Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Businesses

McAfee Leaks Conference Attendees' Personal Info 72

Timmy writes "In the cruelest of ironies, e-mail security vendor McAfee has accidentally coughed up the personal details of some 1400 attendees of its recent security conference in Sydney, Australia. Those who were sent the list — attached as a spreadsheet to a thank you e-mail — are far from pleased that such an extraordinary thing could happen. McAfee, which sells products to 'stop sensitive and protected data from leaving the enterprise through email and web traffic' has blamed 'human error' for the blunder and is 'taking steps to ensure it doesn't happen again.' Doh!"
This discussion has been archived. No new comments can be posted.

McAfee Leaks Conference Attendees' Personal Info

Comments Filter:
  • Title error (Score:3, Informative)

    by RPoet ( 20693 ) on Thursday July 30, 2009 @07:05AM (#28880121) Journal

    Title should say "attendees'", not "attendee's".

    • by UNHOLYwoo ( 1213830 ) on Thursday July 30, 2009 @07:32AM (#28880367)
      I second the grammar nazi.
  • S*** happens (Score:2, Informative)

    by indre1 ( 1422435 )
    Things like this even happen to the best of us.
  • Evolution (Score:5, Funny)

    by Methos137 ( 1172787 ) on Thursday July 30, 2009 @07:05AM (#28880135)
    Further proof that no matter how good of a system we design, the universe will design a better idiot to use it.
  • Oops! (Score:3, Insightful)

    by mcgrew ( 92797 ) on Thursday July 30, 2009 @07:18AM (#28880241) Homepage Journal

    Irony indeed. This will certainly lose them a lot of customers. You have to wonder how good a security company can be if they could pull a boner like this one. It's going to take quite a while for them to recover from this.

    However, I'm sure they will. Sony's rootkit never put them out of business, Jack in the Box is still selling hamburgers despite poisoning many of their customers (as well as a lot of other food sellers selling poisoned food), etc.

    • You're making the assumption that the people reading this are actual or potential customers. I've got no hard data, but given the quality, performance and reliability of McAfee's products, I'd venture a guess that no sane Slashdotter would dare use their software unless forced upon by some corporate idiocracy responsible for his/her paycheque.

      I remember the good old days, when all of McAfee's commercial (paid) releases were available from their own FTP server, simply by logging in as "anonymous". No regis

      • IMO the risk would come from CTO reading about this, via some blurb in his/her business/tech journal, and saying wtf.

        While end users with one or a few computers are important for sales keep in mind the people that have power over large numbers of computers are more what the OP I think was getting at.

      • Or if you were licensed, the username and password were licensed/321. Those silly security minded folks were not very security minded back in the day...
      • by COMON$ ( 806135 )
        I use EPO and 8.5i and love it. I am quite sane as well FWIW. However their home products are pretty shoddy. I should add as well that I think most /.ers are kids in their basements pretending to be adults. The number of people posting on here with actual experience or actual administrators of networks and or geek jobs is relatively small I would wager.
        • by mcgrew ( 92797 )

          I don't know, I've run across quite a few geezers here. And there are different kinds of nerds; an electrical engineer or an astronomer would not be competent to administer a network.

          You can tell the youngsters, they mostly post as "anonymous coward" and try for that all important first post.

          Then there are cross-domain arguments; I had one with an intelligent fellow a few days ago, a math geek, that couldn't see past the numbers and visualize what the numbers actually represented. I'm sure he couoold comput

    • So! They laugh at my boner, will they?! I'll show them! I'll show them how many boners McAfee can make!
    • How dare you sully the bacon ultimate cheeseburger by comparing it to Sony! I just wish they'd move further north :^\

    • Irony indeed. This will certainly lose them a lot of customers...

      As long as there continue to be Microsoft-leaning IT shops there will continue to be McAfee AV. We have this shite at work and it really gets a chubby going after Java and Firefox. It's like Steve Ballmer setup the config personally. McAfee is definitely carrying Microsoft's water for them. More like carrying buckets of piss to pour on anything non-MS. Our IT manager just loves this steaming pile.

  • by whisper_jeff ( 680366 ) on Thursday July 30, 2009 @07:25AM (#28880321)
    Dear Ms Morissette,

    This is irony. Please take note.

    Yours truly
    • by Nevynxxx ( 932175 ) on Thursday July 30, 2009 @08:16AM (#28880795)

      I find the song in question paradoxical. It's ironic that a song called ironic, contains so little irony. But perhaps that is why the song is named as it is, and the irony is intentional, but then it wouldn't be ironic as it was designed that way, bringing us back to the beginning.

      <~head explodes~>

      • It's more like she's an idiot who had no idea what irony was when she wrote the song. The education level of so-called educated people is shockingly low. Lack of knowledge of literary concepts for a songwriter is just the beginning.
  • by Kuroji ( 990107 ) <kuroji@gmail.com> on Thursday July 30, 2009 @07:30AM (#28880349)

    McAfee's marketing department leaked it, because they were testing the old 'bad publicity is worse than no publicity' theory.

