Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread

Thomas Delrue on 7 Apr 2018 14:22:05 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread

From: Thomas Delrue <delrue.thomas@gmail.com>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>, Rich Kulawiec <rsk@gsp.org>
Subject: Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread
Date: Sat, 7 Apr 2018 17:21:48 -0400
Autocrypt: addr=delrue.thomas@gmail.com; prefer-encrypt=mutual; keydata= xsFNBFQrCDsBEADLFrDFBCwI3xx28Gjm0euJ1X8WC8r7xHMpnXCQpL6mzljJtKLbNmkVXK10 USaQq3vDs3oEVWnVQIHzfii3Pf+UKfG8SptZqiOF/h4VStQH6/YCr0MSY2t31SCV/ua2cRP9 lq1DMJLNZy9T2hBP/GEj9AvTUfbnm8l/0CXI1VziGiykvZ0soiA4fttAe1Iu7uczm5A8iE5B mVT59OncGasOnU2rBDheZ5gXQ25rN2nm18jcu0TR3nodtnKDbRYvT6ik3Ym0QpxaV4K8S6NH b7xZeHkMeKzDoLfq9gid2pSBGhZkXDJCUtivRo9EOu8Dd1lAwnJOfV9sBiJ39AUm7cBknFiw hMOI6OmYZbAsgKG90SJEaWd3cLOHr75SSikTqPqg30Ok/S/HT9AQ2hCwo77iWy5eRmI5m0fB OorFf5lfYiOfi1LNmH8KZcFpRPE7GEF/nVCT8Pp/sFvrV2qf7kW7XDjEgE6vkpYVKGNEoYLj UqRfEA3thCaHmWUpXrP+tEq84hwQCiFrRKgivxQn7eZ5mreN6haY1rwjeJ3hlAfajQik2rHC kPDLtTOjpOURqErkodwQrqQDO91gNWq8F/IvIZDWLAH8Y+8emy0gHKvHxQ+thT536BAMdrRf hNdKFc+dZyhYD+17hXOHqh33weVajICufwu5NMehNhp9HxsK3QARAQABzSdUaG9tYXMgRGVs cnVlIDxkZWxydWUudGhvbWFzQGdtYWlsLmNvbT7CwX4EEwECACgFAlQrCDsCGwMFCQlmAYAG CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEKosl9oIs/pOoLoP/085ttR5tj9Z45E4iR8i UJT/RTPnBg1e/XJW3VKQeojr/FFpROT9lQMdrp6vCT2IbdGLtPvOu5HVpmkUCSyroQEQQ4vx 84TO5+6QWpTU6h8Qo/xixuua1+NLmFqrxL72gIPj/LhiBjerLPRtVrmvRe1XyGtz+jvohqyK XMN41zlqGMiihBLUkUT8uOnyejaavP3AcwCK+wBC1s1NIaxqoBNhwf4tIJCKfJ47YRN5/ouz EU94Z2ijFRYJ7Na93GsGqDuSUYV2f8iRC+Z6F+GrUcVIxqy1XVpqPmMi5bRmyXPCtba/zlph 4oySdQBF+OKBg4+CLywt+dFtBG0PKEQR9+2PwyJWJmEzTpIpgZY08TunbvppjnleF8D9ZRDr 1bXbtVxdOsXGiQLfwZ7EX1OpdJa4fuLUtZBQNvaZHSTV+VFebhCyBWuFKJuw5GboA3K4gFNf 7Ng/35sLItzpfTs+XDdzuDwp5axPgZZsF43lmDFku4TKwDCCwkW7wt4E3qvHBLEidKIdZWTg 4v/+b3RJhQWKYKJsg5DaUvSGwPWIr49kNbKOyxNBvJY4buFyFzhSaXera3UPtMgggcPdI7OQ P7uK92FRjzo0EEXByjGk21Jjcwdxn1aZtVRP7S3GY/2B5wJxJftbm7bO3gQ+hPXiXf0qx3LZ 2MuRAgkkZU7iEWvmzsFNBFQrCDsBEACwpu+kShb5kMPr4N/OU51Pdrih9ZZ2nJ7Y9KriOeKI ydX7qx3ERcDPXCivW/kWF54ITwna6/hdcnJLIWyiJo+03wylm5Evk9u/n0yYY1e8UKRINEqR VmQQ8mNYfnFEvnVzVQmhRpFgUFKhAYvgpcwN8K+ttuc+WSrtZaj1Lxer7tNqmb8yZqfHY1qY om6IKlVTXUFTryTE8JbfUT/sG+dCWA7YLP02Ki/hCaqslQIbE5MZcnNGWWNXN6TMxPZvZJUu JVeNKlRZUcGaHDk4h3xcThUCz6MZf8Z0QtIYJYpIQfUyf3RKy1ET++00KPaI5quu2pSBddZW 2vKDOUnZbpk8xPI0nWog4mlM9NVgErgLDy1DMzvek50ZEjkWllSknrexmtmD9TcxD1X9zNRc zs1l2ia4fyEGhOH1NHrZ2olw0IF3FLrikHcbBBJUdiz7gY28lx+SoJf6RRD1IcKKLEFOg9nn OcxFVMYzV/3IYa8fxTGGrmQ60MAxr7EthUxSLHgKb3MYaV2s99T5CIDi+wX+TELxV0fM6D+c /q69jIIuu37Xwnp449aLySfeHLYsALP8S4h1Fnxtm0w8o+L9t6AWpg78biL3brIpgUNnZNK/ QSHdg/9A02bxY4tSZs2kBq1xnFdK1qsvdgnZblHiq/o4gFXiQwv5l3YccieK2yXesQARAQAB wsFlBBgBAgAPBQJUKwg7AhsMBQkJZgGAAAoJEKosl9oIs/pODzEP/1wfcBGUekDdBMonwBpf MMkWIISZvcvqp/18jvjT/y/sRpXLp+Oei3n+cBrCnWR7XojPje9JQV8HOAW9s7F5PYxeAUZI zmCSr4UK/in7VYyFydbfn776esA6FkZCJ+q2nDtQfGNTd1F7NenRmw1xr6WlNXyuOVQO4bTs XlsbJbG4MEbWsdmHLl3/zWQEFrSI9SAHq5AugoOwJnyi781z7IGZ1vWWDYi3xwl16KGCou/Y p24MiNkkrZK6loCN8wPiVmw/fOL5k1v329d6IpxFD6AdCNqUrWcxISbfG1m0ujsqXIn3AMyk SnOGhNiCJ8s0uW8hBGdV/WQ6auSRnWKxQGt9/58Ox5cQyAzebwhWP7Ovh8CZGPdLw2Twsxfr P0RgrcP3RIT3GF1XkdvNMwn8QhEdUs/7dKyuI5QJf3R4g59+gLO9jHizo0CwRT3Rsg0MZUwq LRpm5vpu2y6Je7NlLgLfEsc820bIxUXCoVxiK9wJB3P5A+zk+IN2qsZmX+xpReblstCpUYgd ebUtE78xSXsSCFsulwtxrHc6m+KrIlp0tATYp4Lj04pUjlPf5Kd05XU806HXw7BtH2W8+pDn kkLtOLbnCVoz4PrhYg4Z2PYDtHQwdSUoqN9WRWh970XX+TdirKOJEiit3zAIJtcIsJsOhNMt mNqlY4v/7BvBD6dK
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=DnbOy1vFMXTqGADAWBWco3OrQ9nSFMZ6aF4Qk+akMZ4=; b=CRoBD+YCcSdLRUHb8Dt9e3OTV7xHvyxbYWLdRaJDQCnP2KPbXlbgqP6l+fAC05CuTq eB+Lj5664uAhu5JavExMrvotnNBgIWT7PVZfcNrcFPODuYbvzhw/sVxEZqetsQ1U7+Tr U6C/ZWPGJqDfCUcJSsrUt3h1FGEJB277qcTIzJUVfAQLG+hhG+LJnjHbFkDE+ynEMyRa z21iirNSbPaiasdFFA18bZg+ceNG63Sx+1TBx1DcQNjePVjhQKSuuqqTVj48vslEWjwT P8+LCWeZaoJRycGQKY0a+0qhtn8J5VzUz7ll2s/5VCvXZ61oojLDzaivixSmXX1zubXr qBYg==
Openpgp: preference=signencrypt
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0

On 04/07/2018 01:41 PM, Rich Kulawiec wrote:
> This is typical, and this is why the "responsible disclosure" mythos
> is utterly worthless.

... with certain entities.

I usually agree with you but I think you're taking too broad of a stroke
here. Some people /do/ want to do the right thing and then following
some sort of responsible disclosure process (however you wish to define
that) is the right thing to do. Let's not toss out the baby with the
bathwater.
On top of that, I think that everyone deserves a second and sometimes
(depending on who they are) even a third chance. Not extending them that
courtesy would not be ... 'responsible' of us either.

Some people/entities (like in this case of Panera) are just hard-headed
& have demonstrated that the responsible thing to do is to just disclose
and force said entity to have to deal with the problems of their own
making because keeping the issue under wraps would be irresponsible.
The 'responsible' in 'responsible disclosure' cuts both ways: the
individual reporting the incident but also the entity receiving the
report. There are requirements on both sides. I think that many
companies don't quite realize the second edge of the knife.

As I said before: the 'responsible' thing to do in this case, was to
disclose far and wide and screw over Panera.
I have no love for Panera in this situation; burn it, burn it to the
ground, and by all means, make it as bloody and as painful for them as
it possibly can be. Because it's the only way that they will learn!

At this point, I'd recommend that everyone looks into popcorn futures,
because we'll continue to see these things until CIO's (and other CxO's,
VPs and the likes) are actually held accountable for these things; and I
don't mean the token-accountability, I mean real accountability that
serves as an effective deterrent - I can dream, can't I...
Until then, like someone else mentioned, this will continue to be
treated as a problem for the PR department.

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread
  - From: KP <kperry@daotechnologies.com>
- Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread
  - From: Rich Kulawiec <rsk@gsp.org>

References:
- [PLUG] Fwd: [FD] Massive Breach in Panera Bread
  - From: Michael Lazin <microlaser@gmail.com>
- Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread
  - From: Louis K <louis.kratz@gmail.com>
- Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread
  - From: "Keith C. Perry" <kperry@daotechnologies.com>
- Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread
  - From: Rich Kulawiec <rsk@gsp.org>
- Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread
  - From: Rich Kulawiec <rsk@gsp.org>

Prev by Date: Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread
Next by Date: [PLUG] HARD DRIVES
Previous by thread: Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread
Next by thread: Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread
Index(es):
- Date
- Thread