Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re Failure to patch two-month-old bug led to massive Equifax breach

From: "Dave Farber" <farber () gmail com>
Date: Thu, 14 Sep 2017 13:39:18 -0400



Begin forwarded message:


From: Doug Humphrey <doug () joss com>
Date: September 14, 2017 at 12:40:40 PM EDT
To: dave () farber net
Cc: ip <ip () listbox com>
Subject: Re: [IP] Failure to patch two-month-old bug led to massive Equifax breach

Until a massive lawsuit establishes responsibility for failures like this, none of it will really be taken seriously. 

Airline crashes leave bodies, deaths, obvious harms.  Data breaches like this seem invisible, but at scale, they are 
just as damaging, if not more so. 

Perhaps this will have the scale and deep pockets to make it happen. Maybe.

Doug 


On Sep 14, 2017, at 9:17 AM, DAVID FARBER <dfarber () me com> wrote:




Begin forwarded message:


From: Lauren Weinstein <lauren () vortex com>
Date: September 13, 2017 at 11:31:01 PM EDT
To: nnsquad () nnsquad org
Subject: [ NNSquad ] Failure to patch two-month-old bug led to massive Equifax breach


Failure to patch two-month-old bug led to massive Equifax breach

https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug/

     Thursday's disclosure strongly suggests that Equifax failed to
   update its Web applications, despite demonstrable proof the
   bug gave real-world attackers an easy way to take control of
   sensitive sites.  An Equifax representative didn't immediately
   respond to an e-mail seeking comment on this possibility. As
   Ars warned in March, patching the security hole was labor
   intensive and difficult, in part because it involved
   downloading an updated version of Struts and then using it to
   rebuild all apps that used older, buggy Struts versions. Some
   websites may depend on dozens or even hundreds of such apps,
   which may be scattered across dozens of servers on multiple
   continents.




Archives  | Modify  Your Subscription | Unsubscribe Now       




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170914133927:A5629954-9973-11E7-8EE4-A261E7CBEF12
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: