Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

ADP Experiences Security Breach

samzenpus posted more than 3 years ago | from the check-out-the-stubs dept.

Security 53

wiredmikey writes "HR and Payroll outsourcing giant Automatic Data Processing, Inc. (ADP) experienced a system intrusion, the company announced Wednesday. ADP said it was investigating and taking measures to address the impact of a system intrusion that occurred with a client at Workscape, a benefits administration provider that ADP acquired in August 2010. ADP has also been actively cooperating with law enforcement to determine the cause of this incident and to assist authorities in identifying and apprehending those responsible. ADP added the following in a statement: 'Because this incident is the subject of an ongoing law enforcement investigation, ADP cannot disclose any additional details at this time. ADP will provide further updates once information that can be made public becomes available, and we will continue to communicate with all affected parties as appropriate.'"

cancel ×

53 comments

Sorry! There are no comments related to the filter you selected.

Maybe we need to whitelist? (1)

dkleinsc (563838) | more than 3 years ago | (#36461224)

It almost seems like it would be easier to maintain a list of which major payment systems haven't been breached (that we know of). Seriously, if this was as wide open as Citibank and Sony, then we have to assume that just about everybody will be this easy to pwn.

Re:Maybe we need to whitelist? (3, Insightful)

Subratik (1747672) | more than 3 years ago | (#36461328)

I thought this would be a good idea at first, until I realized that most of the companies still on the whitelist would just become targets....and just because they haven't gotten hacked yet, doesn't mean they have good security measures.... Frankly, I think companies who have gotten hacked would be better alternatives considering the CEOs probably dont ever want to mess around with budget cuts when it comes to infrastructure security.... ""Looking at you, Sony"

Re:Maybe we need to whitelist? (1)

fulldecent (598482) | more than 3 years ago | (#36461920)

>> most of the companies still on the whitelist would just become targets

Good. Then staying on the white list will be ever more valuable.

Re:Maybe we need to whitelist? (0)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#36461330)

I found a chipmunk nesting in the box of Krugerrands under my bed, next to my gun safe; but there were only a few nibbles, and no material appears to have been removed.

Re:Maybe we need to whitelist? (1)

ginbot462 (626023) | more than 3 years ago | (#36463512)

Sooooo, by your analogy --> you work payroll for a company? Must be a grizzled old miner company. dagnabit.

Re:Maybe we need to whitelist? (1)

trum4n (982031) | more than 3 years ago | (#36461416)

I have a feeling somebody foreclosed on the wrong hacker. That's my $0.02.

Not exactly ADP (4, Informative)

erroneus (253617) | more than 3 years ago | (#36461324)

The article makes grand mention of ADP, but the the affected systems are far less significant than if it were ADP itself. I don't know what ADP's services are like now, but I recall a time when my accounting people required MSIE and ActiveX controls to access ADP's services. That alone made me worry extensively about ADP's notion of security. But reading the article, I see that it's something else entirely.

ADP acquired Workscape in August 2010. Workscape provides solutions including talent management, benefits administration and employee communications for hundreds of organizations and millions of workers around the world.

The compromise was at Workscape which I imagine had not integrated its network with ADPs larger network. The organization appears not to have much to do with payroll or money services at all.

Re:Not exactly ADP (2)

chroniclinux (1916066) | more than 3 years ago | (#36461370)

If I remember correctly, as of a year ago ADP still uses MSIE and ActiveX. Fixing someones payroll machine is... fun?

Re:Not exactly ADP (1)

Anonymous Coward | more than 3 years ago | (#36461630)

From an end-user perspective, their systems are a complete bag of shit. Nuff said.

Re:Not exactly ADP (2)

FatAlb3rt (533682) | more than 3 years ago | (#36461656)

Our HR lady needed to have a digital cert installed on her machine to gain access. Their site is usually very slow to navigate and I personally hate the design - very capable, but lots of wasted time and clicks to do it.