    Results so far are not promising.

  • by PhunkySchtuff ( 208108 ) <kai&automatica,com,au> on Thursday July 30, 2009 @07:47AM (#28880491) Homepage

    Further proof that security is a human problem. Technology can help in some areas, and hinder in others, but at the end of the day it's the monkey at the keyboard banging out the works of Shakespeare that is the weak link in the chain.

    Computers would be secure against viruses if people didn't open attachments or surf to dodgy sites. Phishing emails wouldn't work if people didn't reply to them, same goes for 419 scams.

    Security is a human issue, it's not a technological issue and a purely technical solution will never work 100%.

    • Re: (Score:2, Insightful)

      by Halotron1 ( 1604209 )

      Sounds like the old Dancing Bunnies [msdn.com] problem.

      The user wants to see the dancing bunnies, so they click there. It doesn't matter how much you try to disuade them, if they want to see the dancing bunnies, then by gum, they're going to see the dancing bunnies. It doesn't matter how many technical hurdles you put in their way, if they stop the user from seeing the dancing bunny, then they're going to go and see the dancing bunny.

  • Somewhat related, I work on an institutional review board that reviews human studies submissions for a large university. One main dichotomy that is used to classify protocols is the concept of "minimal risk" vs. "greater than minimal risk," minimal risk defined somewhat loosely as risks encountered in everyday life.

    Accidental sharing of protected health information is considered a risk of many of these studies that collect sensitive information. We continue to subsequently review incidents in which protecte

    • But does that mean that our personal information shouldn't be protected from being leaked by means that most would consider grossly negligent? Someone had to click "Attach File" at some point. That same person had to click that send button, probably after realizing that attaching the spreadsheet with everyone's email on it wasn't the same as CCing everyone.

      To me, this is, inherently, an issue of human error. Overworked, exhausted, undercoffee'd PR guy who just finished a, more than likely, exhausting and
      • by dave562 ( 969951 )
        Its a corporate culture problem. Given a close to 20% real unemployment rate in this country, there isn't any excuse for having a non/poorly trained fool handling sensitive customer information. I'm sure that there are plenty of unemployed people who could do the task in question without messing it up. The sad thing is that they'd probably jump at the opportunity to make the peanuts worth of pay that McAfee was probably paying the person who screwed it up.
      • by dangle ( 1381879 )

        Yeah, this is exactly the kind of conversation our committee has had on multiple occasions, maybe I'm being too cynical, but it just seems guaranteed (and therefore should be expected and anticipated) that well-meaning people are capable of inadvertently breaking any security system we come up with, let alone the non-well-meaning people.

        • Really though, the coffee cup already says "Caution: Hot!" Does that need to be supplemented by "Hot things can burn you, and burns hurt."

          When I was a kid, all it took was my mom to say 'Santa's watching..." That would freeze me in my tracks even in June.
  • This is why there's no such thing as a technical solution to a social problem.

    Here's another example: My company instituted a policy where recipient names would not auto complete on the To/CC fields - enforced through the domain security policy - to prevent people from sending stuff meant for one client to another.

    Less than 48 hours later someone sent a sensitive email to the wrong client anyway.

  • "taking steps to ensure it doesn't happen again" = someone is getting fired
  • They were using their own products and they failed. Or if they weren't using their own products - why not?
  • RTFA!!! (Score:5, Funny)

    by DoofusOfDeath ( 636671 ) on Thursday July 30, 2009 @08:16AM (#28880799)

    I actually READ TFA.

    Turns out the summary was pretty accurate.

    Just thought I'd mention that.

    • It is completely accurate. We had two guys at work go to the conference, and both of them got sent an email with a excel spreadsheet listing all the details of all the attendees of the conference. Whoops indeed.
  • 3....2.....1.....
    Ok who wants to buy my McAffee stock options for 1/10th of their worth, anybody,....anybody....???

  • to send that particular information to... Or about, for that matter. The thought makes me smile. Not only did they send a bunch of personal information out via e-mail, but they sent it to a bunch of hackers. Not only did they send a bunch of personal information to a bunch of hackers via email, but it was the personal information of those very hackers.
  • Once again PEBKAC and the Human Element proves to be the bane of the person trying to make computer data secure. I face this every day and to this day I still wonder how the hell my parents don't get more infections then they currently do. Wait that would be me making sure their antispyware and antivirus is up to date every time their backs are turned.

    It does help that I drummed in safe surfing practices into their heads.

  • I just went to my McAfee account and used the forgot password link. Either my password was stored unencrypted or it is one of those rare words that hashes to itself.
  • Didn't this happen last year as well??
  • When will McAfee just shrivel up and die? Their software sucks and it seems like this is at least the second or third seriously high profile mistake on their part. Does anyone really buy McAfee security products, or do they simply scrape by with the revenue from renewals on OEM pre-installs? I don't know a single IT person who looks at McAfee software when considering corporate security products.
  • I'd call it a Darwinian development. Anyone putting their security in McAfee pretty much deserves what they get.

To stay youthful, stay useful.

Working...