* Posts by h4rm0ny

4560 publicly visible posts • joined 26 Jul 2008

It's still 2015, and your Windows PC can still be pwned by a webpage

h4rm0ny

Re: Yawn

>>"Isn't the point of UEFI to make it extremely hard for the end user to do something like patching it?"

Really? I've found sticking a firmware file on any old USB drive and reading it off from inside the UEFI interface easier than the hassles I used to have updating BIOS. I also like the way it lets me back itself up and easily revert if there's a problem.

What part of updating it precisely are you having trouble with?

Heigh ho, oh no! Politically correct panto dumps Snow White’s dwarfs

h4rm0ny

Re: Bloody Fools

The thing with an actual term like dwarf, black, gay or whatever else some bigots have a problem with, is that it's not term that is the problem, it is that someone thinks the thing it describes is bad. So presumably well-meaning people decide to try and prevent the use of the term as a solution to that. But it doesn't solve it, it just cedes ground to the bigots and says "yes, there really is something wrong with being X, let's try to hide the fact that someone is by finding a polite way of putting it". In pretty much the same way you'd find a polite way of putting it when someone's boyfriend was an irritating moron or other social situation where you need to be delicate. But there's no good reason to attack someone for being any black, short, gay, straight, whatever. You can't just endlessly kowtow to bigots.

Yes, sometimes a word eventually gets so tarnished, so used as a term of abuse, that it becomes effectively unrecoverable. But that's a thing we should strive to avoid, not pander to. If someone uses the term dwarf as a term of abuse, they get the ostracism, not the English language.

h4rm0ny

Re: Political Correctness Lunacy

>>"Schrödinger's cat experiment is not to be repeated at home"

Until you look in their bedroom, it is both tidy and untidy at the same time.

Right, opt out everybody! Hated Care.data paused again

h4rm0ny

Re: Is it time to put down this terminally ill scheme?

>>"All staff with access need to attend privacy training and be aware it's a sackable offense to breach data protection."

In practice, I do not believe this is sufficient for a couple of reasons. I was involved during CfH (Connecting for Health) as it was and was an active part of the pushback from Primary Care community on privacy issues. Apparently I can be extremely annoying so I try to use that power for good. Anyway, on questioning about what would stop someone looking up deeply personal information they weren't supposed to we got the following response (paraphrased):

"Only approved people who have committed to our strict privacy policy will have access to the data".

Sounded great until you realized that "approved people" meant every receptionist at every GP practice in the country, let alone all the other people above and beyond. Oh, and that "strict privacy policy" meant one more page in the pile of barely read documentation you hurriedly sign on your first day and then forget about. In practice, staff turnover can be pretty high and there's a constant churn of low-paid (underpaid, usually) people in and out of hospitals, GP practices, NHS walk-in centres and PCTs (Primary Care Trusts) and contractors... all of which need access to the very poorly segregated data sets of the system. You can say "make it a sackable offense" but I can say burglary is a criminal one, it doesn't mean that taking all the locks off all the houses isn't a very bad idea.

Which brings us on to audit trails. When we pushed the CfH people on this we were told that access history was auditable. This seemed odd to me because I'd been poking at the system and had come across no audit system. For note, I had been able to access my own medical data at my registered practice (I tested with my own for ethical reasons, but this doesn't make a difference - there was no special permission granted because the name on the account I was using happened to match the name of a patient on a different system). Up came my records. So I pushed on how their audit system worked - what did it log, how could access history be viewed, what events raised alarms and who did they reach? That sort of thing.

After a lot of pressing them, we were told that there wasn't an audit system, they didn't know exactly what data would be kept when there was, there were no current plans for triggering alerts (particularly hard to get response on that one as they kept saying there were but kept refusing to divulge them, which we took to mean that their "plans" were a line on a document somewhere saying 'we should do this'). And yet we had been told that there was an audit trail in place. They lied. And were nowhere close to being able to turn it intro truth, either.

So whilst it may sound all well and good to say "staff need to be aware that its a sackable offense", what that really means in practice, is millions of low-paid, frequently temp'ing staff having full access to your medical history and personal information. And that of those close to you, as well. No-one ever called me up to ask why I was looking up the information of that patient (who happened to be me but could be anyone else) and nor ever would they. And if I had been someone wanting to know who the father of a child was, where my ex-partner was living, why my daughter or son had been to see a GP, if my boss had any interesting items on their medical history or any of a hundred other abuses of that information, nobody would ever know that I knew that from having sat at my NHS computer one day and looked. And they want to throw that open to innumerable people who have no reason to have access.

Data security is not provided by a HR document mass-given to an ever-revolving tide of clerical staff and others. It begins with data segregation and you take it from there.

h4rm0ny

Re: Look...

Missed my edit window, but of course I forgot - there are all those medical insurance and pharmaceutical companies drooling for the amount of data this can provide them, so I guess there really would be a loser if this got cancelled after all.

Not a loser I care about personally, mind you.

h4rm0ny

Look...

The public do not want it because they dislike its goal. The clinicians don't want it because it's an implementation disaster. And the outsourced consultants and companies have made most of the money disappear into an unrecoverable void by now and so it's objective achieved as far as they're concerned. So as far as they're concerned the only ones who have anything to lose by this point are the politicians who have their name attached to it and nobody cares about them.

So yes, kill it dead and strew its grave with garlic, crucifixes and a ten-foot block of concrete.

So Quantitative Easing in the eurozone is working, then?

h4rm0ny

Re: Blind spots...

>>"Er no. The simple reason is that Keynes advocating saving in the good times to be able to spend in the bad, thus evening out the economic cycle a bit. No western government ever does the saving bit."

The economy requires a lot of study just to understand the fundamentals and the theory of the common models. Ergo, most people don't understand the economy in more than a superficial way and are dependent on experts to set their expectations. Given that no government ever wants to argue to the populace why we can't have something important (more teachers, repair a hospital, whatever), the populace never receives any advice to the contrary of spend what we have (or more commonly this past two decades, what we don't have).

Though of course that doesn't mean we can't criticize some of what the money is spent on (Giant US Defence Budget, I'm looking at you).

h4rm0ny

I'm really starting to wonder what strings Worstall had to pull in order to get his polemics regularly featured on a tech news site. They always follow the same pattern - Worstall apparently reads something of a political or economic viewpoint he doesn't like (typically this is any economist more famous than himself that puts forward any view remotely more nuanced than remove all trade barriers and the market will solve everything). He then uses El Reg as a private platform to show everyone what is wrong with the article he has just read and most of us haven't. It makes me wonder if this is what I sound like when I start lecturing people on how a KB should 1024 bytes, not 1000.

Is Worstall part-owner of El Reg or something? Is there some reason a tech news site becomes his private platform everytime he reads something he doesn't like? Most of us make do with the letters page of the Economist.

Wikipedia’s biggest scandal: Industrial-scale blackmail

h4rm0ny
Headmaster

Re: It's OK to say wanker, it was on El Reg

For Pity's sake, it's bad enough when people self-censor stronger words, given all it does is send a message that the author thinks the word is offensive even if the reader would not. But censoring "wanker"? This is a British tech site. I think we'll survive the word.

h4rm0ny

>>"I avoid them as much as I can, but I accidentally clicked on a link one or two months ago. Huge banner: GIVE US MONEY!"

I actually used to give them a fair bit of money (in non-millionaire private individual terms, anyway). I stopped after that debacle with the "monkey selfie". If you want an essay in smugness, read their own page on the criticism. This was when they declared that the photo couldn't be copyrighted because the monkey had pressed the button.

Because it is just chance that the professional nature photographer had travelled half-way around the world specifically to photograph these monkeys, spent days carefully approaching the troupe and getting accepted by them (not easy, I would guess), set up the equipment deliberately for this purpose, transferred the resulting images to their computer, did the work of going through them all to select suitable ones, did the appropriate cropping to frame it artistically, performed who knows how much post work on the thing (because I guarantee that photo didn't look like that in its raw state) and did all this as part of their professional job. No, a monkey was involved so Wikimedia declare the photo is free for them now. I bet the same people are quick to condemn any lawyer in court who tried to pull some technicality trick, but it's okay for them to do it.

That sort of small-minded, self-righteousness I do not wish to fund. Lost a LOT of respect for them after that.

Websites aimed at kids are slurping too much info, finds report

h4rm0ny

Three solid reasons why this is bad.

Provided because there are always some who like to feel smart by contesting popular opinion.

1) Building cradle to grave information profiles gives a lot of power to those who have it. The inability to truly leave behind elements in your past is an unprecedented liability. If you respond to this with either 'you have nothing to hide' variants or that you shouldn't care what others think, then you're seriously underestimating society's willingness to not judge other people or the harm it can do. I invite critics of this one to look through the best selling magazines, TV shows and websites to show just how much most of human society loves to judge and the degree to which society's opinion of you can affect your life whether you agree with it or not. It's all very well to say you're not ashamed of something, doesn't stop and employer or partner or government or neighbourhood acting on it.

2) Children do not have the defences accumulated that adults do. When you respond that intensive profiling doesn't matter because 'you ignore ads' or 'you research your own facts' or whatever, these are defences that children do not have. To be honest, most adults don't have these defences to the extent they think they do.

3) It normalizes surveillance and intensive tracking of individuals by those with power. Society is a delicate balance of power between the government and the individual. We see daily what happens when the government no longer fears the people. Profiling and tracking individuals gives very real power to those with the information. We are at risk of raising a generation that has never not known this and accepts that free handing over of power as normal.

"Think of the children" is a cliché. But that doesn't make children not worth protecting.

Microsoft backports data slurp to Windows 7 and 8 via patches

h4rm0ny

Re: Linux for me now

I can, if I wish, not use SELinux, unlike with Windows 10 where it will continue to keystroke monitor even if I have that turned off or potentially even send memory dumps to Microsoft. Anyway, the "NSA effect" of SELinux was more political than anything. It stymied some development of better security approaches but with the latest point release we seem to be breaking away from that,

Anyway, I'm not someone discovering GNU/Linux as a result of this, I'm someone going back to it. I've out off Windows 10 because of privacy concerns and out of distaste at the way they have tried to force me into it with deeply irritating and very hard to remove ads inserted without my permission into my Windows 8 Pro install. If they backport things I'm not happy with into Windows 8, changing what I regard as the terms of the arrangement I'll go back to Gentoo, or try Mint that everyone's talking about. I still have all the skills, they're just dusty. I transitioned from GNU/Linux at somepoint around Windows 7 when it turned out to be actually good and I've defended MS on these forums many times against their less rational critics. But if MS are now telling me that my money isn't good enough for them and they demand my data too, then they lose my support.

And this isn't some irrational jump - the number of things I have to do to preserve my personal and professional privacy from them is getting longer and longer. I don't have time for that and if MS's business interests are now no longer "Please me to get my money" but rather "Find ways to get her data", then I don't trust it to be a fight I can win. They can just keep making it harder and harder to stop them until one slip and there it all goes. What it comes down to is that MS are telling me their aims no longer coincide with my own.

And as someone who prefers to pay for things with money, I'm starting to get quite angry about that.

AMD rattles Nvidia's cage with hardware-based GPU virtualization

h4rm0ny

Re: Mainframe, we've missed you!

>>"Funny my Core i7 built in 2010 is still going strong, however now I want to take advantage of USB 3and PCIe 3 and the Skylake chips finally look to be a decent leap ahead for me to upgrade."

It's a modest upgrade only in terms of power. IPC increases have been on the order of around 4-6% with each generation change which is a far cry from the old days. It's really a pittance. Where improvements have been pretty big is in terms of power-efficiency. That has been Intel's focus (insofar as they actually care now that they've all but buried AMD at the medium to high-end). Which is what I've been saying - their focus has switched to mobile devices. Offload the heavy computing and focus on something most people prefer which is convenience. The fact that your 2010 i7 is still adequate for most people's use illustrates my point. If home desktops were a healthy market, you wouldn't see performance improvements sitting in the doldrums for the last half-decade and the manufacturers obsess over reductions in TDP.

>>"See now that software bloat isn't killing CPU's since the Core series came out, people haven't been upgrading as often."

I'm not sure exactly how that addresses my point but a big part of the reason they haven't been upgrading so much is because there's little to upgrade to. If you have a 4870K then what do you actually get out of going to a 5830? Not much. To Skylake? Not much. It's stagnated in every area except IGPs (which brings us back to the focus on non-desktop) and power consumption (again, a non-desktop priority). Intel are many terrible things, but stupid they ain't. They chase the money.

>>"Also I don't know about you bu I find it much easier working off my two 24" LCD's than a piddly notebook screen and keyboard, especially with some of the keyboard layouts you get with your supposedly superior notebook type keyboards. "

Where the Hell did you get 'supposedly superior notebook type keyboards' from? You seem to have missed what I actually wrote which was that you can connect your mobile device up to monitors and keyboards. You can run those two 24" monitors fairly comfortably from a Surface Pro.

h4rm0ny

Mainframe, we've missed you!

You store your data in the "Cloud" (aka racks of disks in some datacentre), domestic computing is moving further and further away from a bulky box and toward sleek little tablets and laptops with greater need for form-factor and low energy-usage over processing power. We're now at the point where you can connect your phone into a monitor and keyboard and use it as a computer. Just, like William Gibson said, the future is not widely distributed yet. MS claim they have a way of you encrypting remote processes in a secure way (we will see). Oh, and really fast Internet connections are becoming more common.

So if you have the bandwidth and low-latency, you can get the basics (hooking up the peripherals and providing an OS) with a small, light device and your data is non-local anyway... What's left that needs to be done locally? Well, graphics I guess... What's that you say, AMD?

Queue angry objections by those who love their big fat desktop. Loud and a diminishing minority.

Ashley Madison hacked potential competitor, leaked emails suggest

h4rm0ny

Re: Pen test

One of the other emails (given by Krebs' site) has the CEO emailing their CTO before a meeting with Nerve's executives asking "should I tell them about their security problems"? That may or may not be part of an approved pentest (doesn't rule it out, doesn't prove it), but it very strongly suggests that the CEO was regarding it as something other than a exploitative hack attempt of a competitor. Either it was an approved pen test as AM claim and their CEO was just wondering if the stuff was something that should be raised at that level (not being their area, they probably didn't have a good handle on seriousness / appropriateness of raising this stuff at that level); or else the CTO had just taken it upon themselves to go and have a poke around at a potential acquisitions IT sites to get a feel for their quality and the CEO was asking if that was a legitimate thing to bring up with them.

I have to say that if your company might be entering into an association with another, I am not surprised if technical people within the company go over to the other site and have a look at the front door. Isn't the general attitude on this site historically that hackers who had a look at a site or software and found some flaws and then let the vendor know about it, good guys (white hats)? Has that suddenly changed for Ashley Madison? Seems so. Though as the OP writes, this is just from two emails, there could well be others that support what AM said that it was an approved pentest.

Scrapheap challenge: How Amazon and Google are dumbing down the gogglebox

h4rm0ny

Re: Its not smart to buy a smart TV

It may not be smart to buy a smart TV, but is there any choice anymore? I might like to buy a better TV (4K is now affordable and content is slowly starting to appear), but I don't know of any where they're not loaded with crapware. The problem with that? Well apart from disliking paying extra for things I don't want, there's an issue which I'm surprised wasn't a core part of the article - security. I can keep my computers up to date, I can keep my router up to date and anything else that sits on my home network. But "smart" Blu-ray players or TVs? No I can't because even if I take the time to update them, I don't trust the manufacturer to do their part. Not in the short term, certainly not in the long-term. I don't trust them at all in fact. And it's not like Windows or Linux or OSX where I can have a reasonable expectation of fixes, and such. I fully expect a Smart TV to be a deep irritation to the manufacturer once it's actually sold, grudgingly updated on rare occasions if at all. In return for which I have what is essentially a low-powered and unmaintained computer on my home network that I can't review, patch or really do anything much with at all.

I suppose I can isolate it on the network or leave it disconnected entirely, but then I can't do even basic things like stream content to it via DLNA. The more "smart" a TV gets, the more of a risk it is, and you can no longer buy any decent TV that isn't.