Re:Not exactly ADP (1)

cavreader (1903280) | more than 3 years ago | (#36461854)

MSIE is still the recommended browser although a lot of the internet applications are also tested against FF, Chrome, and Safari. And ActiveX controls have been removed from the equation as the applications have matured over the years. There might be a old application out there some where using ActiveX but I have not seen any in the applications coming from corporate IT.

Re:Not exactly ADP (1)

EXrider (756168) | more than 3 years ago | (#36462042)

I just helped (and by help, I mean did way more than I should've had to) ADP and our HR department migrate our time & attendance from the ancient 16-bit POS that is eTime, to their Workforce Now hosted product; and our payroll from PC Payroll to whatever it's new web hosted equivalent is. I get a lot of complaints that it's slow as hell and from what I've observed, it does not work in Chrome or Firefox. The whole implementation project was poorly managed by them, and pretty much everything short of a complete disaster with people's PTO and Vacation accruals getting screwed up, garnishments getting charged twice, the wrong timeclocks and components being delivered repeatedly, etc. Yeah, I'm glad it's over.

I should mention that their support group is pretty friendly and competent, besides the complete disconnect between their payroll and time & attendance divisions.

Re:Not exactly ADP (1)

cavreader (1903280) | more than 3 years ago | (#36464586)

ADP like any other big coporation has grown through global acquisitions of smaller companies that provide the same type of services and they inherit a wide range of applications and data that must be consolidated. It takes time to do this and some people will need to keep using the old systems until it can be integrated with the rest of the systems. New or exisiting customers do not have this problem. ADP also relies heavily on Salesforce integration which takes some decision making power away from the internal IT group. Some corporate payroll systems also have their own requirements and limitations on how their internal systems interface with a 3rd party which can create a whole other set of problems.

Re:Not exactly ADP (1)

EXrider (756168) | more than 3 years ago | (#36465618)

Some corporate payroll systems also have their own requirements and limitations on how their internal systems interface with a 3rd party which can create a whole other set of problems.

Yeah, I understand that, but we were using ADP's payroll system (and T&A), not our own, or some other 3rd party solution. You would think that it would be pretty straightforward since it's all involving ADP's own products. At one point our "Implementation Specialist" realized that not only had they forgot to implement the PTO accrual formulas on the new payroll system, they also forgot the current PTO accrual balances from the old system. They told our HR manager that she would have to have someone print out a massive report from the old system and manually type all of the values into a spreadsheet because the values couldn't be exported from the old system. This would've taken several days to complete, not to mention all the opportunities for human error and the values changing constantly. This is absurd given that the system is backed by a SQL database. I refused to settle for that answer and finally got ahold of someone in their support department that could help us export the accrual data from their payroll system in a usable format.

Re:Not exactly ADP (1)

laurelraven (1539557) | more than 3 years ago | (#36464930)

...everything short of a complete disaster with people's PTO and Vacation accruals getting screwed up...

We switched to ADP a little over a year ago. They've still not gotten the PTO problems worked out, and if I want to know how much I have, I have to contact HR and have them manually go through and work it out by hand.

Sad to say, I actually sometimes miss the old way of filling out an Excel sheet for my time card...it was painful and awful, but at least it worked.

Re:Not exactly ADP (0)

Anonymous Coward | more than 3 years ago | (#36475594)

of course its not your company doing the screw up is it? I am also certain your payroll admin is trained and qualified and experienced as FPP/CPP huh? Or maybe she/he is just some dude.

Re:Not exactly ADP (1)

crow_t_robot (528562) | more than 3 years ago | (#36461668)

I recall a time when my accounting people required MSIE and ActiveX controls to access ADP's services

My company uses it and it still does. I hate it so much. Having to open up IE to log in and use it is like casting a spell to open a portal into Satan's asshole.

Re:Not exactly ADP (1)

erroneus (253617) | more than 3 years ago | (#36462016)

Wow... yet another goatse.cx troll... it was wasn't it? The description certainly reminded me of it.

Re:Not exactly ADP (1)

Ucklak (755284) | more than 3 years ago | (#36461978)

It's a closed system so MSIE and Active X doesn't matter. The troubling part is the RSA tokens that were hacked.

The client access is a 3 tier login.

Re:Not exactly ADP (2, Interesting)

Anonymous Coward | more than 3 years ago | (#36462282)

I have fairly extensive knowledge of the ADP product set, hence my use of the coward..

The platform you are talking about is actually ADP Freedom, a somewhat ambitious product developed in the US and now only used by the UK arm. A certificate is required for all admin accounts, same with the ActiveX components. The biggest single issue is that the Activex controls have to be installed directly from a dedicated site, there was no MSI package available, although I believe this is being considered. As such each admin station had to have an admin account logon, visit the site and install. They are not used as part of the security model in any way and are really just used to render data. The certificates are easy, you can have as many as you want and export them at will.

The IE tie in was to my eyes a mistake, one which I know a lot of noise has been made, both internally and with clients. While with a little work you can run the client (employee portal) on any browser the admin side uses a Crystal component as well as a couple of in house ones. This makes it a non starter on anything but IE. But then you have to look at the market when the product was designed, back then it was IE everywhere and they were not alone in buying in to the platform. Also don't forget that they copped a lot of flack when they finally decided to start dropping support for IE 6.

In the past the performance was certainly not as good as it could have been. Some serious investment was made to the back end last year with better load balancing and more nodes on the cluster. The new platform is serious, scalable and a lot more stable than once it was.

ADP do take security seriously, while they could be better they are better than many organisations. The biggest security risk they face however is the clients themselves. End users that can't understand why they insist on sending items such as copy payslips as encrypted files and so demand that they are just sent as PDF attachments, clients that bitch about a 15 minute time-out on non activity, clients that run bonsi buddy and google tool bars... the list goes on.

Re:Not exactly ADP (0)

Anonymous Coward | more than 3 years ago | (#36462896)

Regardless of how integrated Workspace is with the rest of ADP a look at the client list on the site is a bit concerning. I see some pretty big names like Raytheon and CIGNA. http://www.workscape.com/OurClients/Client_List.aspx

Re:Not exactly ADP (1)

thesteveco (20012) | more than 3 years ago | (#36463350)

Having worked at a financial institution I can say that you might be surprised to see how loosely some connections to vendors can be, much less partners or acquisitions. As much as I like to hope that ADP raises the bar, I've seen some rather terrifying things in the past in the way systems can be interconnected.

RSA, BofA, Citi, Lockheed, now ADP... it's getting really scary out there. I'm rapidly losing any faith in the security of my information, whether they actively or passively have my consent to store it.

Re:Not exactly ADP (0)

Anonymous Coward | more than 3 years ago | (#36472796)

You're correct. This 'Breach' was in an outdated old application which is no longer sold and the breach appears to have only affected one client. I bet it is a big client though because a major move would mean project planning and a change in system integration. My bet is ADP has recommended multiple times before that this client move systems and I bet they refused. Speculation....yes....likely to be true though.

Why investigate? (1)

Lord_of_the_nerf (895604) | more than 3 years ago | (#36461338)

It was clearly 'Anonymous'. Or has Sony trademarked that excuse?

Re:Why investigate? (1)

Exitar (809068) | more than 3 years ago | (#36461452)

Anonymous is sooooo last month!
It's clearly LulzSec!

Hows that cloud working for everyone? (0)

Anonymous Coward | more than 3 years ago | (#36461496)

Still feeling like its a good idea?

So much hacking news (1)

AHuxley (892839) | more than 3 years ago | (#36461582)

Somebody must be really wanting to roll out a killswitch, protect all that wide open US electrical grid, rod go up/down via modem at the nuclear plant, telephone exchange and your brand new networked power meter.
How many millions will be handed over to contractors and any foreign entity with a security clearance to fix a secret wireless communications channel with remote secure control to any device that speaks "internet"?
Some 'admin' having a bad script kiddies day with Microsoft again, triggers a state/tri state net security disconnect for a few hours ... or .. was it the aggressor nation?

