Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Canada Networking Security Australia Communications Databases Network Privacy Social Networks The Internet Technology

Ashley Madison Security Protocols Violated Canada, Austrialia Privacy Laws (www.cbc.ca) 29

The Office of the Privacy Commissioner of Canada said Tuesday that the Canada-based online dating and social networking service Ashely Madison used inadequate privacy and security technology while marketing itself as a discreet and secure way for consenting adults to have affairs. CBC.ca reports: "In a report Tuesday, the privacy watchdog says the Toronto-based company violated numerous privacy laws in Canada and abroad in the era before a massive data breach exposed confidential information from their clients to hackers. The hack stole correspondence, identifying details and even credit card information from millions of the site's users. The resulting scandal cost the company about a quarter of its annual revenues from irate customers who demanded refunds and cancelled their accounts. Working with a similar agency in Australia, the privacy group says the company knew that its security protocols were lacking but didn't do enough to guard against being hacked. The company even adorned its website with the logo of a 'trusted security award' -- a claim the company admits it fabricated." The report found that "poor habits such as inadequate authentication processes and sub-par key and password management practices were rampant at the company" and that "much of the company's efforts to monitor its own security were 'focused on detecting system performance issues and unusual employee requests for decryption of sensitive user data.'" What's more is that Ashley Madison continued to store personal information of its users even after some of which had deleted or deactivated their account(s). These people then had their information included in databases published online after the hack.
This discussion has been archived. No new comments can be posted.

Ashley Madison Security Protocols Violated Canada, Austrialia Privacy Laws

Comments Filter:
  • Or just take the easy way out and blame the company?

    • by tnk1 ( 899206 )

      I imagine they will try and find the culprit, but there will be little political pressure to keep the case going if it becomes difficult.

      • by HBI ( 604924 )

        There are lots of people angry at that person(s). I think if they were identified, vigilante justice would be likely.

    • by AHuxley ( 892839 )
      Have Australian Signals Directorate put in a tasking request to the NSA to rewind the internet a bit?
  • by LordKronos ( 470910 ) on Tuesday August 23, 2016 @06:34PM (#52758941)

    This is twice in the last couple days, I've been browsing slashdot comments on my android phone in chrome. Suddenly my browser is redirected to a spammy page with a data:text/html;base64 url. The full URL is below. The spammy website won't let me go back and just keeps me on the page. This shit is unacceptable slashdot. Fix your fucking advertisers.

    Filter error: That's an awful long string of letters there.

    Yeah, it's a long fucking string of letters. You should know. You gave it to me to begin with. OK, since I can't post it, I'll pastebin it

    http://pastebin.com/PVumFUiA [pastebin.com]

    • Re: (Score:2, Informative)

      by Anonymous Coward

      FYI it decodes to the following:

      <!DOCTYPE html><html><head><meta name="viewport" content="width=device-width, user-scalable=false, initial-scale=1.0, maximum-scale=1.0"></head><body><div id="ifrm" style="padding:0; margin:0;"><iframe src="https://s3.amazonaws.com/www.aotq4jgqy9n71.info/US/k3j4j324324llll1111.html" style="top:0; left:0; width:100%; height:100%; position: absolute; border:0" scrolling="yes" allowFullScreen="yes"></iframe></div></

      • Thanks for doing some digging. I decoded it and saw the amazon URL, but didn't go any deeper, and I certainly don't have any familiarity with cloudflare's shady hosting.

        I just posted again today. Got the same thing popup on slashdot today. I posted screenshots in that post, showing that chrome still thinks the website is on slashdot (must be some symptom of the "data" url that chrome doesn't realize the page has changed)

        https://slashdot.org/comments.... [slashdot.org]

    • I can't say I have ever seen that issue, are you sure your computer isn't compromised?

      I would suggest running http://housecall.trendmicro.co... [trendmicro.com] to see if it finds anything (if you are using Windows at least). The reason to use that is that it bypasses the viruses that have bypassed your installed virus scanner. You could also use other scanners, but that is a good starting point.

      • 1) as I said, it was my android phone in chrome. And I'm pretty certain it isn't compromised. If it were, it would be very interesting because it's only happened 3 times, all this week, and only on slashdot. Slashdot accounts for about 1% of my browsing time, so thats either a very huge coincidence, or a very targetted virus.

        I just posted about it again today, with screenshots:
        https://slashdot.org/comments.... [slashdot.org]

  • by rmdingler ( 1955220 ) on Tuesday August 23, 2016 @06:40PM (#52758969) Journal
    tldr: Company fails to uphold implied electronic version of discretion etiquette.

    We could just have one rule, and it would be likely as efficacious as the convoluted, attorney-necessary system we presently operate under.

    A corporate entity that promises something they don't deliver has to forego executive bonuses this year. And maybe next year's, depending on whether or not the beaver sees his shadow.

  • what does it take to put someone out of business? Isn't there a legal responsibility (in Australia and Canada at least) to shut this business down until they can prove they're no longer being criminally negligent and deceptive?
    • by quenda ( 644621 )

      Austrialia is a small principality between Montenegro and Slovenia, famous for its blue cheese and tax havens.

      Bloody Americans know nothing about geography - tourists show up there wanting to meet Mozart.

  • Not that Ashley-Madison may have violated privacy laws and that they had poor security and slapped a bogus 'trusted security award' on their site, but that people seem so surprised that they did.

    I suspect almost everything I see on the internet is a lie, but of course that's not right either. Some things can be trusted, but everything you see has to be evaluated on its own merits. How anyone could look at AM and decide they were trustworthy without the least little twinge of doubt is beyond me.

    I think o

    • I think one of the craziest ideas a marketer ever had was to put up ads with a sexy woman pretending to send you a private message saying she only lives 2 miles away from you and she wants to have sex, right now!

      The craziest idea being the ads which are essentially the same except with a fat, ugly granny. And I browse for teen-midget-in-clown-costume-on-donkey action, so I have no idea how the tracking cookies dumped me into such a distasteful marketing list...

Loose bits sink chips.