Krebs: I know who hacked Ashley Madison

h4rm0ny

Re: salted duplicate check

>>"So you have to read every row in the table and do some computation on it, before inserting your single new row? Nice DDOS opportunity."

That would indeed be a consequence of what they wrote. Happily, despite some people cheerfully upvoting them, they got it wrong. However as I've been downvoted for correcting them, I like your method of actually proving why it's unworkable. Good catch.

h4rm0ny

Re: salted duplicate check

>>"In any case, you need to store each user's salt value in plaintext so that you can use it when the user logs in."

This is correct, but the original statement was not. You do store your salt in the database - certainly not in the one that contains your password hashes. So for example, the webserver might have the salt, and it will use that to send only the hash to the database. That way if your database is compromised, the salt may not be. If people are going to use the Boffin icon and correct others, they should get their facts right. It is not necessary to have your salt in the database and is actually a bad thing to do.

h4rm0ny

>>"12345 that's the kind of password an idiot has on his travel luggage

And coincidentally the number of times I have heard that joke on El Reg forums..

h4rm0ny

Re: salted duplicate check

>>"If salted hash is used, the salt values for all existing passwords are necessarily stored in the authentication database along with the hashes"

No, that is NOT correct. In fact, storing your salt in the database alongside the passwords would be bad practice. You store it elsewhere and just query the database for the salted hash, not do it all on / within the database. All the database needs is the hash, not the salt.

h4rm0ny

Hmmmm

Reading this I have to conclude one of three things. Either this Twitter account is a dead-end, well protected and untraceable back to any physical body, someone has set them up to be a patsy or, option three, the hacker is an idiot.

EDIT: I suppose a couple of other possibilities having just had a look at their Twitter feed. Deuszu could just be a fan, playing at being a red-herring. If they and Krebs have a common source for that link then that is viable. Alternately they could be the hacker and are so confident in their concealing of evidence they actually want to "taunt" people with visibility. That would be rather nuts, though. Finding someone who hacked you can be very hard. Finding if a specific someone hacked you, is a lot easier because you can start from the answer and work backwards, as it were.

Vote now: Who can solve a problem like Ashley Madison?

h4rm0ny
Thumb Up

Re: JMcA obviously!

Well the thing is, normally I would pick Bruce Schneier as he's undoubtedly brilliant and one of the most respected security professionals in the business. But at this point it's gone beyond a security problem and become the sort of PR debacle that no inside-the-box thinking and seriousness can fix.

Meaning the only person on the list who I think would have a hope in Hell of pulling something out of this fire is McAfee who would shrug, make some jokes and handle the unprecedented amount of criticism and hate without at any point appearing ruffled.

(Rumpled maybe, however)

Nano – meet her: AMD's Radeon R9 4K graphics card for non-totally bonkers gamers, people

h4rm0ny

Re: Having a giraffe..

Better at DX12 though, based on evidence so far.

FBI probed SciFi author Ray Bradbury for plot to glum-down America

h4rm0ny

>>"A psychiatrist once said that optimists are people who should be certified as clinically insane. Whereas those defined as clinically depressed actually have a fairly good grip on reality"

And a non-psychiatrist once described psychiatry as "the study of people who don't need help by those who do".

I'll leave it up to El Reg readers to decide which view they trust.

h4rm0ny

Re: Corrupting America?

To be fair, he does seem to have some success at "corrupting the youth". :D

High-heeled hacker builds pen-test kit into her skyscraper shoes

h4rm0ny
Thumb Up

Re: Silicon Valley

>>"It might come as a shock. But it's not about you. Sometimes we do things for ourselves. Crazy, I know."

Hey. Welcome to The Register! I found your article fun. Building your own hacking kit into high-heels is pretty cool. Please ignore the troll - I think some people just enjoy feeling superior by looking down on what others like / choose. If your looks make some people underestimate your technical skills because they are stuck on some "geek" image of programmer, that's an advantage to you! :)

I like that your shoes will pass under many metal detectors at doorways, btw.

h4rm0ny

>>"however that LED-illuminated dress looks a fun idea for a girlfriend who likes to go commando"

Or actually an effective defence against perverts trying to take up-skirt photographs.

h4rm0ny

>>"I quite like that idea, but does it recurse? I.e. if OP had included a picture of himself in heels and a tight dress, and I wanted to criticise his appearance would I need to go wardrobe raiding too?"

Yes, it's turtlesblack mini-dresses all the way down.

h4rm0ny
Paris Hilton

>>Is that her in the picture? She looks deformed

I think there should be a rule that anyone posting physical criticisms of people in an article should be required to accompany it with a recent photo of themself. Similarly dressed, for fairness.

h4rm0ny

Re: Given the size of a small mobile

>>I've never been sure if that was meant as a blessing or a curse

Generally meant as a curse. It is alleged to be the reply Confucious gave to a student who moaned about finding themselves living in a peaceful society instead of the interesting times they read about in history. But that is probably a later invention. All we really know is that it was supposed to be a Chinese curse by the British.

Brit hydro fuel cell maker: our tech charges iPhone 6 for a week

h4rm0ny

Re: Bah, humbug

>>"Streaming spotify will empty most phones in under 8 hours"

Yeah, of their personal data you mean.

Even 'super hackers' leave entries in logs, so prepare to drown in data

h4rm0ny

Re: Teeth grating

And invidious.

Ashley Madison spam starts, as leak linked to first suicide

h4rm0ny

Stealing a rival company's customer list and then spamming all of them with sales pitches is not, imho, "something positive".

Anyway, whilst I'm posting I might as well add my own voice to the Trustify are scum crowd. Troy Hunt (in the article) set up a system whereby you could search for your details but it would only confirm by sending the results to the registered email address. THAT is responsible. Trustify are not.

Windows 10 market share growth slows to just ten per cent

h4rm0ny

Re: not cause for celebration

"Pushed" is one word for it. 'Rammed' might be a better one. It took me three goes to finally get rid of ads for Windows 10 popping up in my 8.1. installation. Tried uninstalling the update - it just comes back. Tried uninstalling and blocking the update - no way to block them on the Pro version. Well there is, but this one is excluded from the ones you can block. Tried a registry edit I found online - no effect. Found the GWX service buried in a list of services, disabled that AND applied a different registry edit I found, finally seems to have stop shoving ads in my face.

Very unimpressed.

Ashley Madison hack – Tory MP Green denies registering account

h4rm0ny

Excellent.

I love our politicians being judged on the basis of their sex lives. It's such an important part of their jobs, you see. That's how we got rid of Clinton and kept Bush, for example.

Spotify now officially even worse than the NSA

h4rm0ny

Yeah, a bit like airport security 'ask you' to "step this way".

Spotify climbs down on new terms and conditions

h4rm0ny

Re: peer-to-peer

Wow. That one needs a little more publicizing - I had no idea it did that. That could be especially bad in a work context but either way is not in. Maybe they should be paying their users instead of the other way around, given all we're finding out about them.

h4rm0ny

Re: but I don't *want* to

>>I don't know if Deezer is any better, but I am going to give it a go.

http://www.deezer.com/legal/personal-datas

Hard to say whether they're actually good in practice without trying the software, but they at least appear to allow a choice in the matter.

h4rm0ny

I used to have a paid Spotify account - "Premier" or whatever it was called. I cancelled it when they started really pushing Facebook-integration and playlist sharing.

If they want to advertise to free users, that's up to them. But they don't get to treat my data as some sort of bonus on top of my subscription payments. So goodbye to them. I find it hard to imagine they make more money from advertisers per user than the subscription fee so their loss. These days I just buy the MP3's and on-balance, I think I actually save money that way with the range of music I listen to.

Second Ashley Madison dump prompts more inside-job speculation

h4rm0ny

Re: Really?

>>"The hubris of these people is astonishing. Surely they can't survive as a going concern after this."

As pointed out multiple times by people, it is very, very hard to guard against attacks from the inside. Your technical safeguards can be as good as you like but ask Snowden how much that hindered him.

