So, what do we think of the Ashley Madison saga?

And all this tells us is that 'internet security' is an oxymoron! If they think deus(God)zu is the hacker, why not just track him through his Twitter account?

 

They did, you just weren't paying attention.

 

Because it doesn't work that way, if there's the tiniest inkling of OPSEC awareness.

"Internet security" (by which I'll assume you mean protecting arbitrary data both at rest and in transit) is not an oxymoron - but it's a lot harder than a lot of people think, and the difficulty/cost scales in proportion to the value of the data you're trying to protect.

 

Troy Hunt, superstar Australian InfoSec-ist and operator of the invaluable haveibeenpwned.com, has a blog post with some (identity scrubbed) messages he's received about the AM breach (which is searchable on haveibeenpwned). They make for interesting reading:
Troy Hunt: Here?s what Ashley Madison members have told me

Gizmodo (yeah, I know) did some analysis on the data. As Speedy suggested, it's pretty unlikely that a given male member (hurrhurr) of the site ever successfully managed to actually cheat on their partner, given the seeming 1000:1ish ratio of active male:female members:
Almost None of the Women in the Ashley Madison Database Ever Used the Site

Whilst I don't approve of the data being released, it certainly has made for some interesting discussions from an InfoSec perspective.

 

What's "OPSEC"?

 

Operations (or operational, I've heard a lot lately) Security. Keeping useful info about yourself or your team out of the hands of the opposition - so in this case, don't post on Twitter from an IP address that can be connected to you.

If the Avid Life breach was the work of an (ex-)insider, it mightn't have been very difficult, but anyone who has the (minimal) knowledge to pull together data from production databases, source code repos, email storage etc, even when granted full access in the regular course of their job, would (SHOULD) know to conduct external comms via some method that doesn't instantly lead back to them.

 

Sorry I asked!

Glad we're separated from US by a few hours - seems some moderators accounts were hacked this morning and phishing links sent as PMs - they caught it quickly it seems.

 

CEO of ALM resigns.

Ashley Madison CEO Resigns in Wake of Hack, News of Affairs | WIRED