Pearson Credential Manager System Used By Cisco, IBM, F5 Has Been Breached 25
An anonymous reader writes with a report from Help Net Security that the credential management system used by Pearson VUE (part of education company and publisher Pearson) has been breached "by an unauthorized third party with the help of malware." Pearson VUE specializes in computer-based assessment testing for regulatory and certification boards. From the story:
Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs. The company is still assessing the scope of the breach, and says that they do not think that US Social Security numbers or full payment card information were compromised. But because the PMC is custom designed to fit specific customer requirements, they are still looking into how this incident affected each of their customers.
According to a note on Pearson's site, the system remains down for the time being.
Symantec too (Score:2)
Re: (Score:3)
Worldwide Wallpaper Prices (Score:1)
Prices plummet worldwide on wallpaper as the credentialism plague spreads.
Re: (Score:1)
pearson & cleartext passwords (Score:2)
Not sure on the PearsonVUE side, but the regular Pearson Learning - for access to their publisher created resources/course content - stores passwords as clear text.
I've reported it as a BIG issue to our local sales rep and the regional boss rep, but I don't think anything has been done about it.
2015: The Year of Bending Over (Score:4, Informative)
Re: (Score:1)
Being that you are in the security field you should know by now that security is just an illusion.
Re: (Score:3)
Good God; Why? (Score:2)
I realize that testing isn't a core competency and whatnot; but Pearson provides software; as written by people who shouldn't be allowed to write textbooks; but who are dangerously good at writing contracts. It couldn't possibly be worse if Adobe took a stab at writing a testing module based on some hideous combination of shockwave Xtras and Coldfus
Re: (Score:2)
Why would so many companies(some with actual software development experience; and others dangerously willing to try, like Adobe) put up with Pearson software?
Probably because PearsonVue has a vast distribution network in that they've associated themselves with thousands of local testing centers. It means that the burden, from a facility point of view, is low on those seeking the certs.
Now, I can tell you first-hand that the exams themselves are shit. They look like they were written in Hypercard on an 800x600 screen that's poorly mapped and essentially not-anti-aliased across the fairly modern 16:9 displays in the testing centers, and it's impossible to put
These Tests were Unfair a long time ago (Score:2)
Some time around 1996 I was trying to get MCSD and they failed me by no more than 3 points 8 times on the last test. I had bought nearly every book on the subject. I have lost faith in these tests. There was even a question asking me if i'd suggest using Microsoft products or not to a client.
I think they just didn't want to give me the certification. I even asked to challenge it, and I was told I could only challenge a question.
PMC has been compromised with the help of malware (Score:2)