Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Leaks Conference Attendees' Personal Info

Posted by samzenpus on from the black-fly-in-your-chardonnay dept.

Timmy writes "In the cruelest of ironies, e-mail security vendor McAfee has accidentally coughed up the personal details of some 1400 attendees of its recent security conference in Sydney, Australia. Those who were sent the list — attached as a spreadsheet to a thank you e-mail — are far from pleased that such an extraordinary thing could happen. McAfee, which sells products to 'stop sensitive and protected data from leaving the enterprise through email and web traffic' has blamed 'human error' for the blunder and is 'taking steps to ensure it doesn't happen again.' Doh!"

72 comments

  1. Title error by RPoet · · Score: 3, Informative

    Title should say "attendees'", not "attendee's".

    --
    "Oppression and harassment is a small price to pay to live in the land of the free." -- Montgomery Burns.
    1. Re:Title error by UNHOLYwoo · · Score: 5, Funny

      I second the grammar nazi.

    2. Re:Title error by thePowerOfGrayskull · · Score: 2, Insightful

      Actually its Attendees' since they are plural and their information was lost

      That's really very funny, you're the third person to correct the poster by replying with exactly what s/he had already posted. Too, you've fallen victim to Muphry's law in your own post...

      Title should say "attendees'", not "attendee's".

      Let me re-paste the same quote, and add the space which reveals that which you all have failed to see...

      Title should say "attendees' ", not "attendee's".

    3. Re:Title error by Anonymous Coward · · Score: 0

      Looks like somebody needs a larger screen font, or better eyeglasses. ;)

    4. Re:Title error by Anonymous Coward · · Score: 0

      Actually, it is " it's ", not " its " since you mean to contract " Actually it [i]s Attendees' ...".

  2. S*** happens by indre1 · · Score: 2, Informative

    Things like this even happen to the best of us.

    1. Re:S*** happens by $RANDOMLUSER · · Score: 1

      Extraordinary

      You keep using that word. I do not think it means what you think it means.

      --
      No folly is more costly than the folly of intolerant idealism. - Winston Churchill
    2. Re:S*** happens by Vexor · · Score: 1

      Well McAfee certainly isn't amoung the best of us...

      --
      ~Vexed and loving it!
  3. Ob. Simpsons by Anonymous Coward · · Score: 0

    The ironing is delicious. -Bart Simpson

  4. Evolution by Methos137 · · Score: 5, Funny

    Further proof that no matter how good of a system we design, the universe will design a better idiot to use it.

  5. Re:I just had to... by Anonymous Coward · · Score: 2, Funny

    You forgot to attach the spreadsheet to that post ;)

  6. Obligary, but funny by sopssa · · Score: 1

    Wikileaks did the exact same thing. Later someone send the leak to them, and they had to give out those donators info per their rules :)

    People working at these positions should really check their emails before they mass send them..

    1. Re:Obligary, but funny by aurispector · · Score: 2, Insightful

      This is why I don't want my personal information in any database anywhere.

      --
      I have mod points. The reign of terror begins now.
    2. Re:Obligary, but funny by hittman007 · · Score: 5, Interesting

      This is why I don't want my personal information in any database anywhere.

      Good luck with that.

      I'm not saying this would be impossible but it would be very difficult to achieve in todays world as you would have to live completly off the grid...

      Think about it, how many databases have your personal info (or at least that of someone you live with). Any phone service (Cell or Land Line), Internet service, Electricity, Trash, Water, Natural Gas. These are all databases, and if you ever live on your own all of these will will include your personal info.

      Also, do you have a drivers liscense? If you do your state government has your personal info (and thats if they didn't have it already).

      Social Security (assuming your not a member of a religion that has contrary religous beliefs), congrats, the government has you on a list and, while this list doesn't directly include any personal information, what is the one thing that will get someone all the info they will ever want about you?

      You wouldn't happen to own a car or house? Or do you live in an appartment with your name on the lease??

      Do you have a job that pays other than cash?

      Do you have a credit card?

      These are just the lists that come to mind offhand, if I put my mind to it I'm sure I can think of more...

      --
      --- When you start with the conclusion that you want, then throw out any facts that don't agree, is it true?
    3. Re:Obligary, but funny by WML+MUNSON · · Score: 1

      Actually, it's not that hard to be off the grid entirely. Take your pick of any third-world country. Some are quite nice and the living standards can be rather luxurious.

    4. Re:Obligary, but funny by aurispector · · Score: 1

      Oh, I know it's impossible, but a man can dream, can't he?

      --
      I have mod points. The reign of terror begins now.
  7. Doh, indeed... by tfmachad · · Score: 0, Redundant

    Play them off, keyboard cat!

    1. Re:Doh, indeed... by Anonymous Coward · · Score: 0

      Play them off, keyboard cat!

      Unfunny meme is unfunny.

  8. Oops! by mcgrew · · Score: 2, Insightful

    Irony indeed. This will certainly lose them a lot of customers. You have to wonder how good a security company can be if they could pull a boner like this one. It's going to take quite a while for them to recover from this.

    However, I'm sure they will. Sony's rootkit never put them out of business, Jack in the Box is still selling hamburgers despite poisoning many of their customers (as well as a lot of other food sellers selling poisoned food), etc.

    --
    Free Martian Whores!
    1. Re:Oops! by billcopc · · Score: 1

      You're making the assumption that the people reading this are actual or potential customers. I've got no hard data, but given the quality, performance and reliability of McAfee's products, I'd venture a guess that no sane Slashdotter would dare use their software unless forced upon by some corporate idiocracy responsible for his/her paycheque.

      I remember the good old days, when all of McAfee's commercial (paid) releases were available from their own FTP server, simply by logging in as "anonymous". No registration/serial required. What a fine bunch of tools... the company I mean, not the software.

      --
      -Billco, Fnarg.com
    2. Re:Oops! by thenickdude · · Score: 1

      So! They laugh at my boner, will they?! I'll show them! I'll show them how many boners McAfee can make!

    3. Re:Oops! by yoshi_mon · · Score: 1

      IMO the risk would come from CTO reading about this, via some blurb in his/her business/tech journal, and saying wtf.

      While end users with one or a few computers are important for sales keep in mind the people that have power over large numbers of computers are more what the OP I think was getting at.

      --

      Really, I know what I'm doing...Ohhhh, look at the shiny buttons!
    4. Re:Oops! by certain+death · · Score: 1

      Or if you were licensed, the username and password were licensed/321. Those silly security minded folks were not very security minded back in the day...

      --
      "My immediate reaction is "WTF? What kind of moron doesn't make things 64-bit safe to begin with?" Linus
    5. Re:Oops! by TheSpoom · · Score: 1

      How dare you sully the bacon ultimate cheeseburger by comparing it to Sony! I just wish they'd move further north :^\

      --
      It's better to vote for what you want and not get it than to vote for what you don't want and get it.
      - E. Debs
    6. Re:Oops! by hercubus · · Score: 1

      Irony indeed. This will certainly lose them a lot of customers...

      As long as there continue to be Microsoft-leaning IT shops there will continue to be McAfee AV. We have this shite at work and it really gets a chubby going after Java and Firefox. It's like Steve Ballmer setup the config personally. McAfee is definitely carrying Microsoft's water for them. More like carrying buckets of piss to pour on anything non-MS. Our IT manager just loves this steaming pile.

      --
      -- How I want a drink, alcoholic of course, after the heavy lectures involving quantum mechanics.
    7. Re:Oops! by COMON$ · · Score: 1

      I use EPO and 8.5i and love it. I am quite sane as well FWIW. However their home products are pretty shoddy. I should add as well that I think most /.ers are kids in their basements pretending to be adults. The number of people posting on here with actual experience or actual administrators of networks and or geek jobs is relatively small I would wager.

      --
      CS: It is all sink or swim...oh and did I mention there are sharks in that water?
    8. Re:Oops! by mcgrew · · Score: 1

      I don't know, I've run across quite a few geezers here. And there are different kinds of nerds; an electrical engineer or an astronomer would not be competent to administer a network.

      You can tell the youngsters, they mostly post as "anonymous coward" and try for that all important first post.

      Then there are cross-domain arguments; I had one with an intelligent fellow a few days ago, a math geek, that couldn't see past the numbers and visualize what the numbers actually represented. I'm sure he couoold compute rings around me, but he lacked the abililty to visualize.

      --
      Free Martian Whores!
  9. Symantec by Anonymous Coward · · Score: 0

    They should have used symantec firewall.

  10. Dear Ms Morissette by whisper_jeff · · Score: 4, Funny

    Dear Ms Morissette,

    This is irony. Please take note.

    Yours truly

    1. Re:Dear Ms Morissette by Nevynxxx · · Score: 5, Funny

      I find the song in question paradoxical. It's ironic that a song called ironic, contains so little irony. But perhaps that is why the song is named as it is, and the irony is intentional, but then it wouldn't be ironic as it was designed that way, bringing us back to the beginning.

      <~head explodes~>

    2. Re:Dear Ms Morissette by DNS-and-BIND · · Score: 1

      It's more like she's an idiot who had no idea what irony was when she wrote the song. The education level of so-called educated people is shockingly low. Lack of knowledge of literary concepts for a songwriter is just the beginning.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    3. Re:Dear Ms Morissette by Anonymous Coward · · Score: 0

      No, all it means is that language changes and that the definition of irony she used is just as valid as the older and somewhat different definition people like you keep claiming is the only one.

      And with that being said, it really is rather ironic that you of all people would complain about "the education level of so-called educated people" being "shockingly low". If you'd have any background in linguistics at all, even if it's the armchair variety, you'd know that linguistic prescriptivism is... well, dead.

      Except for in uninformed, arrogant yahoos like you.

  11. Well, obviously... by Kuroji · · Score: 2, Funny

    McAfee's marketing department leaked it, because they were testing the old 'bad publicity is worse than no publicity' theory.

    Results so far are not promising.

  12. they're just trying to get more business by OrangeMonkey11 · · Score: 1

    "Human Error"

  13. Lessons Learned by burr101 · · Score: 0, Redundant

    Don't attend a McAfee Conference!

  14. Security is a human issue by PhunkySchtuff · · Score: 4, Insightful

    Further proof that security is a human problem. Technology can help in some areas, and hinder in others, but at the end of the day it's the monkey at the keyboard banging out the works of Shakespeare that is the weak link in the chain.

    Computers would be secure against viruses if people didn't open attachments or surf to dodgy sites. Phishing emails wouldn't work if people didn't reply to them, same goes for 419 scams.

    Security is a human issue, it's not a technological issue and a purely technical solution will never work 100%.

    --
    Specialist Mac support for creative pros, Melbourne
    1. Re:Security is a human issue by Halotron1 · · Score: 2, Insightful

      Sounds like the old Dancing Bunnies problem.

      The user wants to see the dancing bunnies, so they click there. It doesn't matter how much you try to disuade them, if they want to see the dancing bunnies, then by gum, they're going to see the dancing bunnies. It doesn't matter how many technical hurdles you put in their way, if they stop the user from seeing the dancing bunny, then they're going to go and see the dancing bunny.

    2. Re:Security is a human issue by Anonymous Coward · · Score: 0

      Dancing bunnies? Cute! Can you provide a link?

  15. The Dinosaurs WILL escape by dangle · · Score: 2, Interesting

    Somewhat related, I work on an institutional review board that reviews human studies submissions for a large university. One main dichotomy that is used to classify protocols is the concept of "minimal risk" vs. "greater than minimal risk," minimal risk defined somewhat loosely as risks encountered in everyday life.

    Accidental sharing of protected health information is considered a risk of many of these studies that collect sensitive information. We continue to subsequently review incidents in which protected health information has been "spilled," leaving us to determine if this was an "expected" or "unexpected" event.

    Unfortunately, a la Ian Malcolm, I've come to believe that it is essentially guaranteed (thus expected) that these leaks will occur, making loss of confidentiality now just part of everyday life, therefore "minimal risk" from the point of view of the US federal regulations on human studies.

    1. Re:The Dinosaurs WILL escape by Anonymous Coward · · Score: 0

      While I understand what you are getting at - that leaks will occur and it is the nature of the beast; heck, "information wants to be free", right?

      However, you would probably look at it differently if you had cancer and that leaked out and you could not get health coverage.

    2. Re:The Dinosaurs WILL escape by dangle · · Score: 1

      I agree completely, and "expected" doesn't equal "acceptable."