But yes, the witch hunt is on. One quote in the media I saw on this was from someone saying "they couldn't find their husband's email address on the list so they must have used a fake email account then". My other favourite is someone who is complaining about the leak because they signed up to AM to try and catch their husband cheating on them and now she's on the list and he is not - and she's blaming AM for it. I'm not saying AM are without fault here - I simply don't know and I doubt anyone outside the investigating people (and the hacker) actually can say. I'm just pointing out that a lot of the finger-pointing going on here isn't reasonable. Yes, you can score a few cheap upvotes by expressing disbelief at someone's hubris/stupidity/credulity/whatever - you always can because the Internet mob is addicted to seeing people have flaws pointed out. They love it more than chips. But that doesn't necessarily make it so.

US military says it will discipline Ashley Madison users

h4rm0ny

What's it got to so with them?

See subject. If the US army can kill hundreds of thousands of people in an invasion for oil and some soldiers looking for sex is what brings disgrace, then there's something deeply wrong here.

Ashley Madison wide open to UK privacy lawsuits, claim lawyers

h4rm0ny

Re: Wait a minute

>>"Class action Lawsuit's already started, led by a widower:"

He says that he signed up after his wife died and wants $7.5m dollars in damages. That's a lot of money.

h4rm0ny

Re: Might not be as easy as that...

>>"Yes, But... A company that refused to delete sensitive information, even when paid to do just that?"

Did they actually do that, though? I know it's been alleged but not sure there's any evidence. They still have the 'please close my account' ones in there, as expected. But do they have the paid for complete data removal ones. When is the dump from? A removal request could be after the time of the theft.

h4rm0ny

Re: Might not be as easy as that...

>>"3. You would have to prove AM failed to implement suitable security measures (i.e. the mere fact the breach occurred is not sufficient). This could be difficult if this is in fact an inside job."

Which looks very, very likely. The "blackmail" aspect doesn't hold up - pretty much everything points to this being someone with privileged access and a major, major grudge against AM. Maybe they got cheated on and blame AM for it, maybe it's something else. But this doesn't look like some random hacking team exploiting a SQL injection in order to make money. Which means they might be able to start from a shortlist of suspects and there's a very good chance, imo, that we might find out who did this. In which case they are in some very deep trouble.

But anyway, the point is as it looks like an inside job that is very, very hard to guard against. I work with companies that have excellent technical security but could be floored by one rogue employee. Can you sue someone for having lax security in this area? When even the most secure organizations are susceptible to betrayal from the inside?

If you disagree, consider the name "Snowden".

Now Ashley Madison hackers reveal 'CEO's emails and source code'

h4rm0ny

Re: Internal Emails

>>"Should be fun to find out exactly what the Company thinks of it's client base."

Doesn't really matter. With a sufficient volume of emails and the ability to present them selectively, you can make ANY company look like angels or devils according to which you wish to prove.

h4rm0ny

Re: "No, that data dump is totally fa" *SMACK*

>>"AM is still advertising on TV in Sydney Australia. I guess they're hoping no-one has heard what's happened"

I don't know but would guess, that TV ads aren't sold and organized the week before they air on a "let's buy an ad slot before tomorrow's Coronation Street, I'm feeling like it". I also don't know but would guess, that calling up a TV station and saying "we've changed our mind about that ad slot on Tuesday can we have our money back please?" doesn't get you a full refund.

Microsoft will explain only 'significant' Windows 10 updates

h4rm0ny

Re: @Mark 85 The seem to be going in an unsavory direction...

>>"Guess again., If none of Microsoft's Win 10 shenanigans up to this point haven't gotten you to actually move to Linux then there's no reason why this particular shenanigan should be the deciding factor."

Incorrect. Things accumulate and eventually people get pissed off enough to do something. I have a lot of GNU/Linux skills - it's where I started out. I moved over to Windows mid-cycle of Windows 7 because I found it was a good OS and I liked a lot of what they were doing. It was a new era for MS, it seemed. I'm on Windows 8 currently and MS's recent change in direction (and constant ads for Windows 10 they inserted against my wishes into my Windows 8 installation), have recently made me re-evaluate switching my primary back of to GNU/Linux. Haven't yet - am still considering. But right now they're losing my trust so back to GNU/Linux is looking more and more probable with every story like this I read.