[Pwg-Announce] IEEE username/password breach

[Pwg-Announce] IEEE username/password breach

[Pwg-Announce] IEEE username/password breach

Brian Smithson bsmithson at ricohsv.com
Tue Sep 25 19:21:55 UTC 2012


Sorry about the off-PWG-topic, but...

IEEE did two stupid things: (1) put usernames and plaintext passwords in a
web server log file, and (2) left the log unprotected for a month or so.
About 100,000 unique username/password pairs were exposed. I don't think
IEEE has notified affected users yet. You might want to think about changing
your ieee.org password. Details: http://ieeelog.com.

-- 
Regards,
Brian Smithson
PMP, CSM, CISSP, CISA, ISO 27000 PA
Senior Security Architect
Global Solutions Engineering
Business Development Center
Ricoh Americas Corporation
bsmithson at ricohsv.com
(408)346-4435


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the pwg-announce mailing list