This is a followup to my original blog post: http://ericparent68.blogspot.ca/2015/07/ashleymadison-5-things-that-should.html
Ashley Madison has just declared having searched through ALL of the Internet for their clients data, and having requested a DMCA take down from anywhere that their (our) data was found. Concluding this security breach, and classifying it as now resolved.
On top of that, they are sticking to their guns, that without any fancy database encryption, their PAY-TO-DELETE feature 100% guarantees your data is all gone if you so choose. Even from offsite backups... or perhaps they do not have any of that.
They also keep going on about their awesome "stringent" security provided from vendors all over the world, which we all know is a valid requirement for a good team of security professionals.
Both the person holding the microphone and the person giving them that microphone needs to be fired.
Stringent security! Really!
You send off links by email (unsecured, exposed as it travels across the Internet) to advise your users that these 6 new hot prospects are waiting for them.
Anyone intercepting these unsecured links can then click on them, view the new hot prospect and also access your full user profile! That is STRINGENT ! Wow....
Please do not start developing nuclear weapons, nuclear reactors, heck, anything sharp.
Eric Parent is a senior security expert, specialized in coaching senior executives. He teaches CyberSecurity at l'Ecole Polytechnique University in Montreal, and is CEO of Logicnet/EVA-Technologies, one of Canada's oldest privately owned security companies.
Follow Eric on: