Slashdot Mirror
Pearson Credential Manager System Used By Cisco, IBM, F5 Has Been Breached
An anonymous reader writes with a report from Help Net Security that the credential management system used by Pearson VUE (part of education company and publisher Pearson) has been breached "by an unauthorized third party with the help of malware." Pearson VUE specializes in computer-based assessment testing for regulatory and certification boards. From the story:
Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs. The company is still assessing the scope of the breach, and says that they do not think that US Social Security numbers or full payment card information were compromised. But because the PMC is custom designed to fit specific customer requirements, they are still looking into how this incident affected each of their customers.
According to a note on Pearson's site, the system remains down for the time being.
NOVEMBER 23--The owner of a California mansion alleges that she was duped into renting out the property via Airbnb to a firm that produces hardcore gay porno films and left the 1920s property awash in enema kits, various "sexual devices," and assorted bodily fluids, according to a lawsuit.
Kristina Knapic, owner of the Acacia Mansion in Ojai, a city 80 miles northwest of Los Angeles, charges that she agreed to lease the property for five days in mid-August to a woman who claimed that she and a âoegroup of friendsâ would stay at the $1095-a-night home âoefor a quick summer vacation.â
In a November 19 Superior Court complaint, Knapic, 46, alleges that âoeAnna,â the purported renter, was actually Andrei Treivas, the gay porn actor/director/producer known professionally as Michael Lucas (seen above).
Knapic charges that she gave the keys to the property to Treivas, who posed as âoeAnnaâ(TM)s brother-in-law.â Knapic said she was told that âoeAnnaâ was still en route to the Ojai mansion.
According to Knapicâ(TM)s lawsuit--which includes claims for fraud, negligence, trespass, and breach of contract--she returned to the property on August 16 and âoeimmediately noticed that [it] was filthy.â
Knapic claims that âoeenema kits were found throughout the house--on the floors, in the beds, in nightstand drawer and in the trash.â Additionally, âoevarious sexual devices were found in the beds and in the trash,â linens were stained brown, and the âoehot tub water was brownish in color.â
The complaint alleges that âoeurine, semen, and fecal matterâ were found on âoelinens, carpets, upholstery, walls, ceilings, and in the hot tub.â Knapic, the lawsuit states, is concerned that âoepornographic images and films made at the Property will damageâ its âoereputation and image.â
As Knapic inspected the mansion, she found a business card for Lucas Entertainment, the New York-based porn outfit owned by the 43-year-old Treivas. Some online research by Knapic revealed that not only was Treivas the man she handed her keys over to, but that his social media pages reported he was âoeon locationâ filming pornos at the Acacia Mansion.
Knapic alleges that she attempted to clean the property, but quickly became concerned that the mansion may have been seriously damaged. âoeMany of the films Lucas Entertainment produces depicts men urinating on each other and giving each other enemas,â the lawsuit states. âoeThese activities were not being conducted in a bathroom, but rather on beds, floors, and furniture.â
When Knapic resorted to the use of a black light while inspecting the home, she discovered âoethe presence of bodily fluids throughoutâ the property, according to the complaint, which notes that Knapic has âoereplaced soiled linens, drained and bleached the hot tub, bleached and painted all walls, steam cleaned the upholstery and shampooed the carpeting.â The complaint contends that Knapic âoecontinues to clean and sterilize the Property.â
In addition to unspecified monetary damages, Knapicâ(TM)s lawsuit is seeking a court order enjoining Treivas and Lucas Entertainment from distributing the âoevile pornographic moviesâ shot at the Acacia Mansion. (5 pages)
Got the email last night stemming from my old Veritas certs.
Solving Unix problems since 1989...
I know I got emails from them with information about my certification exams. Haven't seen any email relating to this breach yet.
Prices plummet worldwide on wallpaper as the credentialism plague spreads.
for their textbook prices.
Not sure on the PearsonVUE side, but the regular Pearson Learning - for access to their publisher created resources/course content - stores passwords as clear text.
I've reported it as a BIG issue to our local sales rep and the regional boss rep, but I don't think anything has been done about it.
Don't blame me, I voted for Kodos
As a government I.T. worker with a security clearance, my background investigative file got stolen by the Chinese earlier. Now my certification records are stolen. What's next?
You are all cows. Cows say moo. MOOOO! MOOOO! Moo cows MOOOO! Moo say the cows. YOU CREDENTIAL COWS!!
Think I went through these gius to get the CompTIA Security+ certification.
As a government I.T. worker with a security clearance, my background investigative file got stolen by the Chinese earlier. Now my certification records are stolen. What's next?
Your girlfriend. Oops! Nevermind.
Why would so many companies(some with actual software development experience; and others dangerously willing to try, like Adobe) put up with Pearson software?
I realize that testing isn't a core competency and whatnot; but Pearson provides software; as written by people who shouldn't be allowed to write textbooks; but who are dangerously good at writing contracts. It couldn't possibly be worse if Adobe took a stab at writing a testing module based on some hideous combination of shockwave Xtras and Coldfusion. Hell, extending Lotus Notes to test people for specific credentials, as well as test their sanity, would produce a better result. Why? Why Pearson?
The outcome is what, exactly, more paper MCSEs and H1Bs running around claiming that they're qualified?
When you can get 100 copies of an exam on the Internet, certifications mean nothing.
Some time around 1996 I was trying to get MCSD and they failed me by no more than 3 points 8 times on the last test. I had bought nearly every book on the subject. I have lost faith in these tests. There was even a question asking me if i'd suggest using Microsoft products or not to a client.
I think they just didn't want to give me the certification. I even asked to challenge it, and I was told I could only challenge a question.
wow... 500 affected customers... such news ... truly slashdot worthy
Its Pearson what else can you say.
They are one of the worst companies, enough said.
What operating system did this malware run on?
First thought, Now every kid can hack their semester grades. Second thought, the real problem is Pearson can no longer sell access to student's academic history.