Re:So much hacking news (1)

wintercolby (1117427) | more than 3 years ago | (#36462404)

A kill switch is just about the dumbest idea ever. As soon as it's made, it will then be every bit as vulnerable as all of these systems that are getting hacked. It would become the quickest, easiest massive DoS attack to pull off, and it would give all of the hacking/cracking community a clear and obvious high value target. Given a dedicated enough team of black hats, it's not a matter of if it gets compromised, its a matter of how long.

Re:So much hacking news (1)

tlhIngan (30335) | more than 3 years ago | (#36464004)

A kill switch is just about the dumbest idea ever. As soon as it's made, it will then be every bit as vulnerable as all of these systems that are getting hacked. It would become the quickest, easiest massive DoS attack to pull off, and it would give all of the hacking/cracking community a clear and obvious high value target. Given a dedicated enough team of black hats, it's not a matter of if it gets compromised, its a matter of how long.

A DoS isn't a bad thing compared to getting silently intruded. And DoS tends to be from amateur shops just wanting a few lolz and such. The worst thing is a DoS attracts attention - people notice things are down and work to find out why.

Sony, Citibank - I can bet that the attacks happened for a long while - Sony only shut down PSN after they noticed the odd transactions, and by then it was too late.

Also a DoS isn't profitable. Sure it hurts the company, but oh well. Stealing their data means it hurts the company AND gives them something to sell on the black market.

Think - Epsilon DoS'd - a bunch of marketing emails don't go out. But get at their list of data and you have emails and names. Very useful if you want to go phish. Ditto Sony's customer data. PSN was DoS'd and... nothing happened other than a few gamers got upset. But take 100M+ customer records? Goldmine.

Hell, Anonymous' DoS of PSN probably got Sony investigating when they discovered the breach.

Re:So much hacking news (0)

Anonymous Coward | more than 3 years ago | (#36467058)

Also a DoS isn't profitable. Sure it hurts the company, but oh well. Stealing their data means it hurts the company AND gives them something to sell on the black market.

(emphasis mine)

Unless of course the people conducting the DoS is being paid to do so. This is far from uncommon.

Perhaps more of it's finally being disclosed (1)

Anonymous Coward | more than 3 years ago | (#36462748)

Properly and on time, instead of being hidden, to defend share price?

Ever think of that??

E.G.-> SONY took a 4% drop in stock when they were hacked/cracked for example.

That said? It's NO SECRET that many companies try to "hide it" (while their boards of directors ditch shares like mad before the news hits and people lose faith in them due to security breaches).

However, lately??

It seems that trend has reversed itself and we're seeing what is occuring in a timely fashion.

(That's a good thing for end users of these companies' services online, because they will most likely do something about it from a network security perspective once they're aware of any deficiencies there due to these hacks/cracks.)

In fact - Since you're "speculating" (though it may be possible, ala "problem/reaction/solution" type manipulations of the public often done by those in power) and, the way you talk?

Hey - I could say you're a member of "anonymous" or "lulzsec" or some other malware maker or hacker/cracker for pete's sake, trying to "sway public opinion" yourself, so that protective measures are NOT taken!

Anyone can speculate, problem is? NONE OF US HAS ENOUGH INFORMATION, & solid undeniable information, to make any type of judgements here.

We have to wait to see how it all plays out, as far as that is concerned... period!
APK

P.S.=> Oh, It's not just Microsoft stuff either, in regards to this little tidbit from you:

"Some 'admin' having a bad script kiddies day with Microsoft again" - by AHuxley (892839) on Thursday June 16, @09:00AM (#36461582) Homepage

This is happening on ALL platforms... case-in-point/example? Ok:

E.G. #1 (very recent): What about MacDefender malware appearing on MacOS X? The OS that was allegedly implied by Apple to be "more secure than Microsoft's" for years?

