Pearson Credential Manager System Used By Cisco, IBM, F5 Has Been Breached

An anonymous reader writes with a report from Help Net Security that the credential management system used by Pearson VUE (part of education company and publisher Pearson) has been breached "by an unauthorized third party with the help of malware." Pearson VUE specializes in computer-based assessment testing for regulatory and certification boards. From the story: Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs. The company is still assessing the scope of the breach, and says that they do not think that US Social Security numbers or full payment card information were compromised. But because the PMC is custom designed to fit specific customer requirements, they are still looking into how this incident affected each of their customers. According to a note on Pearson's site, the system remains down for the time being.

Symantec too

[DougOtto]

Got the email last night stemming from my old Veritas certs.

Worldwide Wallpaper Prices

[Bing+Tsher+E]

Prices plummet worldwide on wallpaper as the credentialism plague spreads.

Re:Worldwide Wallpaper Prices

[cleara]

Maybe certificate wallpaper, but fabric wallpaper? No way! I saw some silk wall covering that was north of $150.00 per square yard :)

Re:Microsoft uses Pearson VUE

[DougOtto]

Not every vendor who tests through PeasonVUE uses their credential system. GIAC, for example, does not.

pearson & cleartext passwords

[i.r.id10t]

Not sure on the PearsonVUE side, but the regular Pearson Learning - for access to their publisher created resources/course content - stores passwords as clear text.

I've reported it as a BIG issue to our local sales rep and the regional boss rep, but I don't think anything has been done about it.

2015: The Year of Bending Over

[__aaclcg7560]

As a government I.T. worker with a security clearance, my background investigative file got stolen by the Chinese earlier. Now my certification records are stolen. What's next?

Re:2015: The Year of Bending Over

Being that you are in the security field you should know by now that security is just an illusion.

Re:2015: The Year of Bending Over

[__aaclcg7560]

Having a security clearance doesn't mean being in the security field.

Good God; Why?

[fuzzyfuzzyfungus]

Why would so many companies(some with actual software development experience; and others dangerously willing to try, like Adobe) put up with Pearson software?

I realize that testing isn't a core competency and whatnot; but Pearson provides software; as written by people who shouldn't be allowed to write textbooks; but who are dangerously good at writing contracts. It couldn't possibly be worse if Adobe took a stab at writing a testing module based on some hideous combination of shockwave Xtras and Coldfusion. Hell, extending Lotus Notes to test people for specific credentials, as well as test their sanity, would produce a better result. Why? Why Pearson?

Re:Good God; Why?

[TWX]

Why would so many companies(some with actual software development experience; and others dangerously willing to try, like Adobe) put up with Pearson software?

Probably because PearsonVue has a vast distribution network in that they've associated themselves with thousands of local testing centers. It means that the burden, from a facility point of view, is low on those seeking the certs.

Now, I can tell you first-hand that the exams themselves are shit. They look like they were written in Hypercard on an 800x600 screen that's poorly mapped and essentially not-anti-aliased across the fairly modern 16:9 displays in the testing centers, and it's impossible to put all of the content on-screen that's necessary, so it's a lot harder to keep everything straight.

I'm not asking for multiple 4K displays to have the simlet, the diagram, and the questions on, I'm asking for a display that looks as decent as my eight year old Gateway laptop. Having something that looks more at home in Windows 3.1 is pathetic.

These Tests were Unfair a long time ago

[c0d3r]

Some time around 1996 I was trying to get MCSD and they failed me by no more than 3 points 8 times on the last test. I had bought nearly every book on the subject. I have lost faith in these tests. There was even a question asking me if i'd suggest using Microsoft products or not to a client.

I think they just didn't want to give me the certification. I even asked to challenge it, and I was told I could only challenge a question.

PMC has been compromised with the help of malware

[nickweller]

What operating system did this malware run on?