Tuesday, April 03, 2018

Why I (try to) teach my Computer Security students to listen!
Brian Krebs and I were both on the same mission today – to get Panera Breach to secure their customer data. I had been alerted to the situation by a reader who saw a paste explaining it all and revealing some customer data. Brian heard about it earlier from security researcher Dylan Houlihan, who had first notified Panera of the problem last year, he told Brian. Brian reports:
Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.
The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com. The St. Louis-based company, which has more than 2,100 retail locations in the United States and Canada, allows customers to order food online for pickup in stores or for delivery.
Read more on KrebsOnSecurity.com.

This is not how one demonstrates ‘additional attention to detail.’
The last thing they needed was more bad press, right?
Javier E. David of CNBC reports:
Equifax, which suffered a massive data breach in 2017 that exposed the personal information of nearly 150 million consumers, has been sending out erroneous notification letters to a “small percentage” of those affected, the company confirmed Monday.
Hackers breached the credit reporting agency’s records, exposing data belonging to millions of accounts monitored by Equifax. Since then, the company has been reaching out to people who were affected by the breach, offering free credit monitoring and other remediation efforts.
Read more on CNBC.
[From the article:
Yet an apparent glitch in Equifax's system has generated a batch of letters containing incorrect personal data, raising questions about the efficacy of the company's efforts — or whether there might be more shoes to drop. Since it first disclosed the breach last year, Equifax has upwardly revised the numbers affected on at least two separate occasions, though the latest group of consumers exposed did not include Social Security numbers, according to the company.

I wonder if anyone asked the students how to secure their school? Lots of talk about how smart they are, but the actions taken suggest they will still be ignored.
How Parkland students feel about their new mandatory clear backpacks
Survivors of a school shooting in Parkland, Florida, returned from spring break Monday to new security measures that some students said made them feel like they were in prison.
Marjory Stoneman Douglas students encountered security barriers and bag check lines as they entered campus Monday morning.
Inside the school, administrators handed out the students' newest mandatory accessories: a see-through backpack much like the ones required at some stadiums and arenas, and an identification badge they must wear at all times.
… Senior Delaney Tarr tagged Rubio in a tweet of a picture of her bag with feminine products and the orange price tag attached to it.
"Starting off the last quarter of senior year right, with a good ol' violation of privacy!" she said in another tweet.
In addition to displaying the orange tag, senior Carmen Lo stuffed a sign into her backpack that read "this backpack is probably worth more than my life."
… "You know it's only difficult because if we were being listened to and common sense gun legislation was brought into play we wouldn't need all of this to be safe."

How do you kill in a city that bans guns?
London murder rate beats New York as stabbings surge
London overtook New York in murders for the first time in modern history in February as the capital endured a dramatic surge in knife crime.
Fifteen people were murdered in the capital, against 14 in New York. Both cities have almost exactly the same population.
London murders for March are also likely to exceed or equal New York’s. By late last night there had been 22 killings in the capital, according to the Metropolitan police, against 21 in the US city.
Eight Londoners were murdered between March 14 and March 20 alone and the total number of London murders, even excluding victims of terrorism, has risen by 38% since 2014.

Is this now “Fake News” or just another government lie? Either way, if the cause is not mentioned how can any “cure” be justified?
Anticipated Park Service Report on risks from sea level rise delayed after extensive data censorship
Reveal – Center for Investigative Reporting: “National Park Service officials have deleted every mention of humans’ role in causing climate change in drafts of a long-awaited report on sea level rise and storm surge, contradicting Interior Secretary Ryan Zinke’s vow to Congress that his department is not censoring science.
Originally drafted in the summer of 2016 yet still not released to the public, the National Park Service report is intended to inform officials and the public about how to protect park resources and visitors from climate change.
… The 87-page report, which was written by a University of Colorado Boulder scientist, has been held up for at least 10 months, according to documents obtained by Reveal. The delay has prevented park managers from having access to the best data in situations such as reacting to hurricane forecasts, safeguarding artifacts from floodwaters or deciding where to locate new buildings…”

No, no, NO! This is not what I teach my Data Management students!

(Related) A rebuttal from Harvard!

No comments: