Slashdot Mirror
Verizon Exposes the Wrong 1,200 Email Addresses
netbuzz writes "If you're going to market your expertise by inviting 1,200 IT professionals to a seminar about securing data and protecting personal information, it's probably a good idea to protect the personal information of those you invite. On Tuesday, Verizon forgot that advice and blasted each of the 1,200 email addresses to everyone on the list ... and they did it 17 times."
Whenever email scripts have too many recipients, they do tend to refresh and try again, which can cause dupes. These addresses were likely supposed to be in the BCC field, or nonexistent (duh). So it was a mistake.
That's an embarassing blunder, to hold a seminar on keeping private info secure and then spamming who is attending the seminar. I wonder how much time they will spend on that blunder, explaining how it can happen to anyone, even the mighty Verizon, but this foolishness will not strengthen Verizon's sales pitch.
Spammers attend these conferences. Now spammers have known email addresses of everyone there.
This would only make a difference if spammers made money based on sending targeted email. They don't. They make money based on volume of addresses when a shady merchant pays them. So maybe they could make $25 on this list?
Apart from making one person in Verizon look stupid, this also enforces the theory that it only takes one idiot to... the whole internet.
The dangers of knowledge trigger emotional distress in human beings.
It's not that Verizon exposed "the wrong" 1200 emails, it's that Verizon exposed any email addresses at all.
/bad title?
DOH!
"We just wanted to make sure you could hear us now"
Beauty is in the eye of the beerholder.
I'll bet they got their point across..
Clearly, the email blorf and the conference itself are one in the same -- a cry for help from Verizon.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Outbound filter to make sure that no email with more than one address in the headers ever leaves the mail server.
and they did it 17 times.
They were afraid that if they did it 18 times, it might look suspicious.
--
Oh Well, Bad Karma and all . . .
Beer is proof that God loves us and wants us to be happy.
...
"Can you READ me NEEOWWWWW???!!!"
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Does that mean the Slashdot is more responsible than Verizon?
Is it just my observation, or are there way too many stupid people in the world?
It's all part of the plan. Now Verizon is going to charge me $0.50 a month to keep my information private.
I need to switch services.
I am not surprised in the least that this happened coming from Verizon. They hire incompetent assholes all the time there. Their business model is how to screw the customer out of the most money and provide the least amount of service. I can't stand Verizon.
Note that their cell phone business is completely separate from the rest of the morons. Neither business unit talks to each other and neither knows what the other is doing. If the wireless side of the business had any brains they would split off and change names. Verizon is associated with incompetence and greed.
As you said, this is /. Appreciate the irony dammit...
If I were one of those invited, then a thing like this would immediately make me loose interest in whatever they'd have to say. Show in advance you can't do yourself what you're preaching about. Duh!
I'd just decline the invitation, and spend my time elsewhere (probably more productive). If a majority of the invited folks would do this, the event would be dead in the water. Killed by stupidity of the organization.
Sweet, now maybe I can have Verizon start sending me more information on Breast Enlargement and Erectile Disfunction Pills.
Ave Molech Setting
Maybe now we can have secure, authenticated email.
It's only laziness and the lack of any security mandates that prevents us from having decent email.
They ARE out to get you simply because They are in it for themselves and they don't care about you.
...they weren't charged 3-cents for each of those messages.
Except that there is absolutely nothing to distinguish some clerical errors and actual security issues. If information is leaked by clerical error, it's leaked just as effectively as if it were hacked out of an on-line database through cross-site scripting. Maybe more effectively.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Just this morning, I got an email from bandwidth.com addressed to 1250 other customers.
I guess it is good I went with them instead of verizon, now I have even more email addresses to spam!
is to ditch the abysmal Micro$oft Exchange, and while they're at it, ditch Micro$oft altogether. I can't believe they think they have the expertise to host a security seminar and they still run on that rubbish. But they are pretty deeply in bed with Microshaft - you have to wonder what other sensitive data they've allowed to leak out - or rather, that they've sent out to any Tom, Dick and Hacker in the world thanks to their insistence of using Gate's solitare-playing software as if it's got enterprise capabilities.
very strange coincidence indeed. Bandwidth.com blasted about 300 addresses in an email today as well - it's fun to see all the COO's, CIO's and CEO's of bandwith.com customers acting like children and trolls by 'reply-all'ing' and complaining about exposing their addresses.
Uh, hello mr. ceo - your reply is unsolicited - you are the SPAM you are complaining about!
what a weird coincidence.
Didn't anyone replyed to all? I'd love to see the thread of flames.
They should have listened to that good advice that they obviously just didn't take.
Who would have thought ... it figures!
At least it was a prime number. I wouldn't mind it so much then. Had it been 16 or 18 though, damn I'd be angry.
distinguish between a clerical error and an actual security issue?
And the difference is ?
I recall that last year SolarWinds' community website (Thwack) launch email was sent to all interested customers, also in the To: field. Some great email addresses those were - NASA, IEEE, California OES, Alabama, Washington, you name it - total of about 100 people... you should have seen those replies! SolarWinds gave everybody a shirt after :)
Bow before me, for I am root.
Veriz-owned.
I betcha they did it just to get on Slashdot.
Need an automatic screenshot taker? Try here.
yeah and wait until the sms message bills come in on those invites. Why would anyone mess with Verizon? Seriously!
My email recently got exposed to the wrong uncle! Please make those stupid animated love-and-nature Powerpoints stop!
is dead. No really, someone killed him already. Securely and anonymously. We have a list of 1200 suspects and their names. Actually, 1200 people have a list of 1200 suspects and their names.
Your post advocates a
(X) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(X) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
(X) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(X) Countermeasures must work if phased in gradually
(X) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Some bandwidth.com representative sent an email to 1,300 of their customers this morning. The reply list was so big it crashed Evolution when opened.
One interesting thing about the event was that a great discussion raised from it. Customer's were bouncing ideas off each other, asking what their different configurations were, etc. Some were whining about the service or complaining that we should stop spamming them.
Then, shortly afterward, in the middle of some pretty decent discussion - the CEO of Bandwidth.com sends out an email saying that people are fired, they care about security blah blah..
What this guy failed to do was seize the moment and take the opportunity to start a blog or forum to keep the discussion going..Instead, he fired some poor schmuck(s) over an error that could of happened to anyone.
What about actually addressing some of the concerns and ideas that were brought up?
Just bad leadership from that guy - I would love his job.
MSexchange sucks because its technology is worse than that of similar products, like VAXMAIL in the 1980s.
If you like dealing with email with stone knives and bearskins, more power to you, but the rest of us are laughing at you and how silly your email looks to the outside world.