Interesting People mailing list archives
Re Failure to patch two-month-old bug led to massive Equifax breach
From: "Dave Farber" <farber () gmail com>
Date: Thu, 14 Sep 2017 13:39:18 -0400
Begin forwarded message:
From: Doug Humphrey <doug () joss com> Date: September 14, 2017 at 12:40:40 PM EDT To: dave () farber net Cc: ip <ip () listbox com> Subject: Re: [IP] Failure to patch two-month-old bug led to massive Equifax breach Until a massive lawsuit establishes responsibility for failures like this, none of it will really be taken seriously. Airline crashes leave bodies, deaths, obvious harms. Data breaches like this seem invisible, but at scale, they are just as damaging, if not more so. Perhaps this will have the scale and deep pockets to make it happen. Maybe. DougOn Sep 14, 2017, at 9:17 AM, DAVID FARBER <dfarber () me com> wrote: Begin forwarded message:From: Lauren Weinstein <lauren () vortex com> Date: September 13, 2017 at 11:31:01 PM EDT To: nnsquad () nnsquad org Subject: [ NNSquad ] Failure to patch two-month-old bug led to massive Equifax breach Failure to patch two-month-old bug led to massive Equifax breach https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug/ Thursday's disclosure strongly suggests that Equifax failed to update its Web applications, despite demonstrable proof the bug gave real-world attackers an easy way to take control of sensitive sites. An Equifax representative didn't immediately respond to an e-mail seeking comment on this possibility. As Ars warned in March, patching the security hole was labor intensive and difficult, in part because it involved downloading an updated version of Struts and then using it to rebuild all apps that used older, buggy Struts versions. Some websites may depend on dozens or even hundreds of such apps, which may be scattered across dozens of servers on multiple continents.Archives | Modify Your Subscription | Unsubscribe Now
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580 Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170914133927:A5629954-9973-11E7-8EE4-A261E7CBEF12 Powered by Listbox: http://www.listbox.com
Current thread:
- Re Failure to patch two-month-old bug led to massive Equifax breach Dave Farber (Sep 14)