Monday, July 20, 2015

Ashley Madison - Who is coaching these nut jobs!

Wow.   I'm sitting here in a stunned silence.

This is a followup to my original blog post:

Ashley Madison has just declared having searched through ALL of the Internet for their clients data, and having requested a DMCA take down from anywhere that their (our) data was found.  Concluding this security breach, and classifying it as now resolved.

On top of that, they are sticking to their guns, that without any fancy database encryption, their PAY-TO-DELETE feature 100% guarantees your data is all gone if you so choose.  Even from offsite backups... or perhaps they do not have any of that.

They also keep going on about their awesome "stringent" security provided from vendors all over the world, which we all know is a valid requirement for a good team of security professionals.

Both the person holding the microphone and the person giving them that microphone needs to be fired.

Stringent security!  Really!  

You send off links by email (unsecured, exposed as it travels across the Internet) to advise your users that these 6 new hot prospects are waiting for them.  

Anyone intercepting these unsecured links can then click on them, view the new hot prospect and also access your full user profile!  That is STRINGENT !   Wow....

Please do not start developing nuclear weapons, nuclear reactors, heck, anything sharp.


Eric Parent is a senior security expert, specialized in coaching senior executives.  He teaches CyberSecurity at l'Ecole Polytechnique University in Montreal, and is CEO of Logicnet/EVA-Technologies, one of Canada's oldest privately owned security companies.

Follow Eric on:
Twitter @ericparent
LinkedIn :  EVA-Technologies

No comments:

Post a Comment

Are we even trying over at BRP

This will be a short blog entry.  Essentially, a general observation. If your enterprise was breached and screenshots of user account passwo...