Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread

["Keith C. Perry" <kperry@daotechnologies.com>]

Title: RE: [PLUG] Fwd: [FD] Massive Breach in Panera Bread

Ron,

That's not jaded at all.  Even today, too many companies put security last or think they can throw a product at the solution instead of a real person.  As a society, we still do not really value- or at least do not want to pay people with deep technical skills.  Sometimes I think there's an accountant in a back room coming up with risk models that say its cheaper to deal with the public disclosure fallout instead of doing the what consumers would say is the "right" thing.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.

Managing Member, DAO Technologies LLC

(O) +1.215.525.4165 x2033

(M) +1.215.432.5167

www.daotechnologies.com

---

From: "ronald guilmet" <ronald.guilmet@phillydatasolutions.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Tuesday, April 3, 2018 6:10:48 PM
Subject: Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread

 I agree Keith. If you bring it to their attention that tells me a couple of things. Most likely when presented with the problem they did not know how to fix it, or even worse they just didn't care. Many years ago when Commerce bank was around they weren't using POST, so my SSN was being sent via a URL. It was SSL, so maybe that was just me being pedantic. Either way I notified them. I may be jaded, but I don't feel most companies have your security in mind. When pushed against the clock/money, two things will always go by the wayside, and that is documentation and security. Depending on how liquid the company, your security well be last.

 

 

Ron Guilmet

Philly Data Solutions, LLC | DBA Philly AWS

ronald.guilmet@phillydatasolutions.com

http://phillydatasolutions.com

-----Original message-----
From: Keith C. Perry
Sent: Tuesday, April 3 2018, 4:07 pm
To: Philadelphia Linux User's Group Discussion List
Subject: Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread

That's a big deal... this guy did the right thing, kept it quite- just fix it.  These folks still did nothing until it went public.  They're going to need to start penalizing organizations if they can't demonstrate they took corrective action.
 

 

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.

Managing Member, DAO Technologies LLC

(O) +1.215.525.4165 x2033

(M) +1.215.432.5167

www.daotechnologies.com

 

---

From: "Louis K" <louis.kratz@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Tuesday, April 3, 2018 2:51:25 PM
Subject: [PLUG] Fwd: [FD] Massive Breach in Panera Bread

 

Related article on how Panera was informed of this and have done nothing:

 

https://medium.com/@djhoulihan/no-panera-bread-doesnt-take-security-seriously-bf078027f815

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________

Philadelphia Linux Users Group         --        http://www.phillylinux.org

Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce

General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug