Interesting People mailing list archives
Failure to patch two-month-old bug led to massive Equifax breach
From: "DAVID FARBER" <dfarber () me com>
Date: Thu, 14 Sep 2017 09:17:49 -0400
Begin forwarded message:
From: Lauren Weinstein <lauren () vortex com> Date: September 13, 2017 at 11:31:01 PM EDT To: nnsquad () nnsquad org Subject: [ NNSquad ] Failure to patch two-month-old bug led to massive Equifax breach Failure to patch two-month-old bug led to massive Equifax breach https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug/ Thursday's disclosure strongly suggests that Equifax failed to update its Web applications, despite demonstrable proof the bug gave real-world attackers an easy way to take control of sensitive sites. An Equifax representative didn't immediately respond to an e-mail seeking comment on this possibility. As Ars warned in March, patching the security hole was labor intensive and difficult, in part because it involved downloading an updated version of Struts and then using it to rebuild all apps that used older, buggy Struts versions. Some websites may depend on dozens or even hundreds of such apps, which may be scattered across dozens of servers on multiple continents.
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580 Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170914091759:1EFAB03C-994F-11E7-B804-84728706B080 Powered by Listbox: http://www.listbox.com
Current thread:
- Failure to patch two-month-old bug led to massive Equifax breach DAVID FARBER (Sep 14)