Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

McAfee Leaks Conference Attendees' Personal Info

samzenpus posted about 5 years ago | from the black-fly-in-your-chardonnay dept.

Security 72

Timmy writes "In the cruelest of ironies, e-mail security vendor McAfee has accidentally coughed up the personal details of some 1400 attendees of its recent security conference in Sydney, Australia. Those who were sent the list — attached as a spreadsheet to a thank you e-mail — are far from pleased that such an extraordinary thing could happen. McAfee, which sells products to 'stop sensitive and protected data from leaving the enterprise through email and web traffic' has blamed 'human error' for the blunder and is 'taking steps to ensure it doesn't happen again.' Doh!"

cancel ×

72 comments

Sorry! There are no comments related to the filter you selected.

I just had to... (-1, Offtopic)

plastbox (1577037) | about 5 years ago | (#28880071)

FIRST! =D

Re:I just had to... (2, Funny)

Anonymous Coward | about 5 years ago | (#28880139)

You forgot to attach the spreadsheet to that post ;)

Funny? Maybe not ... (2, Interesting)

artgeeq (969931) | about 5 years ago | (#28881513)

Does anyone remember the time McAfee distributed a signature file that caused its software to delete executable binaries from computers? This caused me and many other persons much grief. A few months afterward, a vendor asked me what McAfee could do to make up for such a thing. My response was that that they couldn't, that they should just go out of business.

Re:I just had to... (1)

plastbox (1577037) | about 5 years ago | (#28938805)

Wohoo! Not only my first first-post but my first Offtopic post as well! (or at least, the first one to get modded as such)

Obligary, but funny (1)

sopssa (1498795) | about 5 years ago | (#28880143)

Wikileaks did the exact same thing [wired.com] . Later someone send the leak to them, and they had to give out those donators info per their rules :) [wikileaks.org]

People working at these positions should really check their emails before they mass send them..

Re:Obligary, but funny (2, Insightful)

aurispector (530273) | about 5 years ago | (#28880249)

This is why I don't want my personal information in any database anywhere.

Re:Obligary, but funny (5, Interesting)

hittman007 (206669) | about 5 years ago | (#28880455)

This is why I don't want my personal information in any database anywhere.

Good luck with that.

I'm not saying this would be impossible but it would be very difficult to achieve in todays world as you would have to live completly off the grid...

Think about it, how many databases have your personal info (or at least that of someone you live with). Any phone service (Cell or Land Line), Internet service, Electricity, Trash, Water, Natural Gas. These are all databases, and if you ever live on your own all of these will will include your personal info.

Also, do you have a drivers liscense? If you do your state government has your personal info (and thats if they didn't have it already).

Social Security (assuming your not a member of a religion that has contrary religous beliefs), congrats, the government has you on a list and, while this list doesn't directly include any personal information, what is the one thing that will get someone all the info they will ever want about you?

You wouldn't happen to own a car or house? Or do you live in an appartment with your name on the lease??

Do you have a job that pays other than cash?

Do you have a credit card?

These are just the lists that come to mind offhand, if I put my mind to it I'm sure I can think of more...

Re:Obligary, but funny (1)

WML MUNSON (895262) | about 5 years ago | (#28884463)

Actually, it's not that hard to be off the grid entirely. Take your pick of any third-world country. Some are quite nice and the living standards can be rather luxurious.

Re:Obligary, but funny (1)

aurispector (530273) | about 5 years ago | (#28888759)

Oh, I know it's impossible, but a man can dream, can't he?

Title error (3, Informative)

RPoet (20693) | about 5 years ago | (#28880121)

Title should say "attendees'", not "attendee's".

Re:Title error (-1, Offtopic)

ATestR (1060586) | about 5 years ago | (#28880153)

Do you mean "attendees'"?

Re:Title error (-1, Offtopic)

Polarina (1389203) | about 5 years ago | (#28880203)

No, it's attendees'.

Re:Title error (-1, Troll)

prayag (1252246) | about 5 years ago | (#28880207)

Actually its Attendees' since they are plural and their information was lost.
Also, stop being a prick. :)

Re:Title error (2, Insightful)

thePowerOfGrayskull (905905) | about 5 years ago | (#28880391)

Actually its Attendees' since they are plural and their information was lost

That's really very funny, you're the third person to correct the poster by replying with exactly what s/he had already posted. Too, you've fallen victim to Muphry's law [wikipedia.org] in your own post...

Title should say "attendees'", not "attendee's".

Let me re-paste the same quote, and add the space which reveals that which you all have failed to see...

Title should say "attendees' ", not "attendee's".

Re:Title error (0)

Anonymous Coward | about 5 years ago | (#28880495)

Looks like somebody needs a larger screen font, or better eyeglasses. ;)

Re:Title error (0)

Anonymous Coward | about 5 years ago | (#28880601)

Actually, it is " it's ", not " its " since you mean to contract " Actually it [i]s Attendees' ...".

Re:Title error (5, Funny)

UNHOLYwoo (1213830) | about 5 years ago | (#28880367)

I second the grammar nazi.

S*** happens (2, Informative)

indre1 (1422435) | about 5 years ago | (#28880127)

Things like this even happen to the best of us.

Re:S*** happens (1)

$RANDOMLUSER (804576) | about 5 years ago | (#28880413)

Extraordinary

You keep using that word. I do not think it means what you think it means.

Re:S*** happens (1)

Vexor (947598) | about 5 years ago | (#28884421)

Well McAfee certainly isn't amoung the best of us...

Ob. Simpsons (0)

Anonymous Coward | about 5 years ago | (#28880133)

The ironing is delicious. -Bart Simpson

Evolution (5, Funny)

Methos137 (1172787) | about 5 years ago | (#28880135)

Further proof that no matter how good of a system we design, the universe will design a better idiot to use it.

Doh, indeed... (0, Redundant)

tfmachad (1386141) | about 5 years ago | (#28880201)

Play them off, keyboard cat!

Re:Doh, indeed... (0)

Anonymous Coward | about 5 years ago | (#28880553)

Play them off, keyboard cat!

Unfunny meme is unfunny.

Oops! (2, Insightful)

mcgrew (92797) | about 5 years ago | (#28880241)

Irony indeed. This will certainly lose them a lot of customers. You have to wonder how good a security company can be if they could pull a boner like this one. It's going to take quite a while for them to recover from this.

However, I'm sure they will. Sony's rootkit never put them out of business, Jack in the Box is still selling hamburgers despite poisoning many of their customers (as well as a lot of other food sellers selling poisoned food), etc.

Re:Oops! (1)

billcopc (196330) | about 5 years ago | (#28880569)

You're making the assumption that the people reading this are actual or potential customers. I've got no hard data, but given the quality, performance and reliability of McAfee's products, I'd venture a guess that no sane Slashdotter would dare use their software unless forced upon by some corporate idiocracy responsible for his/her paycheque.

I remember the good old days, when all of McAfee's commercial (paid) releases were available from their own FTP server, simply by logging in as "anonymous". No registration/serial required. What a fine bunch of tools... the company I mean, not the software.

Re:Oops! (1)

yoshi_mon (172895) | about 5 years ago | (#28882663)

IMO the risk would come from CTO reading about this, via some blurb in his/her business/tech journal, and saying wtf.

While end users with one or a few computers are important for sales keep in mind the people that have power over large numbers of computers are more what the OP I think was getting at.

Re:Oops! (1)

certain death (947081) | about 5 years ago | (#28882873)

Or if you were licensed, the username and password were licensed/321. Those silly security minded folks were not very security minded back in the day...

Re:Oops! (1)

COMON$ (806135) | about 5 years ago | (#28884901)

I use EPO and 8.5i and love it. I am quite sane as well FWIW. However their home products are pretty shoddy. I should add as well that I think most /.ers are kids in their basements pretending to be adults. The number of people posting on here with actual experience or actual administrators of networks and or geek jobs is relatively small I would wager.

Re:Oops! (1)

mcgrew (92797) | about 5 years ago | (#28901225)

I don't know, I've run across quite a few geezers here. And there are different kinds of nerds; an electrical engineer or an astronomer would not be competent to administer a network.

You can tell the youngsters, they mostly post as "anonymous coward" and try for that all important first post.

Then there are cross-domain arguments; I had one with an intelligent fellow a few days ago, a math geek, that couldn't see past the numbers and visualize what the numbers actually represented. I'm sure he couoold compute rings around me, but he lacked the abililty to visualize.

Re:Oops! (1)

thenickdude (1481249) | about 5 years ago | (#28881553)

So! They laugh at my boner, will they?! I'll show them! I'll show them how many boners McAfee can make!

Re:Oops! (1)

TheSpoom (715771) | about 5 years ago | (#28883217)

How dare you sully the bacon ultimate cheeseburger by comparing it to Sony! I just wish they'd move further north :^\

Re:Oops! (1)

hercubus (755805) | about 5 years ago | (#28883989)

Irony indeed. This will certainly lose them a lot of customers...

As long as there continue to be Microsoft-leaning IT shops there will continue to be McAfee AV. We have this shite at work and it really gets a chubby going after Java and Firefox. It's like Steve Ballmer setup the config personally. McAfee is definitely carrying Microsoft's water for them. More like carrying buckets of piss to pour on anything non-MS. Our IT manager just loves this steaming pile.

Oh I get it! (-1, Offtopic)

Drakkenmensch (1255800) | about 5 years ago | (#28880253)

It's like bronzy or coppery, except it's made of iron!

Re:Oh I get it! (0, Offtopic)

mcgrew (92797) | about 5 years ago | (#28881671)

No, it's what your mommie uses to make your shirties flat.

Symantec (0)

Anonymous Coward | about 5 years ago | (#28880303)

They should have used symantec firewall.

Dear Ms Morissette (4, Funny)

whisper_jeff (680366) | about 5 years ago | (#28880321)

Dear Ms Morissette,

This is irony. Please take note.

Yours truly

Re:Dear Ms Morissette (5, Funny)

Nevynxxx (932175) | about 5 years ago | (#28880795)

I find the song in question paradoxical. It's ironic that a song called ironic, contains so little irony. But perhaps that is why the song is named as it is, and the irony is intentional, but then it wouldn't be ironic as it was designed that way, bringing us back to the beginning.

<~head explodes~>

Re:Dear Ms Morissette (1)

DNS-and-BIND (461968) | about 5 years ago | (#28884441)

It's more like she's an idiot who had no idea what irony was when she wrote the song. The education level of so-called educated people is shockingly low. Lack of knowledge of literary concepts for a songwriter is just the beginning.

Re:Dear Ms Morissette (0)

Anonymous Coward | about 5 years ago | (#28886621)

No, all it means is that language changes and that the definition of irony she used is just as valid as the older and somewhat different definition people like you keep claiming is the only one.

And with that being said, it really is rather ironic that you of all people would complain about "the education level of so-called educated people" being "shockingly low". If you'd have any background in linguistics at all, even if it's the armchair variety, you'd know that linguistic prescriptivism is... well, dead.

Except for in uninformed, arrogant yahoos like you.

Well, obviously... (2, Funny)

Kuroji (990107) | about 5 years ago | (#28880349)

McAfee's marketing department leaked it, because they were testing the old 'bad publicity is worse than no publicity' theory.

Results so far are not promising.

they're just trying to get more business (1)

OrangeMonkey11 (1553753) | about 5 years ago | (#28880369)

"Human Error"

Lessons Learned (0, Redundant)

burr101 (1301459) | about 5 years ago | (#28880419)

Don't attend a McAfee Conference!

Security is a human issue (4, Insightful)

PhunkySchtuff (208108) | about 5 years ago | (#28880491)

Further proof that security is a human problem. Technology can help in some areas, and hinder in others, but at the end of the day it's the monkey at the keyboard banging out the works of Shakespeare that is the weak link in the chain.

Computers would be secure against viruses if people didn't open attachments or surf to dodgy sites. Phishing emails wouldn't work if people didn't reply to them, same goes for 419 scams.

Security is a human issue, it's not a technological issue and a purely technical solution will never work 100%.

Re:Security is a human issue (2, Insightful)

Halotron1 (1604209) | about 5 years ago | (#28880781)

Sounds like the old Dancing Bunnies [msdn.com] problem.

The user wants to see the dancing bunnies, so they click there. It doesn't matter how much you try to disuade them, if they want to see the dancing bunnies, then by gum, they're going to see the dancing bunnies. It doesn't matter how many technical hurdles you put in their way, if they stop the user from seeing the dancing bunny, then they're going to go and see the dancing bunny.

Re:Security is a human issue (0)

Anonymous Coward | about 5 years ago | (#28883831)

Dancing bunnies? Cute! Can you provide a link?

The Dinosaurs WILL escape (2, Interesting)

dangle (1381879) | about 5 years ago | (#28880525)

Somewhat related, I work on an institutional review board that reviews human studies submissions for a large university. One main dichotomy that is used to classify protocols is the concept of "minimal risk" vs. "greater than minimal risk," minimal risk defined somewhat loosely as risks encountered in everyday life.

Accidental sharing of protected health information is considered a risk of many of these studies that collect sensitive information. We continue to subsequently review incidents in which protected health information has been "spilled," leaving us to determine if this was an "expected" or "unexpected" event.

Unfortunately, a la Ian Malcolm, I've come to believe that it is essentially guaranteed (thus expected) that these leaks will occur, making loss of confidentiality now just part of everyday life, therefore "minimal risk" from the point of view of the US federal regulations on human studies.

Re:The Dinosaurs WILL escape (0)

Anonymous Coward | about 5 years ago | (#28880915)

While I understand what you are getting at - that leaks will occur and it is the nature of the beast; heck, "information wants to be free", right?

However, you would probably look at it differently if you had cancer and that leaked out and you could not get health coverage.

Re:The Dinosaurs WILL escape (1)

dangle (1381879) | about 5 years ago | (#28880999)

I agree completely, and "expected" doesn't equal "acceptable."

As I sometimes tell patients when the Hospital has committed a relatively minor transgression against them: "If it makes you feel any better, we treat everyone this badly."

Re:The Dinosaurs WILL escape (1)

SkipFrehly (1606577) | about 5 years ago | (#28883057)

But does that mean that our personal information shouldn't be protected from being leaked by means that most would consider grossly negligent? Someone had to click "Attach File" at some point. That same person had to click that send button, probably after realizing that attaching the spreadsheet with everyone's email on it wasn't the same as CCing everyone.

To me, this is, inherently, an issue of human error. Overworked, exhausted, undercoffee'd PR guy who just finished a, more than likely, exhausting and stressful marketing conference, tried doing the right thing, and messed up.

Re:The Dinosaurs WILL escape (1)

dave562 (969951) | about 5 years ago | (#28883997)

Its a corporate culture problem. Given a close to 20% real unemployment rate in this country, there isn't any excuse for having a non/poorly trained fool handling sensitive customer information. I'm sure that there are plenty of unemployed people who could do the task in question without messing it up. The sad thing is that they'd probably jump at the opportunity to make the peanuts worth of pay that McAfee was probably paying the person who screwed it up.

Re:The Dinosaurs WILL escape (1)

dangle (1381879) | about 5 years ago | (#28890313)

Yeah, this is exactly the kind of conversation our committee has had on multiple occasions, maybe I'm being too cynical, but it just seems guaranteed (and therefore should be expected and anticipated) that well-meaning people are capable of inadvertently breaking any security system we come up with, let alone the non-well-meaning people.

Re:The Dinosaurs WILL escape (1)

SkipFrehly (1606577) | about 5 years ago | (#28894981)

Really though, the coffee cup already says "Caution: Hot!" Does that need to be supplemented by "Hot things can burn you, and burns hurt."

When I was a kid, all it took was my mom to say 'Santa's watching..." That would freeze me in my tracks even in June.

Tech solution to a social problem (1)

Thaelon (250687) | about 5 years ago | (#28880563)

This is why there's no such thing as a technical solution to a social problem.

Here's another example: My company instituted a policy where recipient names would not auto complete on the To/CC fields - enforced through the domain security policy - to prevent people from sending stuff meant for one client to another.

Less than 48 hours later someone sent a sensitive email to the wrong client anyway.

sucks to be the person who sent the email (1)

MITpianoman (952963) | about 5 years ago | (#28880677)

"taking steps to ensure it doesn't happen again" = someone is getting fired

I don't know which is worse (1)

petes_PoV (912422) | about 5 years ago | (#28880787)

They were using their own products and they failed. Or if they weren't using their own products - why not?

RTFA!!! (4, Funny)

DoofusOfDeath (636671) | about 5 years ago | (#28880799)

I actually READ TFA.

Turns out the summary was pretty accurate.

Just thought I'd mention that.

Re:RTFA!!! (0)

Anonymous Coward | about 5 years ago | (#28883387)

broken clock... right twice a day... yada yada yada.... ;P

Re:RTFA!!! (1)

rodeoclownii (803902) | about 5 years ago | (#28892703)

It is completely accurate. We had two guys at work go to the conference, and both of them got sent an email with a excel spreadsheet listing all the details of all the attendees of the conference. Whoops indeed.

This isn't a leak, it's a feature! (0)

Anonymous Coward | about 5 years ago | (#28880821)

Many conferences routinely give/sell information about conference participants to sponsors & exhibitors.

I was recently at a trade show, and the ID badges had a bar code on the back so that booth exhibitors could easily get your contact info instead of using business cards.

Well, a week later, I started to get follow up emails from exhibitors I was interested in that had scanned my badge. This was expected.

BUT, I also received lots of email from vendors I wasn't interested in, didn't visit their booths, and they didn't scan my badge.

Fortunately, I created a new email alias when I signed up for the conference, so it's easy to identify these spammers.

Yes, they are spammers. I didn't sign up to be contacted, I never talked to you, and we have no business relationship. Maybe I should find a bottom-feeding lawyer on contingency... can I sue under the CAN-SPAM act?

Re:This isn't a leak, it's a feature! (2, Informative)

jank1887 (815982) | about 5 years ago | (#28881197)

Every professional conference I've been do has provided an attendees list as part of the welcome kit (including the program, CD with papers/presentations, etc.). I get crap from vendors every once in a while. But not too much. Was this McAffee leaked information more than just contact info?

Re:This isn't a leak, it's a feature! (0)

Anonymous Coward | about 5 years ago | (#28892463)

Name, work title, contact phone numbers (including mobile), email address, which sessions they were attending, whether they turned up or whether they were a no-show, dietary requirements.

Nothing that in itself is risky, but enough to make my life a misery when my details (which are on that list btw) get into the hands of a marketer. Not only that, but in the hands of a hacker they now have a pretty good who's who of security in Australia.

I just want to see what free stuff the attendees are going to get to pacify us.....

Well I can see their stock price crashing ! (1)

hesaigo999ca (786966) | about 5 years ago | (#28881017)

3....2.....1.....
Ok who wants to buy my McAffee stock options for 1/10th of their worth, anybody,....anybody....???

Re:Well I can see their stock price crashing ! (1)

Phoenixlol (1549649) | about 5 years ago | (#28881727)

Um, I do. Have you seen how they've been doing lately (save today)?

The wrong bunch of people... (1)

leprkhn (1344959) | about 5 years ago | (#28881887)

to send that particular information to... Or about, for that matter. The thought makes me smile. Not only did they send a bunch of personal information out via e-mail, but they sent it to a bunch of hackers. Not only did they send a bunch of personal information to a bunch of hackers via email, but it was the personal information of those very hackers.

Let's dance the PEBKAC again (1)

FreakUnique (927847) | about 5 years ago | (#28882277)

Once again PEBKAC and the Human Element proves to be the bane of the person trying to make computer data secure. I face this every day and to this day I still wonder how the hell my parents don't get more infections then they currently do. Wait that would be me making sure their antispyware and antivirus is up to date every time their backs are turned.

It does help that I drummed in safe surfing practices into their heads.

Customer passwords stored unencrypted (1)

linear a (584575) | about 5 years ago | (#28882757)

I just went to my McAfee account and used the forgot password link. Either my password was stored unencrypted or it is one of those rare words that hashes to itself.

The ironic thing is... (0)

Anonymous Coward | about 5 years ago | (#28882821)

... calling McAfee a security company.

What they seem to sell is a placebo to make Windows users feel they are secure. Yeah, their software may find infected files on your system but that's after they're already there. Who knows whether someone's accessed them and installed god-only-knows what sort of [spy|bot]ware on the system. What they sell are snakeoil^Wcures not preventions.

Isn't this the 2nd time for McAfee? (2, Interesting)

Xingzoa (519749) | about 5 years ago | (#28883609)

Didn't this happen last year as well??

How are they still around? (1)

dave562 (969951) | about 5 years ago | (#28883921)

When will McAfee just shrivel up and die? Their software sucks and it seems like this is at least the second or third seriously high profile mistake on their part. Does anyone really buy McAfee security products, or do they simply scrape by with the revenue from renewals on OEM pre-installs? I don't know a single IT person who looks at McAfee software when considering corporate security products.

Re:How are they still around? (0)

Anonymous Coward | about 5 years ago | (#28884655)

McAfee corporate antivirus is actually used by several hospitals and other large organizations I have consulted with, either as part of their SonicWall deployment, or as a hosted service. The Health Service I am currently consulting for uses it on thousands of devices across the state.

I personally despise the consumer software they have, but apparently they have done at least a marginally good job of promoting their corp antivirus product, and frankly it does a pretty good job of not being a friggin resource hog, unlike it's "evil" consumer step-brother, the security suite.

Moral: just because you don't see the tiger in the tall grass, doesn't mean he's not going to jump out and eat you. OR: just because your IT cronies hate McAfee doesn't mean all IT folks hate it.

Cruel Irony? Hardly. (1)

PingXao (153057) | about 5 years ago | (#28885475)

I'd call it a Darwinian development. Anyone putting their security in McAfee pretty much deserves what they get.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>