re: (Score:2)
He had no choice. "Stepped down" is a way of saying, "realized the board wanted to fire him." The only question is whether he was able to keep his stock.
That stock is going to be worth a lot once the Avid Life gets sued into the ground.
Re: (Score:2)
Re: (Score:3)
They can't take his stock away from him, at least not the stock he owns already. That belongs to him personally like his house does.
Obviously, he might lose options or stock grants that he hasn't received yet as part of his compensation package, but not necessarily. It depends on the contract.
Of course, stock is pretty much moot at this point, although it may be interesting to see if ALM can dig out of this.
I wouldn't be surprised if they do, cockroaches are good at surviving things that would have killed
Re: (Score:2)
Given the user database has multiple occurrences of email addresses it's pretty hard to imagine the actual owners of which using on the site (some of which even reported to have been validated)... it would not surprise me at all if the hackers decided to inject some false data into one of the stores to try to grind their axe even more.
Re: (Score:2)
I am fully aware of that... and once you have a copy of someone's db & email account, there is no end to the fun you can have with regards to adding/removing/changing entries within... and the only way to prove it is for the original owner of the content to compare everything... however given what people think about AM and it's business model/practices... how likely would they be to be believed?
Re: (Score:2)
They could have made a fortune by waiting for the IPO, buying long, out of the money puts (assuming an option market existed for such a new shady buisness) and then dumping the DB.
Re: (Score:2)
If you find yourself in that situation first hire a really good shyster. Blackmail can't be legal by the definition of the word, but nondisclosure agreements can be if the lawyering is well done.
Re: (Score:2)
I agree it's immoral but there is a lot of immoral stuff that is legal. Take cheating on your spouce for one.