      As I sometimes tell patients when the Hospital has committed a relatively minor transgression against them: "If it makes you feel any better, we treat everyone this badly."

    3. Re:The Dinosaurs WILL escape by SkipFrehly · · Score: 1

      But does that mean that our personal information shouldn't be protected from being leaked by means that most would consider grossly negligent? Someone had to click "Attach File" at some point. That same person had to click that send button, probably after realizing that attaching the spreadsheet with everyone's email on it wasn't the same as CCing everyone.

      To me, this is, inherently, an issue of human error. Overworked, exhausted, undercoffee'd PR guy who just finished a, more than likely, exhausting and stressful marketing conference, tried doing the right thing, and messed up.

      --
      So long, thanks for all the fish.
    4. Re:The Dinosaurs WILL escape by dave562 · · Score: 1

      Its a corporate culture problem. Given a close to 20% real unemployment rate in this country, there isn't any excuse for having a non/poorly trained fool handling sensitive customer information. I'm sure that there are plenty of unemployed people who could do the task in question without messing it up. The sad thing is that they'd probably jump at the opportunity to make the peanuts worth of pay that McAfee was probably paying the person who screwed it up.

    5. Re:The Dinosaurs WILL escape by dangle · · Score: 1

      Yeah, this is exactly the kind of conversation our committee has had on multiple occasions, maybe I'm being too cynical, but it just seems guaranteed (and therefore should be expected and anticipated) that well-meaning people are capable of inadvertently breaking any security system we come up with, let alone the non-well-meaning people.

    6. Re:The Dinosaurs WILL escape by SkipFrehly · · Score: 1

      Really though, the coffee cup already says "Caution: Hot!" Does that need to be supplemented by "Hot things can burn you, and burns hurt."

      When I was a kid, all it took was my mom to say 'Santa's watching..." That would freeze me in my tracks even in June.

      --
      So long, thanks for all the fish.
  16. Tech solution to a social problem by Thaelon · · Score: 1

    This is why there's no such thing as a technical solution to a social problem.

    Here's another example: My company instituted a policy where recipient names would not auto complete on the To/CC fields - enforced through the domain security policy - to prevent people from sending stuff meant for one client to another.

    Less than 48 hours later someone sent a sensitive email to the wrong client anyway.

    --

    Question everything

  17. sucks to be the person who sent the email by MITpianoman · · Score: 1

    "taking steps to ensure it doesn't happen again" = someone is getting fired

  18. I don't know which is worse by petes_PoV · · Score: 1

    They were using their own products and they failed. Or if they weren't using their own products - why not?

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
  19. RTFA!!! by DoofusOfDeath · · Score: 4, Funny

    I actually READ TFA.

    Turns out the summary was pretty accurate.

    Just thought I'd mention that.

    1. Re:RTFA!!! by Anonymous Coward · · Score: 0

      broken clock... right twice a day... yada yada yada.... ;P

    2. Re:RTFA!!! by rodeoclownii · · Score: 1

      It is completely accurate. We had two guys at work go to the conference, and both of them got sent an email with a excel spreadsheet listing all the details of all the attendees of the conference. Whoops indeed.

  20. This isn't a leak, it's a feature! by Anonymous Coward · · Score: 0

    Many conferences routinely give/sell information about conference participants to sponsors & exhibitors.

    I was recently at a trade show, and the ID badges had a bar code on the back so that booth exhibitors could easily get your contact info instead of using business cards.

    Well, a week later, I started to get follow up emails from exhibitors I was interested in that had scanned my badge. This was expected.

    BUT, I also received lots of email from vendors I wasn't interested in, didn't visit their booths, and they didn't scan my badge.

    Fortunately, I created a new email alias when I signed up for the conference, so it's easy to identify these spammers.

    Yes, they are spammers. I didn't sign up to be contacted, I never talked to you, and we have no business relationship. Maybe I should find a bottom-feeding lawyer on contingency... can I sue under the CAN-SPAM act?

    1. Re:This isn't a leak, it's a feature! by jank1887 · · Score: 2, Informative

      Every professional conference I've been do has provided an attendees list as part of the welcome kit (including the program, CD with papers/presentations, etc.). I get crap from vendors every once in a while. But not too much. Was this McAffee leaked information more than just contact info?

