Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Bug Databases Privacy

HIV Dating Company Accuses Researchers of Hacking Database (csoonline.com) 71

itwbennett writes: Slashdot readers will recall the story posted last week about the misconfiguration of the MongoDB database that powers Hzone, a dating app for the HIV-positive, and the ensuing threat of HIV infection the company hurled at DataBreaches.net, who sent the notification. (Hzone later apologized.) But that's not the end of the story. Among other twists and turns that point to a CEO who was in way over his head, in several emails to Dissent, the admin of DataBreaches.net, Hzone CEO Justin Robert accused Dissent of changing the Hzone user database. But follow-up emails suggest that the company couldn't tell what was accessed or when, as Robert says Hzone doesn't have 'a strong tech team to maintain the site.'
This discussion has been archived. No new comments can be posted.

HIV Dating Company Accuses Researchers of Hacking Database

Comments Filter:
  • That's a first (Score:3, Informative)

    by Anonymous Coward on Tuesday December 22, 2015 @09:36AM (#51164937)

    I know this warning is unnecessary here, but do not follow the second link in the summary (same as the one under the title). This is the first time a /. summary has been better written than the source article.

    What content there was to be found between the typos and grammar errors indicated that the immunocompromised dating site owners are incompetent, sue happy, and really bad liars. (A fairly common combination, so nothing unusual there.)

  • by nospam007 ( 722110 ) * on Tuesday December 22, 2015 @09:47AM (#51164993)

    "...point to a CEO who was in way over his head,"

    Aren't they all, these days?

    • by DarkOx ( 621550 )

      What you mean its not possible to completely abstract all management activities and decision making processes. Are you making the radical suggestion there isn't a completely generic way to run a business? Is you assertion you have to understand at least the basic nuts and bolts of what a company does to run it effectively?

    • "...point to a CEO who was in way over his head,"

      He'd better wear a comdom then! (drum roll)

    • Re:Normal (Score:4, Insightful)

      by jellomizer ( 103300 ) on Tuesday December 22, 2015 @10:30AM (#51165231)

      Well with IT security nowadays it is very hard for a small focused business to survive in today's market.

      Back in the 1980's and 1990's we had a slew of applications created by non-developers due to easy to learn languages such as Basic/Visual Basic, FoxPro, DBase, Access, etc... Being that these applications ran on a local network via file shares, with a more or less trusted group of employees. Security was never a concern. So the small company can make a custom app with a very small investment and allow them to be agile to adjust their business processes.

      However now with hackers who will blindly attack any system that is vulnerable, or worse the hackers who think they have a mission to expose the bad people in the world. Means you need staff that are specialized in IT security. To keep their data safe, and be able to track and report on vulnerabilities.

      This is like forcing a Mom and Pop candy shop to have armed guards on the payroll just in case someone breaks in and steals the candy, and exposes all the candy customers in the store. As to shame them for being the cause of obesity in the world.

      • by dbIII ( 701233 )
        With dotnet that sort of shit is still happening, and just like back in the day it's not only security that suffers from newbie mistakes. It's not really the platform just people who cut and paste their way into getting stuff halfway working instead of knowing how to write things for the platform.
        I'm sick of stuff that takes 30 seconds to start due to a huge 24bit background pic and a slow needless text to speech thing saying hello. Can I skip that shit on the hobby inventory list program and actually sta
      • This is like forcing a Mom and Pop candy shop to have armed guards on the payroll just in case someone breaks in and steals the candy, and exposes all the candy customers in the store. As to shame them for being the cause of obesity in the world.

        Except the whole things happens in world with Star-Trek like teleporters and replicators. So the case of "some breaks in" are happening on massive scale.

        It's not merely one guy deciding to go berserk, and then needs to walk to the (only) nearest Mom and Pop candy shop.
        It's a guy deciding to go beserk, and then instantly teleport in front of all Pop and Mom shop of his country and breaking in all of them. Every single one. All in the same hour.
        That's the power of Internet.

        And amidst all this he also happens

        • by KGIII ( 973947 )

          I think this thread might actually be the worst analogy thread ever. The sad truth of this is, the "researcher" didn't even *do* the "research* but found their database on a torrent site and informed them because he feared it might belong to them.

          So it's like you're trying to make an analogy about a guy who isn't actually the guy who did it and cars, doors, shop keepers, candy stores, and condoms!

          Worst Analogy Thread Ever!

    • This is a huge point. The company and therefore the CEO are responsible for their customers' very sensitive information. Saying that they don't have a strong IT team is like a bank saying they don't have a safe. What the hell? Of all places you would think a website that knows you have a highly stigmatic disease would get this and spend appropriately even if it meant charging their clients more. I'm guessing those clients would have been happy to do so.
      • The company and therefore the CEO are responsible for their customers' very sensitive information.

        Show me the case law which says that.

        Time and time again companies are utterly inept at security, get hacked, and basically say "gee, we'd like to say we're sorry but we're not really, and since we're not liable we don't care".

        CEOs are, in my opinion, largely responsible for being greedy assholes doing PR and sales ... and they don't think they have any such responsibility as protecting your data. At the small

        • Fair enough. Someone made the point a few posts up that this isn't subject to HIPAA and while I'm no lawyer they're probably right. The longer I work in business the more I see morality thrown out the window for better or for worse. I feel bad for these people but it's true, buyer beware.

          The same is true with the CISA act this week. Put all your stuff in the cloud and were under the impression you were protected by warrants and all that? Too bad!
          • Fair enough. Someone made the point a few posts up that this isn't subject to HIPAA and while I'm no lawyer they're probably right.

            Well, think about it ... HIPAA covers medical professionals and hospitals with an expectation of confidentiality.

            If you sign up for a private web site which ends up more or less saying you have HIV, then you chose to give that to a private entity. And then what happens to the data they have is entirely legally different. The same way that governments can demand from corporatio

  • by TechFurryFox ( 4327457 ) on Tuesday December 22, 2015 @10:06AM (#51165085)
    I performed a reverse on the domains when the original controversy set out. This guy isn't HIV positive, he's just a guy in China trying to make a buck off others. He also has an app called SugarD and there are many other domains he has registered in an attempt to have a successful business. The company is pretty much run by him and whatever support he may have hired, which is the reason hzoneapp doesn't have a solid technical team. Check out the self published prweb for hzone, he calls himself "Justin M, CEO." Looks like you made a slip up there with keeping your name consistent Mr. JianQiang.
    • by TechFurryFox ( 4327457 ) on Tuesday December 22, 2015 @10:13AM (#51165139)
      Just to give everyone the FYI, Mr. JianQiang also has the following domains: tophivdatingsites lesbiandatingonline singleparentdatingonline singleparentfish pozty - alas to hzoneapp ubaliaoyn - some chinese site xoiiixaab - some chinesesite He stopped the other site projects when he scored with hzone. He's not a single parent, he's not lesbian(well he may like women) and he's certainly not POZ. He's just a Chinese man screwing everyone over with this charade. So Mr. JianQiang, drop the act.
  • One way or another, hacker's exploits and malware share attack vectors.

    Perhaps they're infectious...

  • http://www.databreaches.net/mi... [databreaches.net]

    I hadn't realized it the first time around but this was also a MongoDB database. Not that it really matters, the CEO makes them all sound incompetent.

You know you've landed gear-up when it takes full power to taxi.

Working...