{"id":9044,"date":"2017-08-31T14:30:26","date_gmt":"2017-08-31T22:30:26","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/08\/31\/news-2817\/"},"modified":"2017-08-31T14:30:26","modified_gmt":"2017-08-31T22:30:26","slug":"news-2817","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/08\/31\/news-2817\/","title":{"rendered":"One big lesson from the Essential smartphone email fiasco"},"content":{"rendered":"

<\/p>\n

Credit to Author: John Brandon| Date: Thu, 31 Aug 2017 13:52:00 -0700<\/strong><\/p>\n

The term \u201cimproperly configured\u201d is a real plague on the IT landscape.<\/p>\n

It can refer to a firewall protecting an enterprise; it can create problems on a web server. For one newly minted smartphone company, it can also look pretty embarrassing.<\/p>\n

Essential phone recently sent out an email to customers<\/a> asking for proof of identity<\/a>. This request was a little odd in the first place–who does that anymore? The email basically asked customers to send a picture of a photo identification or passport by email. From a security standpoint, that\u2019s a bit like asking people to text your credit card number to a hacker.<\/p>\n

Where things really went south, though, is when those customers who responded to the email realized they had transmitted that security information to everyone else on the email chain.<\/p>\n

Essential later admitted the error and said it was due to a configuration problem on a ZenDesk support email. Oops. At first, it seemed like a hacker had dome some dirty work.<\/p>\n

Andy Rubin, the famed Android creator and founder of Essential, sent out an apology:<\/p>\n

“Being a founder in an intensely competitive business means you occasionally have to eat crow. It’s humiliating, it doesn’t taste good, and often, it’s a humbling experience. As Essential’s founder and CEO, I’m personally responsible for this error and will try my best to not repeat it.”<\/p>\n

Here\u2019s where things get interesting, though.<\/p>\n

The problem with the whole fiasco is that it should never have happened, even at a small company. For starters, who was testing the email process? From what I understand about how emails are often sent out to customers — especially an email newsletter — there\u2019s typically a test to make sure everything works and to get approvals from stakeholders. For example, you send out a test email to a few people first and make sure everything works, the formatting is correct, the sender looks legit, a reply works, and the links operate as expected. Accidents happen. That\u2019s why, for a newsletter, companies do a test run to see if there are any anomalies. It\u2019s not really acceptable to say the accident happened \u201clive\u201d with the real email.<\/p>\n

You could say–it takes time and effort. But that\u2019s not really an excuse if you plan ahead a little. If a mass email needs to go out on Friday, you can schedule a test for Thursday, fix the problems (in Zendesk, or MailChimp, or whatever tool you are using) and then proceed.<\/p>\n

More than anything, it makes me wonder how much the company tested the phone itself. Hopefully, if you bought one and need support, you won\u2019t find out it was a mistake.<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: John Brandon| Date: Thu, 31 Aug 2017 13:52:00 -0700<\/strong><\/p>\n

\n
\n

The term \u201cimproperly configured\u201d is a real plague on the IT landscape.<\/p>\n

It can refer to a firewall protecting an enterprise; it can create problems on a web server. For one newly minted smartphone company, it can also look pretty embarrassing.<\/p>\n

Essential phone recently sent out an email to customers<\/a> asking for proof of identity<\/a>. This request was a little odd in the first place–who does that anymore? The email basically asked customers to send a picture of a photo identification or passport by email. From a security standpoint, that\u2019s a bit like asking people to text your credit card number to a hacker.<\/p>\n

To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10554,714],"class_list":["post-9044","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-mobile","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9044","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=9044"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9044\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=9044"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=9044"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=9044"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}