« prev   random   next »


Fall guy-Former Equifax CEO blames breach on one iT guy.

By lostand confused following x   2017 Oct 4, 6:30am 951 views   2 comments   watch   nsfw   quote     share    


The Equifax data breach that leaked information on the now-145 million people was caused by a vulnerability in Apache's Struts system. Trouble is, the software provider supplied a patch back in March that should have eliminated that vulnerability. But Equifax's former CEO (who suddenly retired last week) told the House Energy and Commerce Committee that a single IT technician was at fault for the whole thing after they failed to install the patch.
1   zzyzzx   ignore (1)   2017 Oct 4, 6:50am   ↑ like (1)   ↓ dislike (0)   quote   flag        

Probably a H1B.
2   Tenpoundbass   ignore (15)   2017 Oct 4, 7:02am   ↑ like (1)   ↓ dislike (0)   quote   flag        

Why would a huge company like that not have their own Super computer? Why would they be using Apache and open source for something so important?

Also why wasn't the data not canonicalized and obfuscated? I bet the database table names has table names like "Creditor" "Debtor" with fields like "FirstName" and "SocialSecurityNumber" The data should have been stored in an unsuable state, and the only way it makes any sense, is by running through proprietary EF algorithms upon retrieval, one Credit report at a time. No bulk dump data. There's no reason for them to even partake in List Name exchanges. That should be made illegal straight away.

about   best comments   contact   one year ago   suggestions