E.G. #2 (very recent): Also, and as far as "LAMP" (Linux, Apache, MySQL, PHP for those "not in the know" on that account) goes?

I'll let this article from the Register speak on that account here, for me:

http://www.theregister.co.uk/2011/06/10/domains_lamped/ [theregister.co.uk]
---

PERTINENT QUOTE:

"Phishers compromise LAMP-based websites for days at a time and hit the same victims over and over again, according to an Anti-Phishing Working Group survey. Sites built on Linux, Apache, MySQL and PHP are the favoured targets of phishing attackers"

---

Now - For comparison's sake, Apples-To-Apples, in the MS Stack for business online? Here we go:

---

Vulnerability Report: Microsoft SQL Server 2008:(06/16/2011)

http://secunia.com/advisories/product/21744/ [secunia.com]

Unpatched 0% (0 of 0 Secunia advisories)

---

Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x: (06/16/2011)

http://secunia.com/advisories/product/17543/ [secunia.com]

Unpatched 0% (0 of 6 Secunia advisories)

---

Vulnerability Report: Microsoft Exchange Server 2010: (06/16/2011)

http://secunia.com/advisories/product/28234/ [secunia.com]

Unpatched 0% (0 of 0 Secunia advisories)

---

Vulnerability Report: Microsoft Internet Explorer 9.x: (06/16/2011)

http://secunia.com/advisories/product/34591/ [secunia.com] [secunia.com]

Unpatched 0% (0 of 1 Secunia advisories)

---

Vulnerability Report: Microsoft Visual Studio 2010: (06/16/2011)

http://secunia.com/advisories/product/30853/?task=advisories [secunia.com]

Unpatched 0% (0 of 1 Secunia advisories)

---

And?

Well, We already KNOW that Windows 7:

http://secunia.com/advisories/product/27467/?task=advisories [secunia.com]

Has less bugs unpatched than Linux 2.6x also:

http://secunia.com/advisories/product/2719/?task=advisories [secunia.com]

(In the mainstream kernel, & KERNEL ONLY, not the entirety of a Linux distro mind you which would make those #'s go "up, Up, & AWAY" if the bugs in the parts that go in a full distro were listed there too, vs. a COMPLETE OS in Win7)

... apk

Re:Perhaps more of it's finally being disclosed (-1)

Anonymous Coward | more than 3 years ago | (#36463826)

OMfuckingG, you're back? Cause certainly nobody would want to impersonate you. If only ADP knew about your magic hosts file.

Mr. AC offtopic troll's HOSTS file blunders list (1)

Anonymous Coward | more than 3 years ago | (#36464032)

After all - It's not the 1st time you've tried to troll me on HOSTS files either...

In fact, here are 2 of your "classic technical blunders" in fact, Mr. AC troll, in regards to HOSTS files usage:

---

E.G. #1 - LARGE HOSTS FILES BEING CACHED BY THE LOCAL KERNEL-MODE DISKCACHING SUBSYSTEM (recently here no less, you screwed up THERE, hugely):

http://it.slashdot.org/comments.pl?sid=2220314&cid=36379004 [slashdot.org]

E.G. #2 - HOSTS ON ANDROID PHONES (yes, they work there):

http://apple.slashdot.org/comments.pl?sid=2204000&cid=36318508 [slashdot.org]

---

Proof's in the pudding, Mr. AC troll...

APK

P.S.=> Face it - On your best day, You couldn't touch me on technical issues if you're LIFE depended on it, and you know it...

However, since I am of an open mind & I can only get STRONGER VIA VALID CRITIQUE?

Well - What's "computer-science oriented technically wrong" (for lack of a better expression here) with my points on HOSTS files then?

(Especially since I even shown that I had an MS mgt., SENIOR VP mind you, of the "Windows Client Performance Division" for years & at that time, agree that I was correct on my points on HOSTS files, ala -> http://slashdot.org/comments.pl?sid=1467692&cid=30384918 [slashdot.org] )?

