General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsAshley Madison's password "security" just keeps getting worse
Interesting article about just how bad the security was (is?) on the AM website. To summarize:
If the setting was a nearly impenetrable vault preventing the wholesale leak of passwords, the programming errorswhich both involve an MD5-generated variable the programmers called $loginkeywere the equivalent of stashing the key in a padlock-secured box in plain sight of that vault. At the time this post was being prepared, the blunders allowed CynoSure Prime members to positively crack more than 11.2 million of the susceptible passwords.
This reminds me of my 84-yo uncle's password security. He has a different password for every online account, and he changes them regularly. (He's scheduled the change dates into his Google calendar.) However, because he can't remember them, he keeps them all on post-its stuck to his screen. To his credit, the account names are slightly cryptic (eg, one of his notes says something like thatoldstock=58@MYmoney). Nonetheless, if someone were to break in, they'd have all the info right there. Of course, given that his computer is almost as old as he is, the would-be thieves would be caught long before they could sign in.
http://arstechnica.com/security/2015/09/once-seen-as-bulletproof-11-million-ashley-madison-passwords-already-cracked/
Warren DeMontague
(80,708 posts)just a hunch.
alcina
(602 posts)Then again, maybe now's the time to join. I'm surprised they're not offering a 2-for-1 sale or something. I'm also a little surprised (well, not really) that they're still claiming over 40M "anonymous members." Or maybe they're using "members" in the euphemistic sense....
Warren DeMontague
(80,708 posts)alcina
(602 posts)Coincidentally, I'm at this very moment trying to edit an article on pudendal neuralgia in male cyclists. Oh the synchronicity.
PJMcK
(21,988 posts)The release of the Ashley Madison website data has most likely ended their business model. Given the negative publicity and the profound impact of the breach, (broken relationships, suicide, etc.), it's hard to see how the website can continue.
One bit of information that came out of the data release was how few women were actually registered on the site. This implies that AM was plotting to rip off the naive men who paid to join. Poor suckers. If you're gonna cheat, either get permission or don't leave a trail (both of which, by the way, are nearly impossible).