Organisers of the UK's cyber security challenge committed an embarrassing email blunder by inadvertently revealing the email addresses of everyone who entered a forensics challenge to each other. A single challenge registration confirmation email was CCed to everyone who entered, handing over a complete email list in the process …
About 2 years ago when switching email address I sent a notification to all my press contacts (including el reg) and did exactly the same thing - which is more than a little embarrassing for a privacy advocate.
Of course, now I am very careful to use BCC, but it is a common problem (I receive a lot of emails with other parties cc'd instead of bcc'd).
I looked at that site when it was launched, and concluded that it was run by a bunch of f*cking amateurs. The long delay in getting anything running (and an extended period when the site was misconfigured) did not change my opinion. Thankfully I didn't sign up, as this latest cock-up shows how sloppy the whole thing is.
This level of incompetence
This level of incompetence puts them at want to be class which is below amateur.
It didn't include EVERYONE....
I registered and got a response last month, Neither the confirmation or the notification emails had other addresses on and, correspondingly, i didn't get the affected email. I can only presume it was one batch of emails that was affected and not the entire population of the competition. Still, nice to know that so-called experts are not as clever as we think they are.
'Bout time emailers did a sanity check if you try to send to hundreds and hundreds.
At least make it an option so you're prompted "Are you sure?"
I once received one with 88K of addresses. It was the company's entire list of customers, and included some addresses that had previously been kept very quiet.
It dint include everyone!
I've registered for it too and dint really get any emails with any such details. However, just to quote that these guys have been extremely helpful and very professional in all the emails.I wish them the very best!
trivial my ASS
Gross incompetence is never trivial.
This kind of fuck up says a lot about the organization.
People make mistakes...
which is why there is a security industry. If everything was always perfect there wouldn't be a need for security professionals. Even supposedly professional security people sometimes make mistakes or implement systems that allow this kind of thing to happen.
Maybe the really interesting nugget of information is the relatively small number of recipients of the email. Only 150 or so people correctly completed the cipher challenge out of a few thousand entrants (IIRC), this email run was sent to only 370 individuals. Maybe the number of people working or interested in the security domain in the UK is smaller than I imagined.
I agree with Anonamous - I looked at the site when it started and it took them quite a while to get the challenges up and running.
Unfortunatly I was on the receiving end of this email and find it hard to believe an organisiation based around cyber security can fu*k up like this! I guess it must have been an administration issue where some unfortunate staff member probably with no knowledge of cyber security had been given the task to send this out.
I suppose on the up side, I now have a list of 369 email address of potential IT professionals that I can now contact to help configure my firewall </Sarcasm>
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- Pic Mars rover 2020: Oxygen generation and 6 more amazing experiments
- Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
- Plug and PREY: Hackers reprogram USB drives to silently infect PCs
- Boffins spot weirder quantum capers as neutrons take the high road, spin takes the low