    2. Re:This isn't a leak, it's a feature! by Anonymous Coward · · Score: 0

      Name, work title, contact phone numbers (including mobile), email address, which sessions they were attending, whether they turned up or whether they were a no-show, dietary requirements.

      Nothing that in itself is risky, but enough to make my life a misery when my details (which are on that list btw) get into the hands of a marketer. Not only that, but in the hands of a hacker they now have a pretty good who's who of security in Australia.

      I just want to see what free stuff the attendees are going to get to pacify us.....

  21. Well I can see their stock price crashing ! by hesaigo999ca · · Score: 1

    3....2.....1.....
    Ok who wants to buy my McAffee stock options for 1/10th of their worth, anybody,....anybody....???

    1. Re:Well I can see their stock price crashing ! by Phoenixlol · · Score: 0

      Um, I do. Have you seen how they've been doing lately (save today)?

  22. Funny? Maybe not ... by artgeeq · · Score: 2, Interesting

    Does anyone remember the time McAfee distributed a signature file that caused its software to delete executable binaries from computers? This caused me and many other persons much grief. A few months afterward, a vendor asked me what McAfee could do to make up for such a thing. My response was that that they couldn't, that they should just go out of business.

  23. Re:Oh I get it! by mcgrew · · Score: 0, Offtopic

    No, it's what your mommie uses to make your shirties flat.

    --
    Free Martian Whores!
  24. The wrong bunch of people... by leprkhn · · Score: 1

    to send that particular information to... Or about, for that matter. The thought makes me smile. Not only did they send a bunch of personal information out via e-mail, but they sent it to a bunch of hackers. Not only did they send a bunch of personal information to a bunch of hackers via email, but it was the personal information of those very hackers.

  25. Let's dance the PEBKAC again by FreakUnique · · Score: 1

    Once again PEBKAC and the Human Element proves to be the bane of the person trying to make computer data secure. I face this every day and to this day I still wonder how the hell my parents don't get more infections then they currently do. Wait that would be me making sure their antispyware and antivirus is up to date every time their backs are turned.

    It does help that I drummed in safe surfing practices into their heads.

    --
    There have been many times when dealing with people that I wished I could kiss my own butt goodbye
  26. Customer passwords stored unencrypted by linear+a · · Score: 1

    I just went to my McAfee account and used the forgot password link. Either my password was stored unencrypted or it is one of those rare words that hashes to itself.

  27. The ironic thing is... by Anonymous Coward · · Score: 0

    ... calling McAfee a security company.

    What they seem to sell is a placebo to make Windows users feel they are secure. Yeah, their software may find infected files on your system but that's after they're already there. Who knows whether someone's accessed them and installed god-only-knows what sort of [spy|bot]ware on the system. What they sell are snakeoil^Wcures not preventions.

  28. Isn't this the 2nd time for McAfee? by Xingzoa · · Score: 2, Interesting

    Didn't this happen last year as well??

  29. How are they still around? by dave562 · · Score: 1

    When will McAfee just shrivel up and die? Their software sucks and it seems like this is at least the second or third seriously high profile mistake on their part. Does anyone really buy McAfee security products, or do they simply scrape by with the revenue from renewals on OEM pre-installs? I don't know a single IT person who looks at McAfee software when considering corporate security products.

    1. Re:How are they still around? by Anonymous Coward · · Score: 0

      McAfee corporate antivirus is actually used by several hospitals and other large organizations I have consulted with, either as part of their SonicWall deployment, or as a hosted service. The Health Service I am currently consulting for uses it on thousands of devices across the state.

      I personally despise the consumer software they have, but apparently they have done at least a marginally good job of promoting their corp antivirus product, and frankly it does a pretty good job of not being a friggin resource hog, unlike it's "evil" consumer step-brother, the security suite.

      Moral: just because you don't see the tiger in the tall grass, doesn't mean he's not going to jump out and eat you. OR: just because your IT cronies hate McAfee doesn't mean all IT folks hate it.

  30. Cruel Irony? Hardly. by PingXao · · Score: 1

    I'd call it a Darwinian development. Anyone putting their security in McAfee pretty much deserves what they get.

  31. Re:I just had to... by plastbox · · Score: 1

    Wohoo! Not only my first first-post but my first Offtopic post as well! (or at least, the first one to get modded as such)