LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 09-09-2017, 10:52 PM   #1
IFTTT
LQ Newbie
 
Registered: Aug 2017
Posts: 14

Rep: Reputation: Disabled
Equifax


I know this is old news but from what I read online this recent hack is the third time since 2015. What are these IT people doing over there?

Now we have to monitor our credit report for any suspicious activities in these next few months or more. What a bumper...
 
Old 09-09-2017, 11:38 PM   #2
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 12,857
Blog Entries: 18

Rep: Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337
In the Enterprise, aside from the computer enterprise, security is often an afterthought. "First to market," "sales," and "gross receipts" take precedence over security.

I found this particularly irritating: http://www.npr.org/sections/thetwo-w...ed-for-a-month

If that isn't "insider trading," I don't know what is.

This post from Bob Cesca may be germane: https://thedailybanter.com/2017/09/h...inancial-life/

My father was a banker and he was a good and honest man. Today he would be ashamed to admit that he was in any way associated with the financial industry.

I'll stop now, for all I have left is profanity.

Last edited by frankbell; 09-09-2017 at 11:44 PM.
 
Old 09-10-2017, 10:36 AM   #3
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,106
Blog Entries: 3

Rep: Reputation: 179Reputation: 179
The need for 2 factor authentication is a must in today's world. Anyone having access to such data should require 2 factor at a minimum.
 
Old 09-10-2017, 11:58 AM   #4
!!!
Member
 
Registered: Jan 2017
Posts: 608

Rep: Reputation: 233Reputation: 233Reputation: 233
TheMedia implicating "opensource"!!!

I casually noticed the word "opensource" in my FoxNews app story.
Then I websearched: opensource equifax
Sad. Even before I saw that word, my exaggerating imagination was saying:
Quote:
Proof that anything stored in any computer, is exposed to ALL!!!
Finally, the "nail in the coffin" / "end of the road" / "death knell"
for InternetComputing, privacy/security at least!!!
 
Old 09-10-2017, 01:17 PM   #5
FredGSanford
Senior Member
 
Registered: Nov 2005
Location: USA
Distribution: Mageia Cauldron - Debian Testing - Salix OS
Posts: 1,051
Blog Entries: 5

Rep: Reputation: 165Reputation: 165
It used to be Customers first, Employees second & Stock holders third. Today it is Stockholders first, Customers second and Employees third.

A.G. Edwards of A.G. Edwards & Sons, now Wachovia Investments.
 
Old 09-10-2017, 10:17 PM   #6
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 12,857
Blog Entries: 18

Rep: Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337
Quote:
Today it is Stockholders first,
And that is a very recent notion. Although it's repeated as revealed truth these days, it dates from the 1970s and became popular in the 1980s and is a creation of the Chicago School of Economists, who unfortunately were not around when Mrs. O'Leary's cow did her thing or perhaps we would have all been saved a lot of trouble . . . .

Historically, the first responsibility of management has been to the sustainability and well-being of the business, not to the quick buck.

Today's New York Times had an article about victims of identity theft, including one poor schmo whose identity has been stolen multiple times.
 
Old 09-13-2017, 12:50 PM   #7
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,669
Blog Entries: 4

Rep: Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019
In cases like these, I openly suspect that they will prove to be inside jobs.

Right now, in the State of Georgia (USA), you have to have a license to install low-voltage wiring around a rich man's yard. But you need no professional license at all to be a computer programmer. Furthermore, companies are quite happy to "import" non-immigrant workers from anywhere that labor is cheap, and/or to "export" their entire data-centers there, as part of "the Happy Little Cloud.™" No one stops to ask questions: "we're saving money, aren't we?"

Someone, who doesn't get paid much and who doesn't give a damn about Equifax because (s)he knows that the feelings are mutual, figures out how to make a lot of money while doing a lot of damage. Sweet Revenge. Companies are marveling at the breach – "how did those pesky Russian (of course ...) Hackers do this?" But of course what they're really doing is deflecting blame and attention away from their own questionable labor practices.

With absolutely no justification for doing so, they happily trust any employee contractor with the keys to their entire kingdom.

When companies and governments finally get tired of losing billions of dollars with no satisfactory explanation, government regulation will come to the data-processing industry. Just as it already did to low-voltage wiring, plumbing, air conditioning, electricity, civil engineering . . .

Last edited by sundialsvcs; 09-13-2017 at 12:52 PM.
 
Old 09-14-2017, 05:26 AM   #8
GentleThotSeaMonkey
Member
 
Registered: Dec 2016
Posts: 58
Blog Entries: 2

Rep: Reputation: 27
Quote:
Now, we know that the flaw was in Apache Struts and had been fixed months before the breach occurred.
https://arstechnica.com/information-...month-old-bug/
https://arstechnica.com/information-...-impact-sites/

Not only website bloatware, but difficult to maintain/update:
Quote:
Fixing those applications means getting the source code, updating the build scripts to change the Struts dependency to the latest version (2.3.32 or 2.5.10.1), and then rebuilding the application. For currently-developed code, that may be easy, but for a three year old app that hasn't been touched in a while? That's a little hairier. You might have to dig out older JDK versions to get it to build, find an old copy of an old internal JAR that's somehow gone missing, all the usual problems that happen when you try to rebuild an old application. That's assuming, of course, that you have the source code and build scripts, and that alone is far from guaranteed. I bet that there will be developers who find that the version in source control for some reason doesn't quite match the version that's deployed, or that they have no source at all, or that it doesn't build for whatever reason.
 
Old 09-17-2017, 05:31 PM   #9
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: Slackware
Posts: 7,693

Rep: Reputation: 2979Reputation: 2979Reputation: 2979Reputation: 2979Reputation: 2979Reputation: 2979Reputation: 2979Reputation: 2979Reputation: 2979Reputation: 2979Reputation: 2979
EDIT:

Never mind. Carry on.

Last edited by dugan; 09-17-2017 at 05:41 PM.
 
Old 09-20-2017, 11:55 PM   #10
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 12,857
Blog Entries: 18

Rep: Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337Reputation: 3337
Just the Equifax, Ma'am

Have a video: https://youtu.be/96u15E0kLv8
 
Old 09-21-2017, 09:36 AM   #11
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,669
Blog Entries: 4

Rep: Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019
The problem for me is, "it's a lon-n-n-ng way between 'a flaw in Apache Struts' and a total compromise of millions of accounts."

Successful compromise of any large data system, I would argue, is nearly impossible to mount "from the outside," with absolutely no knowledge of the systems that you are penetrating. I think that you have to have thorough knowledge of them ... inside knowledge of them.

Thus far, we have paid no attention to who we actually hired, nor to where our data centers were located. If labor is cheap and electrical power is cheaper, "we're there!" But it seems that we have an increasing number of billion-dollar breaches that we "simply can't explain," and most importantly, no one seems to be accountable.

Maybe we need to pass a law that says that any employee who works on a financial data system used in the United States must be a United States Citizen who holds such-and-such grade of a license issued by the Federal Department of Information Security, has cleared so-many background checks, and has appropriate training certified by the US-FDIS.

After all, we have been doing very similar things for many decades with regard to every other form of professional engineering ... except software engineering.
 
Old 09-21-2017, 10:46 AM   #12
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 361

Rep: Reputation: 134Reputation: 134
If you did that with software engineers and packages your software industry would collapse, and most of your financial industries would go into meltdown.
 
Old 09-21-2017, 02:15 PM   #13
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,669
Blog Entries: 4

Rep: Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019Reputation: 3019
Quote:
Originally Posted by dave@burn-it.co.uk View Post
If you did that with software engineers and packages your software industry would collapse, and most of your financial industries would go into meltdown.
Personally, I don't think so. Every roadway is built according to designs bearing the official red stamp of a civil engineer. Every aspect of a building is designed by licensed architects and constructed by licensed professionals. But in this case I am also speaking of internal processes, and the [present lack of ...] accountability therefor. "Knowledge Is Power."

"Who could have done this?" Why, he might be back in Bangladesh by now, his two-year visa time being up. And you'll never be able to go over there and find him. I think that we need to have legal regulation of many things which, in the first heady twenty-odd years of all this wunnerful Internet stuff, has been utterly "loosey goosey." These billion-dollar breaches are not taking place from half-a-planet away. They're not exploiting our software: they're exploiting our [lack of] human process.

Last edited by sundialsvcs; 09-21-2017 at 02:20 PM.
 
Old 09-21-2017, 06:20 PM   #14
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 361

Rep: Reputation: 134Reputation: 134
What alternative reality are you living in?
 
Old 09-21-2017, 08:52 PM   #15
jefro
Moderator
 
Registered: Mar 2008
Posts: 17,168

Rep: Reputation: 2562Reputation: 2562Reputation: 2562Reputation: 2562Reputation: 2562Reputation: 2562Reputation: 2562Reputation: 2562Reputation: 2562Reputation: 2562Reputation: 2562
And yet I don't think I ever asked them to have my information.

Latest news is they posted wrong site to check.

They won't be able to survive the lawsuits. Consumers will have to worry even after they die that they won't be scammed.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 03:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration