Normal (non tech) people are being lied to all the time. Some call it marketing, some call it a business practice. It is actually a pretty shady business practice and experts would call it fraud.
The website shows you security related images, logos that make you feel good about the site and its security.
TRUSTED SECURITY AWARD
A real attestation would show dates the analysis was performed, and what kind of testing was done.
100% DISCREET SERVICE
This is the most insulting type of made up rubber stamps. Discretion is subjective it seems. Users of the site get a weekly email with links they can click to see their matches. If you click on any of these links, your taken directly into the users account. No username is requested, no password is asked. Emails are like post-cards as they travel across the Internet, anyone who can sniff (observe) the network can grab your emails. That is why security standards dictate you do not send sensitive information by email. This includes; credit card numbers, location you buried the dead body, information that discloses you like rubber hoses (access to Ashley Madison anyone).
SSL SECURE SITE
This is the oldest type of bullshit rubber stamp. What this means, is that the website uses encryption to secure the data in transit (while the data is transferred onto your screen). Ask a regular person what SSL is, chances are you will hear their brain stop working.
As far as the rest of the web sites security, it is meaningless.
It says nothing as to the :
- Quality of management
- Quality of the hiring and subcontracting process
- Security of stored data
- Security of backed up data
- Security of the software development lifecycle
- Quality of the testing and maturity of security and its integration
- .... I could go on, and on....
1ST BLOG POST:
AshleyMadison - 5 things that should haunt their clients and many of our senior executives
2ND BLOG POST:
Ashley Madison - Who is coaching these nut jobs!
Eric Parent is a senior security expert, specialized in coaching senior executives. He teaches CyberSecurity at l'Ecole Polytechnique University in Montreal, and is CEO of Logicnet/EVA-Technologies, one of Canada's oldest privately owned security companies.
Follow Eric on: