Why I (try to) teach my Computer Security students
to listen!
Brian Krebs and I were both on the same mission
today – to get Panera Breach to secure their customer data. I had
been alerted to the situation by a reader who saw a paste explaining
it all and revealing some customer data. Brian heard about it
earlier from security researcher Dylan Houlihan, who
had first notified Panera
of the problem last year, he told Brian. Brian reports:
Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.
The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com. The St. Louis-based company, which has more than 2,100 retail locations in the United States and Canada, allows customers to order food online for pickup in stores or for delivery.
Read more on KrebsOnSecurity.com.
This is not how one demonstrates ‘additional
attention to detail.’
The last thing they needed was more bad press,
right?
Javier E. David of CNBC reports:
Equifax, which suffered a massive data breach in 2017 that exposed the personal information of nearly 150 million consumers, has been sending out erroneous notification letters to a “small percentage” of those affected, the company confirmed Monday.
Hackers breached the credit reporting agency’s records, exposing data belonging to millions of accounts monitored by Equifax. Since then, the company has been reaching out to people who were affected by the breach, offering free credit monitoring and other remediation efforts.
Read more on CNBC.
[From
the article:
Yet an apparent glitch in Equifax's system has
generated a batch of letters containing incorrect personal data,
raising questions about the efficacy of the company's efforts — or
whether there might be more shoes to drop. Since it first disclosed
the breach last year, Equifax has upwardly
revised the numbers affected on at least two separate occasions,
though the latest group of consumers exposed did
not include Social Security numbers, according to the company.
I wonder if anyone asked the students how to
secure their school? Lots of talk about how smart they are, but the
actions taken suggest they will still be ignored.
How
Parkland students feel about their new mandatory clear backpacks
Survivors of a school shooting in Parkland,
Florida, returned from spring break Monday to new security measures
that some students said made them feel like they were in prison.
Marjory Stoneman Douglas students encountered
security barriers and bag check lines as they entered campus Monday
morning.
Inside the school, administrators handed out the
students' newest mandatory accessories: a see-through backpack much
like the ones required at some stadiums and arenas, and an
identification badge they must wear at all times.
… Senior Delaney Tarr tagged Rubio in a tweet
of a picture of her bag with feminine products and the orange price
tag attached to it.
"Starting off the last quarter of senior year
right, with a good ol' violation of privacy!" she said in
another tweet.
In addition to displaying the orange tag, senior
Carmen Lo stuffed a sign into her backpack that read "this
backpack is probably worth more than my life."
… "You know it's only difficult because
if we were being listened to and common sense gun legislation was
brought into play we wouldn't need all of this to be safe."
How do you kill in a city that bans guns?
London
murder rate beats New York as stabbings surge
London overtook New York in murders for the first
time in modern history in February as the capital endured a
dramatic surge in knife crime.
Fifteen people were murdered in the capital,
against 14 in New York. Both cities have almost exactly the same
population.
London murders for March are also likely to exceed
or equal New York’s. By late last night there had been 22 killings
in the capital, according to the Metropolitan police, against 21 in
the US city.
Eight Londoners were murdered between March 14 and
March 20 alone and the total number of London murders, even excluding
victims of terrorism, has risen by 38% since 2014.
Is this now “Fake News” or just another
government lie? Either way, if the cause is not mentioned how can
any “cure” be justified?
Anticipated
Park Service Report on risks from sea level rise delayed after
extensive data censorship
Reveal
– Center for Investigative Reporting: “National Park Service
officials have deleted every mention of humans’ role in causing
climate change in drafts of a long-awaited report on sea level rise
and storm surge, contradicting Interior Secretary Ryan Zinke’s vow
to Congress that his department is not censoring science.
… Originally drafted in the
summer of 2016 yet still not released to the public, the National
Park Service report is intended to inform officials and the public
about how to protect park resources and visitors from climate change.
… The 87-page report, which was written by a
University of Colorado
Boulder scientist, has been held up for at least 10 months, according
to documents obtained by Reveal. The delay has prevented park
managers from having access to the best data in situations such as
reacting to hurricane forecasts, safeguarding artifacts from
floodwaters or deciding where to locate new buildings…”
No, no, NO! This is not what I teach my Data
Management students!
(Related) A rebuttal from Harvard!
No comments:
Post a Comment