Thursday, August 20, 2015

About that Ashley Madison "Cheating" website hack

It appears that the data that is being leaked is for real.  Not that you'd do that, of course.

It also seems that there was no verification done on email addressed used in site signup.  This means that anyone could create an account for, say, jeb.bush@state.fl.us and it would be in the database that was just released.  There's an interesting attack that security guys call "Information Poisoning", where the attack is intended to create distrust in a community or data set.  If you can inject enough distrust, then you can render the resource worthless.

Given the recent OPM hack, I'm starting to wonder if this is the wave of the future - injection of embarrassing data into sites like this and then a subsequent hack to expose said data.  Certainly the capability exists to do this sort of thing.

4 comments:

Spike said...

I figure that the chicoms got one of the first copies of the AM data.

What better way to leverage the OPM information than with people trying to hide their cheating from the wife?

ASM826 said...

It's okay, when I created my profile, I used your name.

2cents said...

You too?

Borepatch said...

2cents, not how on earth would I cheat? Besides, it was ASM826 that signed me up ...

;-)