Re: Equifax gets pwned... hard.

[Mahmud Rahman <mrahman () MILLS EDU>]

There's an article at arstechnica with a caution about the website set up
where you check and enroll. Not very reassuring.

What's more, the website www.equifaxsecurity2017.com/, which Equifax
created to notify people of the breach, is highly problematic for a variety
of reasons. It runs on a stock installation WordPress
<https://twitter.com/kennwhite/status/905988701670531072>, a content
management system that doesn't provide the enterprise-grade security
required for a site that asks people to provide their last name and all but
three digits of their Social Security number. The TLS certificate doesn't
perform proper revocation checks
<https://www.ssllabs.com/ssltest/analyze.html?d=equifaxsecurity2017.com&s=104.20.97.14>.
Worse still, the domain name isn't registered to Equifax
<https://whois.domaintools.com/equifaxsecurity2017.com>, and its format
looks like precisely the kind of thing a criminal operation might use to
steal people's details. It's no surprise that Cisco-owned Open DNS was blocking
access to the site and warning it was a suspected phishing threat
<https://twitter.com/SwiftOnSecurity/status/906005134529966080>.

Another indications of sloppiness: a username for administering the site
has been left in a page that was hosted here
<https://www.equifaxsecurity2017.com/wp-json/wp/v2/users/>. Here's what it
looked like before it was taken down at about 8:50 am California time:


https://arstechnica.com/information-technology/2017/09/why-the-equifax-breach-is-very-possibly-the-worst-leak-of-personal-info-ever/

Mahmud Rahman MFA '04
Director of Systems and Banner Services, ITS
Mills College, Oakland CA
(510)430-2257
mrahman () mills edu

On Fri, Sep 8, 2017 at 9:04 AM, Roy <roywatt () acm org> wrote:

> Hi Dan:
> Thanks for reminding and sending. One of the questions I am wondering is
> if we are putting our data "back in danger again" by providing this
> information? :)
>
>
> Regards,
> Roy
>
> On Fri, Sep 8, 2017 at 11:49 PM, Jones, Dan J <djjones () wpi edu> wrote:
>
> > This link will allow you to see if your data was included in the breach
> > and to sign up for monitoring.
> >
> > https://www.cnet.com/how-to/equifax-hack-find-out-if-you-wer
> > e-one-of-143-million-hacked/
> >
> >
> > Dan Jones
> > Worcester Polytechnic Institute
> >
> >
> > -----Original Message-----
> > From: The EDUCAUSE Security Constituent Group Listserv [mailto:
> > SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks
> > Sent: Thursday, September 07, 2017 9:12 PM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: [SECURITY] Equifax gets pwned... hard.
> >
> > Not *directly* a higher-ed issue, but it's big enough that the fallout is
> > going to be on *everybody*s radar.
> >
> > "Equifax, one of the three major consumer credit reporting agencies, said
> > on Thursday that hackers had gained access to company data that potentially
> > compromised sensitive information for 143 million American consumers,
> > including Social Security numbers and driver's license numbers.
> >
> > The attack on the company represents one of the largest risks to
> > personally sensitive information in recent years, and is the third major
> > cybersecurity threat for the agency since 2015."
> >
> > Be prepared for all sorts of identity theft attacks and very customized
> > phishes.....
> >
> > https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html
>
>
>
> --
> This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended only
> for the use of the Individual(s) named above. If you are not the intended
> recipient of this e-mail, or the employee or agent responsible for
> delivering this to the intended recipient, you are hereby notified that any
> dissemination or copying of this e-mail is strictly prohibited. If you
> have received the message in error, please advise the sender by reply
> e-mail and delete or destroy the message. Thank you.