I can cite many posts where my points on HOSTS files were modded up also, ala:

---

HOSTS MOD UP -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608 [slashdot.org]
HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1490078&cid=30555632 [slashdot.org]
HOSTS MOD UP -> http://it.slashdot.org/comments.pl?sid=1869638&cid=34237268 [slashdot.org]
HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1461288&threshold=-1&commentsort=0&mode=thread&cid=30272074 [slashdot.org]
HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1255487&cid=28197285 [slashdot.org]
HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1206409&cid=27661983 [slashdot.org]
HOSTS MOD UP -> http://apple.slashdot.org/comments.pl?sid=1725068&cid=32960808 [slashdot.org]
HOSTS MOD UP -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147274 [slashdot.org]
HOSTS MOD UP -> http://news.slashdot.org/comments.pl?sid=1913212&cid=34576182 [slashdot.org]
HOSTS MOD UP -> http://it.slashdot.org/comments.pl?sid=1530066&cid=30965192 [slashdot.org]
HOSTS MOD UP with facebook known bad sites blocked -> http://tech.slashdot.org/comments.pl?sid=1924892&cid=34670128 [slashdot.org]
HOSTS FILE MOD UP FOR ANDROID MALWARE -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952 [slashdot.org]
HOSTS FILE MOD UP vs ANDROID MALWARE -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952 [slashdot.org]
HOSTS MOD UP ZEUSTRACKER -> http://it.slashdot.org/comments.pl?sid=2059420&cid=35654066 [slashdot.org]
HOSTS MOD UP vs AT&T BANDWIDTH CAP -> http://tech.slashdot.org/comments.pl?sid=2116504&cid=35985584 [slashdot.org]
HOSTS MOD UP CAN DO SAME AS THE "CloudFlare" Server-Side service -> http://it.slashdot.org/comments.pl?sid=2220314&cid=36372850 [slashdot.org]

---

How about slashdot users that do well using HOSTS files as well?

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"They've been on my HOSTS block for years" - by ScottCooperDotNet (929575) on Thursday August 05 2010, @01:52AM (#33147212)

"Better than an ad blocker, imo. Hosts file entries: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] [mvps.org]" - by TempestRose (1187397) on Tuesday March 15, @12:53PM (#35493274)

---

Also, how about a DIRECT QUOTE from a respected security pro (from securityfocus.com, a division of SYMANTEC/NORTON) on the note of HOSTS files too?

Resurrecting the Killfile

Oliver Day, 2009-02-04

FROM -> http://www.securityfocus.com/columnists/491 [securityfocus.com]

---

PERINTENT QUOTES/EXCERPTS:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet â" particularly browsing the Web â" is actually faster now."

and

"The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

and

"This is a solution I've seen used in small communities around the Internet. Not application-based killfiles, but diving down through the network stack and blocking things at a lower level using host files. The host file is the first file that applications query when looking for an address on the network. Each of the hosts considered as unwanted guests can be given an entry in the host file pointing to 127.0.0.1, the default loopback address, effectively blocking them."

---

Hmmm? You're off topic though, trolling as per usual, Mr. AC TROLL, & FAILING... on ALL levels! Give up already... quit while you're already MILES behind!

... apk

Re:Mr. AC offtopic troll's HOSTS file blunders lis (-1)

Anonymous Coward | more than 3 years ago | (#36464356)

I can't believe you took the bait? Really, you want to be that easy? Too bad I am just another voice in your head replying to myself. Take your Lamictal. We got work to do on the 3dFX tuner.

Running away from disproving points on HOSTS? (-1)

Anonymous Coward | more than 3 years ago | (#36464622)

Especially after your fine showing here http://it.slashdot.org/comments.pl?sid=2243006&cid=36464032 [slashdot.org]

Write properly please troll (-1)

Anonymous Coward | more than 3 years ago | (#36464770)

Was that supposed to be a rhetorical question? Learn to use them properly troll (quoting your futher mistakes below):

I can't believe you took the bait? Really, you want to be that easy?

You should have written it "I can't believe you took the bait. Do you really want to be that easy?" It must be the drug you mentioned that you obviously have experience taking yourself. It appears to be scrambling your brain because you cannot even turn phrases properly. It's that or you are just illiterate. Take your pick. Either way you fail. Additionally, if you're going to troll here, at least learn to write properly please. Thank you (from a concerned citizen that doesn't want to spend time deciphering your hieroglyphics style of troll speak).

Re:Write properly please troll (0)

Anonymous Coward | more than 3 years ago | (#36465442)

Listen, you know it was prescribed to us. We don't want to go back THERE.

- JL

Don't tell it to me, tell it to him (0)

Anonymous Coward | more than 3 years ago | (#36465600)

here http://it.slashdot.org/comments.pl?sid=2243006&cid=36463826 [slashdot.org] or here http://it.slashdot.org/comments.pl?sid=2243006&cid=36464356 [slashdot.org] the poor troll can't even write correctly. School that troll please. I can't handle his hieroglyphic style of illiterate trollspeak. Must be those meds he mentioned he obviously takes. Thank JL.

HOSTS can be useful vs SQL Injection attacks... (0)

Anonymous Coward | more than 3 years ago | (#36472432)

If ADP was penetrated via an SQL Injection hack (or even a MASS MESH attack, much Much worse)?

The use of a HOSTS file is a good layered security measure!

(Simply because once you get the names of the servers they are talking back to via the malware those can direct you to?? HOSTS files truly ARE an excellent extra layer of defense for blocking communication w/ them!)

* However , ADP's not talking yet on details, afaik!

APK

P.S.=> You're pitifully inadequate on technical details anyhow, as evidenced in your FAIL list vs. myself here, Mr. AC Troll:

http://it.slashdot.org/comments.pl?sid=2243006&cid=36464032 [slashdot.org]

Which shows you've tried this before & screwed up on the fact that HOSTS files (even larger ones where you must turn off the local DNS client cache service in Windows for) get CACHED BY THE LOCAL KERNELMODE DISKCACHING SUBSYSTEM, & THE FACT THAT HOSTS FILES WORK ON ANDROID MOBILE PHONES ALSO... lol, man: You? You are STOO-PID, no questions asked, & a noob in the art & science of computing!

... apk

That a VERY "telling" reply in regard to your (0)

Anonymous Coward | more than 3 years ago | (#36472452)

Impersonating me... to wit/e.g., quoted from YOU:

"Cause certainly nobody would want to impersonate you" - by Anonymous Coward on Thursday June 16, @11:46AM (#36463826)

Ahem, bullshit: Your saying that telegraphs that You've tried that very thing here before, obviously, & I have evidences of that from this week alone here:

http://it.slashdot.org/comments.pl?sid=2227792&cid=36400620 [slashdot.org]

and here in the past also:

http://it.slashdot.org/comments.pl?sid=2227792&cid=36400620 [slashdot.org]

You really are a piece of garbage!

Plus, your "FAIL LIST" vs. myself, everytime you've tried to troll me on HOSTS files also:

http://it.slashdot.org/comments.pl?sid=2243006&cid=36464032 [slashdot.org]

Illustrates you are truly a noob in the computer sciences arena, and stupid also... period! I can't put it any more lightly than that...

... apk

Re:So much hacking news (1)

ginbot462 (626023) | more than 3 years ago | (#36463692)

I see why you picked your user name. ... I wish I could say your wrong, and you probably are on this particular instance, but eventually it will be the new enemy: digital terrorist (just like the predecessors: Communists, War on Drugs, etc.). Then it is a brave new world indeed.

Verrrrry Interrrrrestink (0)

Anonymous Coward | more than 3 years ago | (#36461586)

My take on this subject is that Anonymous and Seclulz like to piss all over their own work, thereby letting everyone know who dunnit. This really stinks of some 3 letter acronym organization wanting to destabilize the infrastructure. CIA, NSA, PRC, PLA, NWO?
Thh truth is out there

Re:Verrrrry Interrrrrestink (1)

BVis (267028) | more than 3 years ago | (#36461758)

Wow, the tinfoil hat brigade is out in force on this one.

