back to article Data breach at biz that manages Cisco, F5 certs plus many others

Technology certification management provider Pearson VUE has copped to a computer security breach after malware compromised its Credential Manager System. The Pearson Credential Manager (PCM) system supports a number of companies' certification tracking programmes, including network hardware outfits Cisco and F5. Pearson VUE …

  1. Anonymous Coward
    Anonymous Coward

    presumably the same system for VCP/VCAP exams?

    joy I'm going to start storing my data under my mattress instead

    1. Anonymous Coward
      Anonymous Coward

      "your" data? hahaha

  2. Pascal Monett Silver badge

    "other customers need not worry"

    So first you take the site down "for maintenance", then a few days later you admit that there was a breach, and now you want me to trust your word that I am not at risk ?

    I would have been inclined to trust you if you been straightforward about admitting the issue instead of trying to hide it before being forced to come clean. Such shenanigans inspire the reverse of trust because you have demonstrated that you're willing to lie if you think you can cover up the issue.

    So I will be checking my details and so on and, if I have the slightest suspicion of foul play at work, I guarantee you are going to hear from me.

  3. Tony S
    Pint

    Don't Panic!

    "Pearson VUE has stated there was "no indication that any other systems [than the PCM system] have been affected" and suggested other customers need not worry."

    Almost every time someone says that (or similar) it makes me think that I probably should be worried. It may be cynical, but whenever this happens, it's usually worse than they will admit.

    On a side note, I see that I've finally achieved the bronze badge; only taken about 5 years. Beer and pizza tonight!

    1. Preston Munchensonton
      Pint

      Re: Don't Panic!

      Great, kid. Don't get cocky.

      -- Han Solo

      That's all.

  4. Robert Helpmann??
    Childcatcher

    The other shoe

    First the OPM data breach and now Pearson... it's almost as though the targets' data might be cross-referenced. I wouldn't be surprised if CompTIA and the (ISC)² have their doors knocked down next.

    1. Chris King

      Re: The other shoe

      (ISC)² just posted this up on their home page. Doesn't sound like they're going back to pencils and OMR sheets just yet...

      (ISC)² Exam Candidates Not Affected by Pearson VUE Incident

      Through our standard incident process, Pearson VUE notified (ISC)² about unauthorized access to its Credential Manager System. This system is not used by candidates taking (ISC)² exams, nor is there any indication that systems related to (ISC)² exams have been affected. (ISC)² will continue to monitor this incident.

  5. Anonymous Coward
    Anonymous Coward

    So how long has this been going on

    So the certifying authority doesnt know how to secure their network even though they are happy to issue certificates for "experts".

    To be honest each I took one of their tests I noticed some new way to cheat whilst I waited for colleagues. I didnt need to cheat but it made it clear that the certifcation wasnt really worth the paper it was printed upon simply because others are not so honest.

    People are concerned about their private data being stolen but what about your whole job being devalued or outsourced because it is no longer seen as a mark of excellence and suddenly the offshore companies have loads of "experts".

    Anyone working in IT has met people who they wondered how they possibly passed these tests when they clearly know nothing, well now you know.

    No real paper trail means no way to spot the genuine article from those that got the certification without knowing the subject.

  6. Art Jannicelli
    Unhappy

    Monopoly

    Observe the free market in all it's Monopolistic grandeur!

    According to a manager at VMworld who handles their certification program, prometric is getting out of the IT cert business... So Vue has told VMware go funk itself it will Procter the exams it wants too.

    What does this mean? Well other than VCP the more advanced VMware exams were mostly lab driven. This manager told me Vue has informed them they most roll back lab questions because their testing computers are not capable of running labs; ergo the 85 question in 85 minutes VCP 6 exam. VMware's future plan had been to switch to a mostly lab based model for all certs.

    I agree certs are a crock of shite and demonstrate only the most basic understanding of a technology, especially the low level ones. But I was optimistic with the VCAP exams that at least one vendor was turning the corner toward meaningful certs. Thanks to the VUE monopoly we are doomed more of the same... marketing tests indefinitely.

    This breach is also indicative of a company that knows they have a monopoly why worry about a breach? Not like they have any other choice consumers or vendors.

    Lastly, I had an issue earlier this year with my VMwareID was not matching up with vue ID. So I called Vue support, the Indian gentlemen told me over and over 'The problem is your VMware ID should be the same as your VUE ID.' I replied 'Yes that is why I called, please fix this' his reply 'Sir your ID's should match' my reply, 'Please fix it' 'Sir your ID's should match' this went on for 5 minutes. I asked so speak to a supervisor he said he could not.

    So I tried their chat support... They told me to call support.

    I had to executive email bomb via linked in their international support and the Head of VMware training & certs. VMware was able to track the problem and get VUE to fix it. Evidently when VMware integrated with VUE for VCP6; VUE used the same cell on their DB for CISCO and VMware ID's they assumed no one would have both *FACEPALM* so it took time for VUE to realize this and then make a new column... in the mean time if you had an existing ID for both there was a good chance it was messed up in the process and VUE left it up to the consumer to contact them to TRY to get it fixed.

    VUE is a terrible company with a terrible product. But hey we have no other choice.

    1. Anonymous Coward
      Anonymous Coward

      Re: Monopoly

      The VCAP/VCIX courses are lab based (and quite good) and Pearson Vue have varied levels of success delivering them. "Varied" being a range from "abysmal failure to deliver" to "slower than my real environment, but works ok". If you have an issue with a lab-based exam, make sure to contact VMware education services for escalation.

      Anon for obv reasons.

  7. Dadmin
    Megaphone

    Congrats on your Certification! A grand waste of time and money

    A certification is a piece of paper, nothing more. Real knowledge comes from actually deploying the technology and working on it first hand in a big boy data center. You start in desktop or networking as a wireboy flunky, then move your ass up into servers and advanced tech, or programming, etc. Real knowledge that makes you actually valuable. Not a bit of tat cert from some bygone "authority" more interested in your $2500US and checking some boxes on your quiz. Any company that requires you to be certified is a place you do not want to work at, if you love technology and your sanity. It's a red flag that no one there has any idea what you are supposed to know, and they have no idea how to qualify applicants for their own IT position.

    Getting proper senior level knowledge does not come from a book, unless that book is also part of your day to day experience working in a real data center, on real machines, or producing a similar environment in your own home lab. Having a cert with no real world experience means nothing, and having real world experience alone is enough to get to the senior levels. Fact.

    It's like the assholes I meet in tech who run to google search every single solution they need, rather than craft it themselves using only man pages, the first party docs, and the software/hardware itself. If you can't get it running with those three things, no fucking piece of paper is going to save you. Ever. Give up your IT dream and get a hotdog cart or something else more your aptitude.

    1. Jason 24

      Re: Congrats on your Certification! A grand waste of time and money

      "more interested in your $2500US "

      To be honest I think that £/$2500 is pretty much on the spot between "too much for any muppet to learn the answers and pass" and "What I'm spending won't be offset by increased salary".

      Unlike MS where you can just brain dump from exam collection and pay £99 to become an "expert".

      "It's like the assholes I meet in tech who run to google search every single solution they need, rather than craft it themselves using only man pages, the first party docs, and the software/hardware itself."

      Have you tried the user manuals on most software released as a service? You'll get a perfect guide, screenshot by screenshot, of how to do something, but no context as to why you would need to do it, or how it will affect other areas of the product. The proxy I run at work is a perfect exactly, "here's how to set up a facebook policy, click this click that, click finish". Ok, but what does that mean exactly? What effect will that have on the traffic?

      And as much as I'd love to be given the time to try every setting and see how it responds it's not very often I have that much time, usually it needs implementing yesterday. So a decent book (such as the "mastering" series) is an absolute god send, those peoples jobs is to sit there and play with all those lovely settings I can only dream about.

      On the other hand a home lab alone simply isn't enough. There's no way I can dream up some of the random shit management decide they need (which they never actually do), so planning out actual projects with business requirements is impossible.

  8. Anonymous Coward
    Anonymous Coward

    Apple/Pearson

    Apple/Pearson exams were down last week

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like