Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»General Discussion»Ashley Madison's password...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums

alcina

(602 posts) Thu Sep 10, 2015, 12:12 PM Sep 2015

Ashley Madison's password "security" just keeps getting worse

Interesting article about just how bad the security was (is?) on the AM website. To summarize:

If the setting was a nearly impenetrable vault preventing the wholesale leak of passwords, the programming errors—which both involve an MD5-generated variable the programmers called $loginkey—were the equivalent of stashing the key in a padlock-secured box in plain sight of that vault. At the time this post was being prepared, the blunders allowed CynoSure Prime members to positively crack more than 11.2 million of the susceptible passwords.

This reminds me of my 84-yo uncle's password security. He has a different password for every online account, and he changes them regularly. (He's scheduled the change dates into his Google calendar.) However, because he can't remember them, he keeps them all on post-its stuck to his screen. To his credit, the account names are slightly cryptic (eg, one of his notes says something like thatoldstock=58@MYmoney). Nonetheless, if someone were to break in, they'd have all the info right there. Of course, given that his computer is almost as old as he is, the would-be thieves would be caught long before they could sign in.

http://arstechnica.com/security/2015/09/once-seen-as-bulletproof-11-million-ashley-madison-passwords-already-cracked/

InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 5 replies, 683 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (2) ReplyReply to this post
5 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Ashley Madison's password "security" just keeps getting worse (Original Post) alcina Sep 2015 OP
I suspect Ashley Madison is not getting a whole ton of new members these days, anyway. Warren DeMontague Sep 2015 #1
Ya think? alcina Sep 2015 #2
... Warren DeMontague Sep 2015 #3
Hehehe alcina Sep 2015 #4
AM is probably finished PJMcK Sep 2015 #5

alcina

(602 posts)
2. Ya think?
Reply to Warren DeMontague (Reply #1)
Thu Sep 10, 2015, 12:26 PM
Sep 2015

Then again, maybe now's the time to join. I'm surprised they're not offering a 2-for-1 sale or something. I'm also a little surprised (well, not really) that they're still claiming over 40M "anonymous members." Or maybe they're using "members" in the euphemistic sense....

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

alcina

(602 posts)
4. Hehehe
Reply to Warren DeMontague (Reply #3)
Thu Sep 10, 2015, 12:39 PM
Sep 2015

Coincidentally, I'm at this very moment trying to edit an article on pudendal neuralgia in male cyclists. Oh the synchronicity.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

PJMcK

(21,988 posts)
5. AM is probably finished
Reply to alcina (Original post)
Thu Sep 10, 2015, 02:15 PM
Sep 2015

The release of the Ashley Madison website data has most likely ended their business model. Given the negative publicity and the profound impact of the breach, (broken relationships, suicide, etc.), it's hard to see how the website can continue.

One bit of information that came out of the data release was how few women were actually registered on the site. This implies that AM was plotting to rip off the naive men who paid to join. Poor suckers. If you're gonna cheat, either get permission or don't leave a trail (both of which, by the way, are nearly impossible).

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»General Discussion»Ashley Madison's password...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.