Re:Verrrrry Interrrrrestink (2)

fermat1313 (927331) | more than 3 years ago | (#36462182)

This really stinks of some 3 letter acronym organization wanting to destabilize the infrastructure. CIA, NSA, PRC, PLA, NWO?

Why is it that so many people on /. automatically assume, without any evidence presenting itself, that anything bad is the act of some government conspiracy? Yeah, it could have been the government, but that is just one of many plausible answers. In most of the cases that aren't due to the cybervandals like Anonymous and Lulzsec, the much more likely culprit are professional criminal cracking organizations, who can make a lot of money on the data they can extract from large organizations that have huge stores of private information.

If you can give any evidence that this or another specific event was orchestrated by the government, then let's see it. Otherwise you're just adding noise. We're supposed to be geeks who care about using scientific principles to finding the truth, aren't we? Occam's razor, my friend. Believe in it.

I live 1/2 mile away from headquarters (0)

Anonymous Coward | more than 3 years ago | (#36461750)

I live 1/2 mile away from headquarters
ahahaha, ADP no way.............

Re:I live 1/2 mile away from headquarters (0)

Anonymous Coward | more than 3 years ago | (#36461844)

Aren't you special.

Re:I live 1/2 mile away from headquarters (1)

rogabean (741411) | more than 3 years ago | (#36462412)

Yeah well I am sitting in the headquarters right now at my desk... don't feel too special. I don't.

Hey hacker... (1)

Anonymous Coward | more than 3 years ago | (#36462706)

Just add a couple extra non-zero digits to the left side of the dollar column in my paycheck this week. I'll split it with you.

It's funny.... (1)

Anonymous Coward | more than 3 years ago | (#36463108)

I was complaining to the HR person at my previous company that the password policy of ADP is so terrible that it encourages extremely bad behaviour with password management (really really draconian password requirements that you basically end-up having to use a random password generator). I said that it's not great security wise & the response was that "This is a huge company that a lot of people use & I'm sure they know what they're doing better than you". At that point I gave up on continuing that thread of the conversation. They also tend to use your SSN all over the place, cause... you know.... employment....

Re:It's funny.... (0)

Anonymous Coward | more than 3 years ago | (#36471232)

well you are stupid. The password system is 8 or more characters with at least one number and one capital letter and you can use special characters. The SSN's are for your fucking federal ID and all you have to do is request another method of registration and you don't have to use your SSN but your company doesnt tell you that when we tell them huh?

Hacking news (0)

Anonymous Coward | more than 3 years ago | (#36464344)

Hacking is only becoming such big news now because the US congress is trying to push more crap legislation through to screw up the internet. Hacking will become the new "TERRORISM" excuse for violating civil rights.

But...as the dumb sheep they are, most citizens will just lay there and take it like everything else we get hosed with.

ADP Security (0)

Anonymous Coward | more than 3 years ago | (#36467188)

ADP is the company that protected its 401K accounts by having people type in their Social Security Number and a 4-digit Pin. To protect against a brute force attack on the 4-digit pin, they had a browser cookie count the number of tries, and if the browser cookie reached 3, then some javascript would say that you had to wait until some time elapsed on the client's clock.

When contacted about this, they insisted that it was secure because of the enforced delay. When I sent them a demonstration of how to hack my own PIN with program that just kept the cookie login count set to 1 and a request that they disable all network access to my account, they refused, saying that they had no means to disable it. ADP is garbage.

Insecure (0)

Anonymous Coward | more than 3 years ago | (#36467796)

I had a representative of ADP come in to our office to begin the process of signing our company up. I saw my SSN plastered all over everything -- the forms, my login name, etc. I told them I would not authorize myself to be part of their system when my personal data was so easily visible. She said she would get it all obscured/changed. She never did, never returned my calls, and all paperwork I received from them had personal data all over it.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>