Why Nobody Should Ever Search The Ashley Madison Data


1. Your Computer Will Almost Certainly Get Infected With A Virus If You Do

This is an unfortunate, but true, fact. Most websites purporting to have the Ashley Madison data available for download or search are in fact fakes set up by cyber criminals. Even clicking through to such a site from a Google search is nearly certain to infect your computer with serious malware that could harvest your bank account codes, credit card details and all your personal data, download masses of offensive pornography onto your machine without your knowledge, use it for illegal peer-to-peer sharing of pirated files and plunge you into a lifelong identity-theft nightmare. For this reason alone it is extremely unwise even to go looking for the Ashley Madison data.

2. Just Searching The Data Could Add Your Name To An Online List Of Likely Ashley Madison Users

It sounds crazy, but it’s true. Large numbers of unscrupulous companies are offering webpages or sites which purportedly allow you to search through what they say is the leaked Ashley Madison data. But they themselves will log your details as you use their service, and put these details on a list, which of course can then in turn appear on the internet.

This would then inevitably lead people seeing you on that list to assume you were checking whether your details were on Ashley Madison, and to assume you have a guilty conscience. Even if a search service appears to take no personal details from you, it will almost certainly be logging your “IP address” and placing “cookies” on your computer. This will inevitably reveal you to the world as a guilty Ashley Madison user even if you had never even heard of the website before the recent media firestorm.

Be safe – be sure – simply don’t even click on any site or service that claims to allow access to the Ashley Madison data.

3. The Mere Fact That Someone’s Details Are In The Ashley Madison Data Means Absolutely Nothing At All

The fact of the matter is that the vast majority of people whose details were held by Ashley Madison had absolutely no intention whatever of having any sort of illicit affair. Many profiles were created using people’s details – for instance their names, photographs nude and/or dressed, email addresses etc – without their knowledge by other persons for a huge variety of reasons.

These things are easily harvested from the internet. Even where someone’s credit card details are found in the Ashley Madison data, in almost all cases those card numbers will have been stolen by criminals – perhaps by hacking a completely legitimate online store or other website – and used fraudulently without the owner’s knowledge.

Even where this has not occurred and someone appears to have really registered with the site of their own volition, again this means nothing. Most Ashley Madison users were motivated by innocent curiosity: and in many cases they may have had no interest in having an affair but instead bona-fide work reasons to be registered with the site.

This is especially true of professional journalists, the great majority of whom were registered with the site in order to do essential research into prospective articles on web security, lifestyle features or literally dozens of other valid journalism areas.

It’s important to be aware that such articles often take a long time to prepare, or may be rejected by editors, or for many other journalism reasons will probably not have actually been published prior to the Ashley Madison hack – but nonetheless a good deal of valid work-related research will normally have been carried out on the site.

4. It Is Morally Wrong To Even Look At The Ashley Madison Data. If You Have Looked At It You Are The Truly Evil One – Far Worse Than An Adulterer – And Nobody Should Or Will Care What You Say Or Think

Here’s another hard, cold fact for all the judgemental Victorian moralistic prudes out there. Yes, a minority of Ashley Madison users do appear to have made use of the site to have sex outside their marriages or life partnerships. But the vast majority of this small minority were in fact totally justified in doing that.

Online comments all over the internet from such people prove conclusively that almost every single one of them was with a partner who was totally unwilling or unable to have any sex with them ever, despite every possible exertion by the AM user. Very often this was because of a serious and unforeseen medical condition (such as pregnancy or frigidity, for instance).

The huge majority of such AM users had been clearly and explicitly offered free permission by their spouses or partners to have sex outside the relationship. Almost without exception their testimony reveals that they have selflessly gone to great lengths to make sure that they did not contract a venereal disease from other AM users, even though they were not getting any sex whatsoever from their partners and therefore could not infect them, and nobody involved ever had more than one or two sexual partners who were for their part also in loving but open relationships.

Perhaps in a few cases some AM users may not have had permission from their spouses to play away, or their spouses may not have fully realised that they had implicitly, but nonetheless quite clearly, granted such permission.

But is it fair to selfishly deny a person sex? No. It is not, people have a right to have sex and if their spouses totally or somewhat-totally deny them that, they have every right to sleep with other people. Moralistic judgemental prudes may say that they should let their partner know clearly and unambiguously that they are doing so, but that is obvious bunk.

Many people are economically trapped in their loveless marriages, for instance, and won’t someone, for goodness’ sake, think of the children? Should a couple’s children be forced to suffer through the hell of divorce just because one of their parents has decided for whatever reason to more or less give up on sex? Obviously not. In such cases the right and moral thing to do is have an affair, and avoid hurting your family by telling them things they don’t want to know. After all, it’s well known that the less painful, easier path is generally the more righteous one.

So even the tiny minority of AM users who actually have had affairs behind their partners’ backs are GOOD people who have done NOTHING wrong. And yet their lives will be DESTROYED by people looking at the Ashley Madison data. They will lose their jobs – that’s a well established fact, moralising judgemental bosses will sack employees for being AM users unless they are stopped by law. The US military, for instance – which attaches ludicrous and outdated importance to its members’ abiding by their publicly sworn oaths – is conducting a vicious moralistic purge already.

So the truth is that looking at the Ashley Madison data is a far worse act than having an affair. What we actually need is a climate of moral outrage against the sort of judgemental Victorian prudes who would even look at it, not at the brave, righteous – and in many cases only tangentially or professionally involved – people identifiable in the AM data.

Lenovo caught with unremovable crapware


Lenovo has sold laptops bundled with unremovable software that features a bonus exploitable security vulnerability.

If the crapware is deleted, or the hard drive wiped and Windows reinstalled from scratch, the laptop’s firmware will quietly and automatically reinstall Lenovo’s software on the next boot-up.

Built into the firmware on the laptops’ motherboard is a piece of code called the Lenovo Service Engine (LSE). If Windows is installed, the LSE is executed before the Microsoft operating system is launched.

The LSE makes sure C:\Windows\system32\autochk.exe is Lenovo’s variant of the autochk.exe file; if Microsoft’s official version is there, it is moved out of the way and replaced. The executable is run during startup, and is supposed to check the computer’s file system to make sure it’s free of any corruption.

Lenovo’s variant of this system file ensures LenovoUpdate.exe and LenovoCheck.exe are present in the operating system’s system32 directory, and if not, it will copy the executables into that directory during boot up. So if you uninstall or delete these programs, the LSE in the firmware will bring them back during the next power-on or reboot.

LenovoCheck and LenovoUpdate are executed on startup with full administrator access. Automatically, and rather rudely, they connect to the internet to download and install drivers, a system “optimizer”, and whatever else Lenovo wants on your computer. Lenovo’s software also phones home to the Chinese giant details of the running system.

To pull this off, the LSE exploits Microsoft’s Windows Platform Binary Table (WPBT) feature. This allows PC manufacturers and corporate IT to inject drivers, programs and other files into the Windows operating system from the motherboard firmware.

The WPBT is stored in the firmware, and tells Windows where in memory it can find an executable called a platform binary to run. Said executable will take care of the job of installing files before the operating system starts.

“During operating system initialization, Windows will read the WPBT to obtain the physical memory location of the platform binary,” Microsoft’s documentation states.

“The binary is required to be a native, user-mode application that is executed by the Windows Session Manager during operating system initialization. Windows will write the flat image to disk, and the Session Manager will launch the process.”

Crucially, the WPBT documentation stresses:

The primary purpose of WPBT is to allow critical software to persist even when the operating system has changed or been reinstalled in a “clean” configuration … Because this feature provides the ability to persistently execute system software in the context of Windows, it becomes critical that WPBT-based solutions are as secure as possible and do not expose Windows users to exploitable conditions.

After Lenovo learned of this bug in April, it dawned on the company that its LSE was falling foul of Microsoft’s security guidelines for using the powerful WPBT feature. Two months later, in June, it pulled the whole thing: the LSE software is no longer included in new laptops.

Lenovo has also pulled the LSE from new desktop machines. Incredibly, Lenovo was shipping desktop PCs that feature the LSE in their firmware. These models phone home system data, but do not install any extra software, and do not suffer from the aforementioned privilege-escalation vulnerability. The PC maker’s laptops definitely do, however.

A tool quietly released on July 31 will uninstall the engine if it is present in your machine: it is available here for notebooks, and available here for desktops.

On Tuesday this week, Lenovo published a full list of affected desktop and notebook models. Desktop machines built between October 23, 2014 and April 10, 2015, with Windows 8 preinstalled, have the LSE inside them.

“Lenovo Service Engine (LSE) is a utility in the BIOS that helps users download a program called OneKey Optimizer on certain Lenovo Notebook systems. The utility also sends non-personally identifiable system data to Lenovo servers,” the Chinese goliath explained. “Lenovo, Microsoft and an independent researcher have discovered possible ways this program could be exploited by an attacker, including a buffer overflow attack and an attempted connection to a Lenovo test server.”

LSE uses the Microsoft Windows Platform Binary Table (WPBT) capability. Microsoft has recently released updated security guidelines on how to best implement this feature. Lenovo’s use of LSE was not consistent with these guidelines and Lenovo recommends customers disable this utility by running a disabler program that disables LSE and removes the LSE files from the system.

The LSE functionality has been removed from newly manufactured systems.

Without this climbdown, it would have been virtually impossible for users to remove the rootkit-like engine from the firmware. El Reg hopes other manufacturers aren’t doing the same with the WPBT.

Suffice to say, netizens who have discovered this creepy code on their machines are not happy.

“I had this happen to me a few weeks ago, on a new Lenovo laptop, doing a clean install with a new SSD, Windows 8 DVD and Wi-Fi turned off,” a Hacker News user called chuckup said on Tuesday, on noticing Lenovo’s bundleware suddenly appearing on his or her new computer.

“I couldn’t understand how a Lenovo service was installed and running. Delete the file and it reappears on reboot. I’ve never seen anything like this before. Something to think about before buying Lenovo.”

What is worrying is that all of this is pretty much what Microsoft intended. Its WPBT is engineered to allow manufacturers to painlessly inject drivers and programs into the operating system. It’s supposed to be used for things like anti-theft tools, so a system can be disabled via the internet if it’s stolen.

But it also turns rootkit development and installation into a painting-by-the-numbers exercise. Lenovo got caught because its engine had crap security. And it sounds as though Microsoft pressured Lenovo to kill it.

“Richard Stallman is sounding less and less crazy with discoveries like this,” noted another Hacker News poster, referring to the Free Software Foundation supremo who has warned for decades that we’re losing control of our computers.

“To think a manufacturer would essentially rootkit their own machines is testament to how bad things have become.”

This comes on the back of Lenovo’s Superfish scandal, in which the PC maker shipped laptops with adware on them that opened up people to man-in-the-middle eavesdropping. Miscreants could exploit the bundled crapware to snoop on victims’ encrypted connections to websites.