They are tests, you get a congratulations on your report (it was a test and you passed) atta boy message if you read it carefully enough
1 Like
We had a test at work and I took the exam. A little later I get an email with a link to click for my certificate. It was a random link to a PDF file in AWS storage.
I didn’t click it. I like to think I passed the final!
2 Likes
I once watched movie Yes Man with Jim Carrey and got phished afterwards… tried to say yes to every opportunity.
2 Likes
Like in the movie The Great Escape, when they’re practicing speaking German, and the guy testing them says , “Your German is quite good.” - In English. The prisoner being tested replies, “Thank you” (also in English). He fails.
2 Likes
From https://infotechlead.com/security/epicor-faces-cyber-attack-on-a-portion-of-its-network-64266
“We launched an investigation in partnership with an industry-leading cybersecurity firm, and while the investigation remains ongoing, we have learned that there was unauthorized and unlawful access to a portion of our network,” Epicor CEO Steve Murphy said.
Epicor said it is working diligently to gather accurate information about the cyber attack. Epicor said its business operations have not been impacted. There are no impact on its cloud solutions and “data we host for customers.“We launched an investigation in partnership with an industry-leading cybersecurity firm, and while the investigation remains ongoing, we have learned that there was unauthorized and unlawful access to a portion of our network,” Epicor CEO Steve Murphy said.
Epicor said it is working diligently to gather accurate information about the cyber attack. Epicor said its business operations have not been impacted. There are no impact on its cloud solutions and “data we host for customers.”
My EpicWeb account was just reset and migrated - yet the old login still works and goes to a test account… Only half of our users were renamed… Anyone else?
Not seeing that here…
I was able to login to epicweb without any issues, nor asked to update any profile info
3 Likes
After reading the notice that was my thought… an email was sent to satisfy legal new legal requirements, regardless the seriousness of this breach.
Thinking we can thank Equifax - the poster boy for breaches, and breeches.
2 Likes
My Epicweb account is unchanged.
Epicor would be smart to secure the patches.epicor.com site that you get redirected to for downloads from epicweb.com. The entire patches site is on port 80 with no cert. As soon as you click download it asks for your credentials again and they get passed in clear text across the wire. We have it noted in our internal risk assessments.
3 Likes
EpicWeb isn’t great… It’s extremely slow and not secured very well. Would love to see Epicor come out with a better solution.
1 Like
They need a security review in a lot of areas. I uploaded a db to FTP recently and their FTP server doesn’t support TLS. Having to send that kind of data over a non secure connection (21) is not acceptable in this day and age.
3 Likes
Agreed. Their support agents also do really questionable things security wise sometimes. I many times have to push back and say we are not doing that. They need better internal security practices too.
1 Like
Yeah I remember doing this too. Now they have their database packer tool which I have seen used for upgrades and migrations. I wonder if they started using that for support cases too.
Not as of a couple weeks ago when I sent them a copy of our dB. Still had to ZIP and upload via the unsecure FTP.
Compressing is smart of course but why FTP when one can upload it to DropBox or similar service and share a link that requires a login? Why support an FTP server that only limits your bandwidth and puts you on the security hook? 
EpicWeb is classic SharePoint. It is due for an update with Modern controls…
1 Like
I tried to share it via our OneDrive but support wouldn’t accept it. They insisted on their FTP. They use Office 365. No idea why they don’t use OneDrive for a modern SharePoint site.
1 Like
I’d love to know the reasoning behind that… It would be easy to create an upload link right in EpicCare that would dump the file securely into Azure Blob Storage (4.7TB limit), encrypted in transit and at rest, and link it to the case.
3 Likes