- Apr 24, 2007
- 7,279
- 2,128
- Country
- United States
- Faith
- Lutheran
- Marital Status
- Married
- Politics
- US-Libertarian
So I was listening to the news the other day, and that quote stood out to me as it was made in reference to the Ashley Madison leak.
Ostensibly - I assume it means people going off to search the database in order to see if their spouse was part of that whole thing.
That got me wondering...because as I understand it...the database itself was posted to the "dark web" - and is only accessible via the TOR browser. Most people probably don't have TOR - and most people probably wouldn't know how to read a database. Rather - most likely what they're doing is going to the number of little cottage websites that have been set up that purport to read the database without the TOR/Dark Web requirements.
I was kinda curious - so I took at look at a couple of those websites and started putting in random email addresses. The reason for that is that I'm curious to see the results that come back to see if I think the results are authentic or not. I'd explain the reason why I'm suspicious of those types of things on a technical level (given the size of the database and a number of other things that would be involved) - but I'll just leave it that I'm curious/suspicious of other developers.
Here's the thing...the results that came back from my random queries didn't exactly instill me with a lot of faith that the results being given were authentic...and here's why.
Every email address I posted that was obviously bogus (like aeoghioiaeg@aegihoag.com) came back false. But - every email address that I gave that looked like it might be halfway real (like... "scott@gmail.com", "kara@gmail.com", "neil@gmail.com", etc) all came back positive.
So it leaves me wondering...did someone write a script that simply checks to see if the domain exists (gmail.com, hotmail.com, etc) - and then checks to see if it's a proper name/etc? Or is it really authentic? Realistically...I can't believe that Ashley Madison was SO HUGE that every proper name I came across at gmail.com had an account there. What are the odds that I randomly pick "scott@gmail.com, kara@gmail.com, neil@gmail.com), etc...and they *all* had accounts?
To me - that just seems fishy...and when that type of "evidence" is the basis of statements like "this is going to be a good month for divorce attorneys" - it gives me pause/problems.
What do you think?
Ostensibly - I assume it means people going off to search the database in order to see if their spouse was part of that whole thing.
That got me wondering...because as I understand it...the database itself was posted to the "dark web" - and is only accessible via the TOR browser. Most people probably don't have TOR - and most people probably wouldn't know how to read a database. Rather - most likely what they're doing is going to the number of little cottage websites that have been set up that purport to read the database without the TOR/Dark Web requirements.
I was kinda curious - so I took at look at a couple of those websites and started putting in random email addresses. The reason for that is that I'm curious to see the results that come back to see if I think the results are authentic or not. I'd explain the reason why I'm suspicious of those types of things on a technical level (given the size of the database and a number of other things that would be involved) - but I'll just leave it that I'm curious/suspicious of other developers.
Here's the thing...the results that came back from my random queries didn't exactly instill me with a lot of faith that the results being given were authentic...and here's why.
Every email address I posted that was obviously bogus (like aeoghioiaeg@aegihoag.com) came back false. But - every email address that I gave that looked like it might be halfway real (like... "scott@gmail.com", "kara@gmail.com", "neil@gmail.com", etc) all came back positive.
So it leaves me wondering...did someone write a script that simply checks to see if the domain exists (gmail.com, hotmail.com, etc) - and then checks to see if it's a proper name/etc? Or is it really authentic? Realistically...I can't believe that Ashley Madison was SO HUGE that every proper name I came across at gmail.com had an account there. What are the odds that I randomly pick "scott@gmail.com, kara@gmail.com, neil@gmail.com), etc...and they *all* had accounts?
To me - that just seems fishy...and when that type of "evidence" is the basis of statements like "this is going to be a good month for divorce attorneys" - it gives me pause/problems.
What do you think?