Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Monster.com Attacked, User Data Stolen

Zonk posted about 7 years ago | from the rarr-snarl dept.

The Internet 196

Placid writes "The BBC has an article detailing a successful attack on the US recruitment site, Monster.com. According to the article, 'A computer program was used to access the employers' section of the website using stolen log-in credentials' and that the stolen details were 'uploaded to a remote web server'. Apparently, this remote server 'held over 1.6 million entries with personal information belonging to several hundred thousands of candidates, mainly based in the US, who had posted their resumes to the Monster.com website'. The article also links the break-in to a phishing e-mail sent out recently where personal details were used to entice users to download a 'Monster Job Seeker Tool.'"

cancel ×

196 comments

Sorry! There are no comments related to the filter you selected.

4,3,2... (2, Interesting)

timmarhy (659436) | about 7 years ago | (#20314831)

i smell a lawsuit

Tomorrow's Ad today (4, Funny)

JonTurner (178845) | about 7 years ago | (#20314849)

Wanted:
New sysadmin. Must have experience in data security. Submit resume to adminjob@monster.com

Re:Tomorrow's Ad today (3, Funny)

Harmonious Botch (921977) | about 7 years ago | (#20315155)

I did it. Hire me.

Re:Tomorrow's Ad today (1)

bazorg (911295) | about 7 years ago | (#20316669)

Prince Charming is that you?

Re:Tomorrow's Ad today (5, Funny)

high_rolla (1068540) | about 7 years ago | (#20315323)

Yeah, followed by the new marketing campaign: "Nobody else makes it this easy for your details to reach more employers"

Re:Tomorrow's Ad today (5, Interesting)

janrinok (846318) | about 7 years ago | (#20315325)

I don't agree. If you RTFA, you will see the the system was penetrated by using valid UIDs and passwords, which had been previously gathered using a phishing attack. Any system is vulnerable to such an attack and you can hardly line all up all sysadmins and have them shot - despite any justification that the odd one might actually deserve it. But I am surprised by the number of techies that fell for the phishing attack in the first instance.

Blame the data security officers & project mgr (4, Interesting)

JonTurner (178845) | about 7 years ago | (#20315503)

Upon reflection, I agree with you. It's not the admin's fault -- once it was in the admin's domain, it was already too late. IMO, This breech happened due to a design shortcoming, not a programming error. Let me explain: Any serious company with an internet presence should be asking "When a loss of an external user account/password occurs, what's the maximum damage that can occur? What can we do to minimize the impact?" Frankly, there is no reason at all that one user account (or even dozens) should be able to download 1.6 MILLION (!!) resumes. That's an incredible number!

I'm shocked to think Monster doesn't have a limit on the # of resumes an account is able to d/l per some time period. (week/month/quarter). I don't know what that number is, but I'm thinking closer to "100" than "1.6 million". And didn't they run some cumulative activity reports once in a while to learn which accounts are the most active? And to what IP's the requests are being served? At the least, you'll know who your biggest customers are (or at least the ones who are taxing your servers) and where the data is going. At best, you'll spot problems like this breech as it is happening at stop it.

So if someone must be sacrificed, line up the data security officers and a project manager or two. It's their job to be asking these questions and ensure they are compliant.

Then again, hindsight is 20/20. Maybe the best thing that occurs from all this is we, on the sidelines, learn from their mistakes.

Re:Blame the data security officers & project (2, Insightful)

timmarhy (659436) | about 7 years ago | (#20315769)

it's called division of power. don't allow any one person the power to perform such a hack, and it raises the bar a lot.

Re:Blame the data security officers & project (1)

ptudor (22537) | about 7 years ago | (#20316377)

Having RTFA, my first comment is "wow, what a great press release from Symantec."

The sort of anti-spider technology you describe was in place years ago and likely still is; think of the trade value of Monster's data. Now, instead of the traditional overly active account from an identifiable netblock imagine someone using their own zombie network to scrape a single resume/job/data an hour from across a few thousand machines. Wild speculation on my behalf but it's easy to fly under the radar if you try. (There are probably plenty of people competent enough to avoid common active countermeasures, story at eleven.)

Re:Blame the data security officers & project (0)

Anonymous Coward | about 7 years ago | (#20316561)

As a recruiter i regularly look at several hundred CV's off Monster in a day and part of the payment plan is x ads per month and unlimited CV search. If they limit it they will have to reduce prices or lose subsribers. Remember it's us that pay not the candidates.

That is also why we have no remote access to the office network and it all lives behind a centos server. We want someother agency to be an easier target for id theft than us. In the UK we have to keep records of all candidates for 1 year after we last deal with them by agency law so the big agencies probably have similar numbers of records to the jobboards floating around their systems.

Re:4,3,2... (0, Redundant)

bakana (918482) | about 7 years ago | (#20314963)

Good thing I have only used DICE. I can understand this better since it happened to Monster.com, a generic website that has jobs for the general public. If this occurred with DICE, then I'd be pissed. Dice is a website that helps techy people find techy jobs, I would hope the site is secured by techy people as well.

Monster attack steals user data (5, Insightful)

Nibbler999 (1101055) | about 7 years ago | (#20314857)

I like the BBC headline better.

Re:Monster attack steals user data (1)

niceone (992278) | about 7 years ago | (#20315109)

I like the BBC headline better.

I saw that BBC headline, but I didn't read the article because it sounded like a joke story... it's clever, but didn't do it's job (make me read the story).

nah (1)

someone1234 (830754) | about 7 years ago | (#20315235)

There would have been dozens of comments which insult the submitter for the bombastic title.

Re:Monster attack steals user data (4, Insightful)

ObsessiveMathsFreak (773371) | about 7 years ago | (#20316023)

I liked it when Slashdot got its tech stories before the mainstream news outlets.

Phishing Attack (4, Funny)

grahamux (539822) | about 7 years ago | (#20314861)

You know, every time I get an email telling me my Bank of America account is going to be frozen, and should go to http://myaccounts-bankofamerica.net/ [myaccounts...merica.net] I always ask myself "Who actually falls for this stuff?". Now, I know. The people I look to for jobs. /cheer

Re:Phishing Attack (4, Funny)

Farmer Tim (530755) | about 7 years ago | (#20314941)

What, you needed more evidence that your (potential) boss is an idiot?

Re:Phishing Attack (4, Insightful)

timmarhy (659436) | about 7 years ago | (#20315285)

It seems to be a universal fact that to be in HR you need to always have an IQ lower then the people you are interviewing. It certainly has been in every company i've worked at.

remember, these are the type of people who were putting "5 years experience required in windows 2003 admin" in 2005.

Re:Phishing Attack (3, Funny)

jombeewoof (1107009) | about 7 years ago | (#20315383)

It seems to be a universal fact that to be in HR you need to always have an IQ lower then the people you are interviewing. It certainly has been in every company i've worked at.


remember, these are the type of people who were putting "5 years experience required in windows 2003 admin" in 2005.

I have the official HR handbook. The basic rule is "You can be NO smarterer than the chair you sit in"

Re:Phishing Attack (5, Insightful)

arivanov (12034) | about 7 years ago | (#20315493)

Err... You are missing the point.

Monster.com was broken in for spearphishing, not for sending bulk emails regarding "Bank of America". Spearphishing as a term is used to describe a phishing set up which is designed to hit a victim specifically by using a victim specific ruse based on knowledge of personal data.

Recruitment agencies are actually a prime target for such attacks:

1. Nearly all of them (even the specialised unix oriented ones) require all CVs in Microshit Word so pushing a custom Trojan is trivial.
2. Nearly all of them systematically violate the Data Protection act and other similar statutes which require them to remove customer data from their databases when no longer needed. So far in the UK only 3% of the ones I have asked to remove my details have complied with the request. Amidst the most vile violators are the two biggest MOD oriented agencies and more than 50% of the top 20 (by job posting numbers).
3. In addition to that apparently at least one UK (and international) jobboard also does not remove customer data even if you delete your accounts from there. As a result the agencies are re-fed your details on a regular basis.
4. The agencies possess enough data for a perfect spearphish: date of birth, nationality, postal address, occupation, prior job history, current and past salaries as well as further background. In some cases where they have been subcontracted to do HR they possess even more data like NSNs/SSNs, credit ratings and the like.

Frankly this is an industry that is in desperate need to be smacked with some vile regulation compared to which SOX and the recent health IT regs in the US are a child's play. They need to be straightened out and made to follow the laws of the land with regard to customer privacy. At the moment they are systematically ignoring them and in many cases they possess more of your personal information than your bank.

So let's hope that the Monster case will cause some moves towards that.

Re:Phishing Attack (2, Insightful)

Anonymous Coward | about 7 years ago | (#20315883)

Spearphishing as a term is used to describe a phishing set up which is designed to hit a victim specifically by using a victim specific ruse based on knowledge of personal data.
And this month's award for the shittiest neologism goes to...

Re:Phishing Attack (0)

Anonymous Coward | about 7 years ago | (#20316843)

No, you are missing the point, which was that the idiots who fall for those kinds of emails work for Monster.com.

o noes (4, Funny)

yourmomisfasterthana (1097719) | about 7 years ago | (#20314865)

now hundreds of millions will be able to see my resume, instead of the usual tens of millions!

Re:o noes (1)

Dekortage (697532) | about 7 years ago | (#20316493)

That's what I was thinking... like, aren't MORE people seeing those resumes now? Isn't that a GOOD thing?

Of course, it's really a problem for identity theft, since there are many details of a persons' life on their resume. In fact you could call them up and make yourself sound like you knew them: "Hey, this is Jamie over at First Bank of Goobersville... yeah, remember when we worked together before you left for Retail Mega-Schmaltz?" I've even seen resumes where people put down the names of their pets -- hello password-reset questions!

Luckily (0)

ZiakII (829432) | about 7 years ago | (#20314871)

Luckily.......I followed slashdot's add to dice

Hehe (5, Funny)

JimboFBX (1097277) | about 7 years ago | (#20314885)

Last year, a British nurse was blackmailed by hackers who had used a Trojan to access her personal e-mails.
I'll let you guys stew on how ambiguiously funny that sentence is.

Re:Hehe (1)

Capt'n Hector (650760) | about 7 years ago | (#20315243)

As they say, Timeo Danaos...

The real question is (1, Funny)

EEPROMS (889169) | about 7 years ago | (#20314889)

Who actually wants this data, many will think it just some Russian hacker but this doesnt feel right to me. I wouldn't be surprised its a government agency collecting data the easy way.

Re:The real question is (3, Insightful)

dfgchgfxrjtdhgh.jjhv (951946) | about 7 years ago | (#20314937)

the government already has all that data (and more), but it is worth quite a lot to spammers.

They left a ransom note (-1)

Anonymous Coward | about 7 years ago | (#20315183)

Who actually wants this data

They left a ransom note that said:

gIVE US 1 MEEEEELEOONNN DOllARS R YU'll NVuR C YuR DATA A!N!

And then, just to show they were serious, they cut the years 1998-2004 off a Jonathan Q. Doe's resume and pasted it to the note! The savages!

Symantec has a very detailed explanation of it (5, Informative)

indraneil (1011639) | about 7 years ago | (#20314895)

Symantec's explanation [symantec.com]
The trojan (Called Infostealer.Monstres) seems to be using HR login details (possibly stolen) to access hiring.monster.com and recruiter.monster.com sub-domains and download candidate information. It also seems to be similar to a previously known trojan called Trojan.Gpcoder.E [slashdot.org]
Symantec estimates that 1.6 million people (mostly from USA) have been impacted.
They have informed Monster about it

In Soviet Russia... (1, Funny)

Anonymous Coward | about 7 years ago | (#20314897)

In Soviet Russia, Monster.com attacks you!

hmmm (3, Insightful)

wizardforce (1005805) | about 7 years ago | (#20314899)

so Monster had no way of preventing some set of IP addresses from downloading over a million entries? does that sort of thing happen alot and they didn't think it was unusual or what? it would just seem to me that if there were alot of servers downloading an unusual amount of entries that there should be some way to prevent that...

Re:hmmm (0)

Anonymous Coward | about 7 years ago | (#20315177)

Agreed - this smells of incompetancy. At the very lest you would expect that a site of this sort would seperate their application and databases between machines, lock down access rights and activly monitor for surges in usage levels.

Fools.

Re:hmmm (1)

skeftomai (1057866) | about 7 years ago | (#20315463)

Maybe the program had direct access to the database?

Re:hmmm (0)

Anonymous Coward | about 7 years ago | (#20316267)

Agreed - this smells of incompetancy. At the very lest you would expect that a site of this sort would seperate their application and databases between machines, lock down access rights and activly monitor for surges in usage levels.
And this spells of incompetence(y?).

Fools.
Aye, in all their glorious variety.

Re:hmmm (1)

kramulous (977841) | about 7 years ago | (#20315993)

Agreed. That 1.6E06 views of records from one user within x seconds (not sure about time, but a lot faster than anyone, yes even those txt message masters, can key press) should have been detected as a little suspicious. monster.com should be advertising for another sysadmin.

Hmmm.... (0)

Anonymous Coward | about 7 years ago | (#20314925)

what a fucker. SMAHTB

Porn (-1, Offtopic)

Porn Perez (1146003) | about 7 years ago | (#20314957)

WWW.PORNPEREZ.COM Less than $10 bucks a month for thousands of minutes of erotic movies.

Re:Porn (4, Funny)

clickclickdrone (964164) | about 7 years ago | (#20315897)

I know this will get modded down but...
>thousands of minutes of erotic movies
TIP: say hundreds of *hours*. Saying minutes really implies your target audience don't umm, last very long IYSWIM. Not good marketing to insult them up front.

Monster doesn't help anyway--why use it? (3, Informative)

Anonymous Coward | about 7 years ago | (#20314993)

Monster and Dice are just meat markets. Relatively few people actually get jobs there, at least in IT. The real way you get a job is to know someone and have a good network of people. That's how I got my job, Monster and Dice never helped me. They're more like "cattle calls" for movie parts. Who knows, maybe Monster and Dice sell the email address lists to spammers...for the right price?

Speaking of spammers, this [mailto] is for you spambot email harvesters.

Re:Monster doesn't help anyway--why use it? (3, Insightful)

bakana (918482) | about 7 years ago | (#20315039)

Yes, who you know is important. But, if I know someone that works a cool place and a job isn't avialable, where do I look? Your friend isn't going to create a job for you, he can tell you when a job will open up. I highly doubt he can talk his upper managment into thinking a 3rd sysadmin would be needed. A lot of people get jobs because of who they know, for the rest of use who don't rub elbows with the Donald Trumps of IT, we get our jobs the old fashioned way. You either get recruited out of college, like myself, or you go through newspaper, Monster.com, and Dice like millions of others.

Re:Monster doesn't help anyway--why use it? (2, Interesting)

Anonymous Coward | about 7 years ago | (#20315133)

I sure didn't rub my elbows with the "Donald Trump" of IT at my place of work. I just knew someone who recommended me, and I was able to take it from there with my ability. I probably wouldn't have this job but for that person (I wouldn't have even known about the opening).

Unfortunately, Monster and Dice are indeed "cattle calls." More than once I've caught a Monster or Dice recruiter using my resume to try to land a government contract. Then, once getting said contract, that same recruiter fills that same position with one of his or her buddies. Without going into detail, I set up a couple of situations in which I confirmed that this was happening. Unfortunately, to my knowledge, there isn't a law against it (IANAL).

So, the *idea* of Monster and Dice is good. Unfortunately, the real-life *implementation* isn't that good. Furthermore, you risk your information getting stolen, as this incident has shown. You're better off using the newspaper. I always had much better success with the newspaper than those two online cattle-call sites.

Re:Monster doesn't help anyway--why use it? (5, Interesting)

uptownguy (215934) | about 7 years ago | (#20315145)

Monster and Dice are just meat markets. Relatively few people actually get jobs there

Craigslist all the way. I am operations manager for a small IT firm and we've hired our last ten people from Craigslist. The response rate is fantastic. In most major markets, posting an ad is still free (for now). I keep getting calls from a rep. at Monster every three to six months asking me to pay $300-$400 PER LISTING at Monster. I let them know that I am perfectly happy with the quality, quantity and cost of Craigslist. There's a long pause and then they say maybe they'll give me a call in three to six months to check up on me. It's a little silly and arrogant to think that everyone will be able to get a job through personal connections. But Monster and Dice are so 1999. Craigslist is where the real action is.

Hint to other employers out there: I've found that the quality of candidates who respond to postings is directly proportional to the quality of the ad that you post. Put some thought into what you write. (Note: The same holds true for Slashdot.)

Nice to see Wendy's accepts applications online (0)

Anonymous Coward | about 7 years ago | (#20315181)

U Go Grl

Re:Monster doesn't help anyway--why use it? (3, Interesting)

Anonymous Coward | about 7 years ago | (#20315257)

Craigslist is horrible! If I wanted to be scammed, or give details to someone so they can possibly try identity theft hijinks, or just know where I live so they can kick down my door for a home invasion robbery, I'd use them.

I have had zero luck with Craigslist even for buying and selling. When selling, people demand that I accept their temporary checks, and won't pay otherwise, so I tell them to find another victim. When buying, I ask for some proof the item wasn't stolen, or at least show me that the item doesn't have major damage around the Kensington lock slot, and people fail on both these counds.

Its not Craigslist's fault in any way, its just that the site is a criminal's paradise.

Re:Monster doesn't help anyway--why use it? (0)

Anonymous Coward | about 7 years ago | (#20315571)

What does it matter if it's stolen? And how the hell is the person owning the... TV for 3 years going to be able to whip a receipt out of there ass? You are asking too much out of people and it's your own fault that "ufaleCraigslist" also notice erotic services.

I got my job, and met with a lot of very valid job interviews on craigslist. Most post an appropriate link to there site, or the name of there company, you google search it to see if accurate and then contact through the sites HR.

Think of it like Wikipedia, the information you read may not be 100% accurate but it gives you a good start.

Re:Monster doesn't help anyway--why use it? (3, Funny)

penguin_dance (536599) | about 7 years ago | (#20316067)

Craigslist...right.... Lots of ads, like the following:

WEB DEVELOPER needed for growing company, must be prorficient [sic] in PHP, ASP, ASP.NET, C++, Java and XHTML. Students welcome. $10 hr.

Oh, and here's a title from an actual ad now running (you can't make this stuff up):
Big Dog Web Developers Needed for a Big Back End

I don't even want to know.

Re:Monster doesn't help anyway--why use it? (0)

Anonymous Coward | about 7 years ago | (#20316777)

My experience has been the exact opposite. When we posted on monster.com we received more applications and, out of those, we had more qualified candidates. Perhaps it depends on the region, but for us, monster.com was by FAR the better alternative.

Re:Monster doesn't help anyway--why use it? (1)

edittard (805475) | about 7 years ago | (#20315909)

The real way you get a job is to have executive hair, be a graduate of the right school and be related to at least one person whose title follows the pattern C*O
Fixed.

Re:Monster doesn't help anyway--why use it? (1)

baadger (764884) | about 7 years ago | (#20316269)

So what you're really saying is Monster.com is the equivalent of all those useless download sites for awarded software [slashdot.org] ...but for jobs. I think that analogy fits.

This is yet another reason to use Linux (-1, Offtopic)

Anonymous Coward | about 7 years ago | (#20315073)

If the HR/recruiter people used Linux, then this would've been considerably less likely to happen. MS Windows is a plague, because it's so easy to corrupt the entire operating system. I doubt that Mac OS is much better, either (Apple likes to pretend security holes Just Don't Happen To Them).

Here's how these offices should be doing it:

Linux Terminal Server Project [ltsp.org]

That's how the City of Largo, Florida (USA) does it. They have just about every city employee on a LTSP terminal, and I understand that they simply don't have a virus problem. Even the so-called "Aunt Tillie" secretaries are able to do their jobs quite well. Furthermore, the city's IT maintenance and expenditure is way, way down from what it is for other comparable city governments--less than half. I've had similar experiences with LTSP and my own customers that Largo has had.

Linux is simply fundamentally better than MS Windows, *especially* in corporate offices.

Re:This is yet another reason to use Linux (1)

Arimus (198136) | about 7 years ago | (#20315341)

Errrr.... no.

The program used stolen login credentials so linux and any other os would have thought the trojan was a valid user...

cue sound: (5, Funny)

doyoulikeworms (1094003) | about 7 years ago | (#20315077)

M-M-M-Monster Kill (...kill...kill...kill...kill...)

Re:cue sound: (0)

Anonymous Coward | about 7 years ago | (#20315121)

If I had mod points I'd find a way to hack slashdot and give them all to you.

They got me! (3, Funny)

Chris Pimlott (16212) | about 7 years ago | (#20315103)

What a nightmare, I'm already being flooded by dozens of job offers for adult websites development...

Monster sucks donkey nuts (2, Interesting)

Wee (17189) | about 7 years ago | (#20315333)

Heh, heh. I thought the same thing. Monster emails are almost entirely spam anyways. I mean, they may have been relevant a few years ago (that's being charitable) but I've never had anything but crap from them.

Nice bonus is trying to find a link on their website where you can contact a real human. Or contact anyone. They seem to assume that anyone who wishes to contact them is either a job seeker or job poster. I don't think this is an oversight. I do think the staff at monster.com don't want to be conversed with in any way. Slimy.

I removed my "profile" years ago, but somehow they still persist in contacting me. Obviously, it's a one-way thing; I couldn't possibly email I real human there. Because if they *really* wanted to talk to me, I'd ask them to remove all my info and leave me the fuck alone.

-B

So to summarize... (2, Interesting)

saikou (211301) | about 7 years ago | (#20315125)

While the fact that employer's Monster account(s) were stolen/cracked/pilfered is sad, the article says that trojan was essentially storing search results.
That information is available anyways, as people with resumes in open access do want to be contacted so they publish the email/phone/name etc and anyone with a screen scraper can amass this pile of "personal data". There is no indication that job seeker's database was stolen.

As for phishers I had a run in with one company claiming to "hire for Google" and demanding my SSN so they could "put my data into candidate database at Google, that absolutely demands SSN as unique ID".
That was several months ago.

Copied, not stolen (4, Funny)

Meneth (872868) | about 7 years ago | (#20315195)

Seriously, if even Slashdot can't use the word properly, how can we ever expect the MAFIAA to learn?

Re:Copied, not stolen (1)

pembo13 (770295) | about 7 years ago | (#20316061)

It is really kinda sad.

New ads on Monster tomorrow: (2, Funny)

grasshoppa (657393) | about 7 years ago | (#20315213)

Seeking networking security professional for immediate vacancy.

Best headline ever (5, Funny)

FrostedWheat (172733) | about 7 years ago | (#20315231)

This story has the best headline I've seen on the BBC in a long time:

Monster attack steals user data

Ruh-roh! Someone call the Scooby Gang!

Re:Best headline ever (0)

Anonymous Coward | about 7 years ago | (#20316029)

Not quite

FBI tries to fight zombie hordes [bbc.co.uk] is better.

Experts wrong again, (0)

Anonymous Coward | about 7 years ago | (#20315287)

Always telling me about the importance of accurately listing my skills and former employment, without exaggeration.

But my resume is full of lies.
The person described in it is nothing like me!

ha, suck it phishers!

job scams (1)

timmarhy (659436) | about 7 years ago | (#20315301)

This could be used in job scams. be wary of job offers coming in from monster. always get a phone number from the phone book and ring them back to verify.

Re:job scams (1)

thetoastman (747937) | about 7 years ago | (#20315691)

I have already been targeted with at least one job scam as fallout from this.

I have gone back and searched through my Monster mail folder, and have found some interesting items. Apparently the Trojan phish has been tried at least twice. I have a mail message from February 27 and one from March 30 with links to non-Monster sites. The February 27 attempt was a little craftier in that the EXE file was not a part of the URL. The March 30 attempt contained the remote host name, and jobseeker_tool.exe as part of the URL.

Both of the mail messages appear to have come from a Yahoo hosting service, hostingprod.com, which maps to geocities.yahoo.com.

Fun and games, folks.

"US recruitment site"?? (-1, Troll)

Anonymous Coward | about 7 years ago | (#20315311)

What the hell is the deal with saying that certain sites are "US sites", hello, the Internet is AMERICAN.....we invented it and 90%+ of content is AMERICAN. Just say that it is a recruitment site, if a British site was attacked then it would be okay to say "BRITISH SITE" but when you go out of your way to say "US SITE" then it becomes pretty clear that you have an un-American bias, this could be understood if this was a foreign site but this is AMERICA!! Stop watching Micheal Moore movies for a minute and submit your stories right.

Re:"US recruitment site"?? (1)

janrinok (846318) | about 7 years ago | (#20315349)

the Internet is AMERICAN
A troll by any other name......

Re:"US recruitment site"?? (1)

jombeewoof (1107009) | about 7 years ago | (#20315367)

Are you out of your mind?
They specifically state it's a US site because it's a British article.

You're dumb.

Re:"US recruitment site"?? (4, Informative)

IBBoard (1128019) | about 7 years ago | (#20315531)

...you have an un-American bias

We'll stop calling websites for the USA "US Websites" when you stop butchering our language. The word you were looking for is "anti-American" ;) "un-" means "not", "anti" means "against", you meant "bias against America" not "bias that's not American".

Also, if you check your history then Europe created the public WWW (with the CERN site in France/Switzerland) and it was a Brit, Tim Berners-Lee, who first developed HTML and worked on the original HTTP specification (Wikipedia references [wikipedia.org] ).

Re:"US recruitment site"?? (1)

dltaylor (7510) | about 7 years ago | (#20315697)

No, he had it correct. When you tend to identify, with the shorthand "US * site", those web sites either based in, or of particular interest to the citizens/residents of, the United States of America in order to differentiate them from others, you are showing an "un-American" bias to take into consideration a global audience. The OP, blithering idiot that he is, shows a completely "American" bias to denigrate, or at least ignore, the global audience and the accomplishments of those outside "America".

I quoted "American", BTW, since the USofA is only one of many countries in the American continents and "USA" could just as easily refer, for example, to the "Union of South Africa".

Re:"US recruitment site"?? (1)

orcrist (16312) | about 7 years ago | (#20315781)

...when you stop butchering our language.

Your language? Get over yourself. Did I miss the memo where the English who migrated to America suddenly lost their "magical English essence" which apparently comes from being on the soil where the language originally evolved? Kind of like how my sister is more closely genetically related to my parents because she still lives closer to them?

Both Brits and Americans speak descendants of earlier forms of English. Nobody speaks the English which was spoken when America was colonized. A language belongs to all its native speakers. By any sane measure there are at least 3 times as many native speakers of the various American descendants of early Modern English (the English of Shakespeare's era) as there are of the various British descendants of early Modern English. So, democratically speaking.... ;-)

I swear, Brits attacking Americans for perceived arrogance (such as claiming the Internet is purely American) and then turning around and claiming English belongs to them are priceless.

P.S. The Angles, Jutes, and Saxons called from Germany and they ask that you Brits kindly stop butchering their language. :-P

Re:"US recruitment site"?? (5, Funny)

Bloke down the pub (861787) | about 7 years ago | (#20315951)

Nobody speaks the English which was spoken when America was colonized.
Sir, you are quite mistaken, and if you persist in perpetuating these fallacious fripperies I shall be honour bound to demand that you perambulate into my vicinity and repeat them, on pain of fisticuffs. Good day!

Re:"US recruitment site"?? (1)

orcrist (16312) | about 7 years ago | (#20316085)

:-) Now that's the kind of contribution from a Brit which I love: classic British irony. Nicely done.

Not quite acurate... (1)

Toreo asesino (951231) | about 7 years ago | (#20316145)

If you take a look at the history of the English lingo, it was easily recognisable as far back as the 14th century, and discernible all the way back until 900 AD if you really don't mind squinting.
My point is that essentially, US English really isn't much of a shift at all away from English English, which is why many Brits will say that "it's our language". Personally though, I don't think anyone 'owns' a language, but recognition of origin is always nice.

And yes, English language is more or less the same as it was when the US was colonised. Things have changed for sure, but if it's variations you're looking for, you need not look any further than the UK itself - every major city has a variation of English far more extreme than US English will probably ever be.

Re:Not quite acurate... (1)

orcrist (16312) | about 7 years ago | (#20316809)

You didn't read my sister-analogy at all, did you.

US English really isn't much of a shift at all away from English English

U.S. English isn't any kind of "shift" away from English English. They are both (admittedly slight) shifts away from the English which was spoken when they branched off from each other. Strictly speaking U.S. English shifted less, if you consider pronunciation and vocabulary.

Let me state the analogy again, but in more detail:
A couple has two children, let's call them John Doe and Jane Doe. John grows up and moves to another country where he marries and has a child, Jim. Jane stays in the hometown and eventually marries her high-school sweetheart; she and her husband are pretty modern-thinking, so he takes her surname and they have a kid, Jenny. Now does it sound in any way reasonable if Jenny starts talking down to Jim saying the Doe family is *her* family rather than *his*? After all she still lives where the "family started", right? The "origin" here is not the town, but the grandparents.

(in the UK) every major city has a variation of English far more extreme than US English will probably ever be.

This has no meaning. Variations have to be relative to *something*, and I suspect you mean they are variations from some mythical standard English; and what does 'extreme' mean in this context? That the differences among them are greater than the differences between any of them and a given U.S. dialect?

If you take a look at the history of the English lingo

I've done more than take a look. I've studied it.

Look, I know language is fascinating; that's why I studied Linguistics. But I can hardly think of another field where more people think they are qualified to talk about it just because of its application in their daily life. Being facile with language and/or knowing some "little-known" facts, etc. implies no deeper or real understanding of the actual evolution and mechanisms of language than being a great lover makes you an expert in Genetics. Human language is not a construct like computer languages, and you can't meaningfully talk about a given language like some discrete 'object' and say "This is the actual real English and every other dialect is a variation of it", in the same way you can point ANSI C and say what's standard C and what's not.

Re:"US recruitment site"?? (1)

zrq (794138) | about 7 years ago | (#20316663)

Did I miss the memo where the English who migrated to America suddenly lost their "magical English essence" which apparently comes from being on the soil where the language originally evolved?

I think the name kind of gives you a clue here ... 'English' as in 'the language of the people of England' (or more specifically 'the language of the King/Queen of England'*).

It is sort of like an open source project. When you break away from the group and establish your own project, you loose the modification rights over the original code base. If you want to take the basis of the language and evolve a new fork, called say 'American', then go for it.

* Yes, the Scots, Welsh and Irish have their own distinct languages too, but history says that the King who won was the King of England**.
** This was not necessarily a GoodThing(TM).

Re:"US recruitment site"?? (1, Insightful)

Anonymous Coward | about 7 years ago | (#20315907)

And the WWW was originally designed by that well known Briton who was living in France and working in Switzerland...

Beside the articles is written from the POV of the British reader, being as it's on a British news site and it was necessary to distinguish it from the UK portal.

Not everyone lives in the US you know...

Re:"US recruitment site"?? (1)

Mipoti Gusundar (1028156) | about 7 years ago | (#20316471)

Al Gore is being british?

got scammed (1)

PipoDeClown (668468) | about 7 years ago | (#20315379)

well iam not interested in stupid employees or stupid employers who fall for this kind of scamms anyway

Re:got scammed (1)

animelover4all (1146029) | about 7 years ago | (#20315529)

Ironically, I got the e-mail stating that I needed to download the new tools back at the end of '06. Said I couldn't use monster.com if I didn't download these tools. I didn't download the tools, but I can still access monster anytime I need. I still have a copy of the e-mail in my mailbox, actually. Not sure why I've kept it, though....

when did it happen? (1)

Artifex (18308) | about 7 years ago | (#20315425)

It could have been done over weeks or months, some time ago. This story doesn't say. I have had no notice from Monster about the breach in security, yet. Good thing I'm already in the middle of a round of interviews with a great company this week, for which I submitted a resume directly. I look forward to being able to delete my resumes and other information from Monster very soon.

Re:when did it happen? (1)

Cheeze (12756) | about 7 years ago | (#20316255)

and you really, really hope that when you press delete, monster actually removes it from their database.

Omigosh!! (1)

Eastender (910391) | about 7 years ago | (#20315495)

I know my boss is a sadistic, slave driving control maniac, but this!

They have much bigger problems (1)

oxygen_deprived (1127583) | about 7 years ago | (#20315627)

Here in India too, monster runs a portal (monsterindia.com ). The site is full of holes. I had informed them of the problems by email recently, and they did was respond with a "thank you".That was more than a month ago , the holes are still there.
Some examples:
1. An attacker can create a profile/resume with embedded scripts that will steal a profile viewers cookies and post to remote server.( XSS ). This way, one may steal "employers" details.
2. An attacker can post a job with embedded scripts that can steal a job seekers details.
3. There also are more severe holes that have a bigger impact.

Re:They have much bigger problems (1)

Mipoti Gusundar (1028156) | about 7 years ago | (#20315963)

Here in India too, monster runs a portal (monsterindia.com ). The site is full of holes.
Are they being black, and in jolly old calicutta?

I had informed them of the problems by email recently, and they did was respond with a "thank you".That was more than a month ago , the holes are still there.
I am understanding with you dear fellow. This is what is hapenning when u r outsaurcing the support to cheapycheapy 3d world country!

Monster Spam (1)

dharmadove (1119645) | about 7 years ago | (#20315757)

I received many of these emails that my access would be denied to Monster unless I installed the app. Yeah right, like I'm an idiot. Let's install some unknown crap on my PCs... I wanted to forward the emails to Monster's fraud unit but never could find any address on their site to email them to. I looked a long time too, I mean a loooooong time. Nothing but useless FAQ's. If they published a fraud address to forward them to for investigation it might have stopped a lot sooner. I get phishing emails all of the time for Ebay / Paypal on my domains and forward them. They respond (probably automated) but at least they find out in a timely fashion. Monster seems to be pretty lame security wise. Makes you wonder if their security folks have won any Irish lotteries or helped out that poor Nigerian woman collect her millions?

Re:Monster Spam (1)

ArcadeX (866171) | about 7 years ago | (#20316451)

I never even bother searching. When I get fraudmail I just forward to abuse@. If it goes through, kudos to them for using a standard, if not, they may deserve any fraud and odds are they wouldn't check into anything anyway.

Forgot something? (1)

Joseph1337 (1146047) | about 7 years ago | (#20315863)

Maybe now we will know why Kerry forgot Poland...

Same trojan attacked Dutch bank (3, Interesting)

MoreCoffee (1146049) | about 7 years ago | (#20315919)

The Dutch bank was attacked by the 'man in the browser' type of trojan, which cached the output from the challenge-response between user- and bank. This bank by default performs two challenge-response sequences;
1) when loggin in
2) when confirming a transaction
A third, is performed when transferring large amaounts of money.

Appearently, the trojan told the customer the first attempt had failed, (while in the background preparing a transaction, which could be verified by the bank, because the client was so kind to re-autenticate (this time to the transaction challenge, while they were still thinking it was the login challenge)

Here's the story (in Dutch, hurrah)
http://tweakers.net/nieuws/48895/Virus-ontfutselt- geld-van-klanten-ABN-Amro-update.html [tweakers.net]

/steven

And Monster's publicity team says... (4, Interesting)

shadowspar (59136) | about 7 years ago | (#20316245)

Nothing. Absolutely nothing.

The story's all over the media and the internet, Symantec has a blog post [symantec.com] and a virus writeup [symantec.com] , and what's on the front page of Monster? Not a damn thing. No "your personal info may have been stolen", "hey, yeah, that data breach thing, we're looking into it", no acknowledgement of any kind. Their press page [monsterworldwide.com] contains bulletins about the Monster Employment Index and their top ten workplace etiquette tips. Looks like we're going to see another good example of how not to handle negative press related to a security issue.

Re:And Monster's publicity team says... (0)

Anonymous Coward | about 7 years ago | (#20316835)

That's what I was thinking, should I go remove my resume now I'm not sure...
The fact that there's no acknowledgeable or response from Monster
I should just in case, cause what are the chances of this happening again now.
What has Monster done to ensure this won't happen again?

Trustworthiness (1)

just_forget_it (947275) | about 7 years ago | (#20316263)

Is it strange that I trust the thieves with my data more than Monster.com?

What user data? Monster is a fake site (1)

gelfling (6534) | about 7 years ago | (#20316463)

Everyone knows that. I never met a single person ever who ever got a job through monster. Or even got a callback. I doubt 1% of the listings on Monster are real.

I've gotten a few jobs through Monster. (1)

StressGuy (472374) | about 7 years ago | (#20316583)

I've been using Monster.com since it was a gopher site called "occ". These days, I keep a resume on that site as a matter of course (which needs to be updated).

Besides job hunting, it's also an excellent tool for getting a feel for what the market is like in a given industry center. Today, for example, I'm pretty happy with my present gig, but I still keep a resume on Monster.

Espoinage (1)

N8F8 (4562) | about 7 years ago | (#20316465)

I'm betting this stuff is espionage to get private data on Americans. At work we have been inundated with "greeting card" phishing over the last six months. The retards running our IT department seem helpless to stop it. I tried whining about it and got blown off. We're talking a top defense contractor here.

Sweet (1)

Wolfger (96957) | about 7 years ago | (#20316611)

That's one way to get my resume out there!

Great, now I'm potentially a victim a FOURTH time! (0)

Anonymous Coward | about 7 years ago | (#20316801)

And that's just in the last year alone. My former employer had a security breach last year; the university I graduated from had been compromised; and the incompetent state government lost a tape. My father and sister received letters from the state confirming this, but I haven't (yet.) Now just what I needed was a FOURTH avenue of attack, and yet I am one of the most careful (some may even say paranoid) people you'd ever meet. (I never trust the Internet for on-line transactions, seldom ever touch credit cards, etc.)

And my confirm-I'm-not-a-script image is "shreds," which is precisely what I do to unwanted snail-mail. I am getting sick of these breaches!

Didn't Monster just fire a lot of people? (2, Interesting)

Harlockjds (463986) | about 7 years ago | (#20316845)

Didn't Monster just fire a lot of people? I'm guessing they let someone go who has access rights that weren't revoked (or happened to know someone login info who wasn't fired) and that person decided to 'get back'.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>