| Rich Kulawiec on 7 Apr 2018 10:41:40 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread |
On Fri, Apr 06, 2018 at 06:14:46AM -0400, Rich Kulawiec wrote: > and this why I never report issues to vendors/operations privately > (they will ignore the reports) and why I never report them in my own > name (they will try to shoot the messenger). Instead, I publish them > anonymously with no advance notice, because experience has shown that's > the best way to get them to pay immediate attention and to avoid being > blamed for their mistakes. Yes, I'm following up my own message, because it turns out that this case -- Panera -- is exactly one of those. They were warned -- months ago. And they blamed the messenger: Panera Bread Disregards Security Flaw Warnings as "Scam" https://geekreply.com/geek-culture/2018/04/05/panera-bread-disregards-security-flaw-warnings-as-scam And then they failed to fix it properly, choosing instead to (poorly) obscure the problem and to lie about it (read the entire article): Panerabread.com Leaks Millions of Customer Records https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/ This is typical, and this is why the "responsible disclosure" mythos is utterly worthless. ---rsk ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug