Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread

[Ezra Wolfe <ewolfe@ethosce.com>]

Many years ago when Commerce bank was around they weren't using POST, so my SSN was being sent via a URL. It was SSL, so maybe that was just me being pedantic. 

Even with SSL those SSNs would be in web server logs, almost certainly unencryped - not pedantic at all. 

On Tue, Apr 3, 2018 at 6:10 PM, <ronald.guilmet@phillydatasolutions.com> wrote:

 I agree Keith. If you bring it to their attention that tells me a couple of things. Most likely when presented with the problem they did not know how to fix it, or even worse they just didn't care. Many years ago when Commerce bank was around they weren't using POST, so my SSN was being sent via a URL. It was SSL, so maybe that was just me being pedantic. Either way I notified them. I may be jaded, but I don't feel most companies have your security in mind. When pushed against the clock/money, two things will always go by the wayside, and that is documentation and security. Depending on how liquid the company, your security well be last.

 

 

Ron Guilmet

Philly Data Solutions, LLC | DBA Philly AWS

ronald.guilmet@phillydatasolutions.com

http://phillydatasolutions.com

-----Original message-----
From: Keith C. Perry
Sent: Tuesday, April 3 2018, 4:07 pm
To: Philadelphia Linux User's Group Discussion List

Subject: Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread

That's a big deal... this guy did the right thing, kept it quite- just fix it.  These folks still did nothing until it went public.  They're going to need to start penalizing organizations if they can't demonstrate they took corrective action.
 

 

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.

Managing Member, DAO Technologies LLC

(O) +1.215.525.4165 x2033

(M) +1.215.432.5167

www.daotechnologies.com

 

---

From: "Louis K" <louis.kratz@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Tuesday, April 3, 2018 2:51:25 PM
Subject: [PLUG] Fwd: [FD] Massive Breach in Panera Bread

 

Related article on how Panera was informed of this and have done nothing:

 

https://medium.com/@djhoulihan/no-panera-bread-doesnt-take-security-seriously-bf078027f815

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________

Philadelphia Linux Users Group         --        http://www.phillylinux.org

Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce

General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

--

Regards,
Ezra Wolfe

EthosCE

1520 Locust Street, Suite 1000

Philadelphia, PA 19102
Office: 267-234-7400 Ext. 021
Mobile: (215) 868-5336

ewolfe@ethosce.com
​_______________________________________________​

Join the conversation at the EthosCE Support Community!

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug