[URL]http://www.bbc.com/news/technology-41257576[/URL]
[QUOTE]Cyber-crime blogger Brian Krebs said that an online employee tool used in the country (Venezuela) could be accessed by typing "admin" as both a login and password.
He added that this gave access to records that included thousands of customers' national identity numbers.[/QUOTE]
How does a company fuck up this badly? Jesus christ its like an onion article.
That's outright criminal negligence.
holy fucking shit even walmart has better login security than this
but noooo blame it on the software
Oh for fuck sakes
Genuinely what the fucking hell. I'm broke on how unbelievably retarded you have to be to do this. Even baby's first database is more secure than this pile of bullshit. Sue them to [B]hell[/B]
It doesn't sound like this is related to the wider breach in the news like the title suggests but wow, unbelievable
[QUOTE=Dr.Critic;52679482]It doesn't sound like this is related to the wider breach in the news like the title suggests but wow, unbelievable[/QUOTE]
It's not. The actual vulnerability was in the Apache Struts framework.
No surprise from them though.
The software world has a story that you hear over and over and [I]over[/I] again: Programmer/sysadmin asks manager for time and money to do something properly. Manager says no, we can scrape by without doing that. Programmer makes a point of the fact that everyone's ass is going to be to the fire if something goes wrong and people take advantage of the vulnerability created or the system fails due to the weak point exposed by the corner cutting. Manager ignores them.
It's time for robust federal regulation of corporate systems which handle sensitive user information. If money can be saved by putting your social security number, or credit card information on the line, a company will do it. Make no mistake, they will always choose to cut corners over doing things the proper way, because the bottom line dictates all decisions.
[QUOTE=froztshock;52679517]The software world has a story that you hear over and over and [I]over[/I] again: Programmer/sysadmin asks manager for time and money to do something properly. Manager says no, we can scrape by without doing that. Programmer makes a point of the fact that everyone's ass is going to be to the fire if something goes wrong and people take advantage of the vulnerability created or the system fails due to the weak point exposed by the corner cutting. Manager ignores them.
It's time for robust federal regulation of corporate systems which handle sensitive user information. If money can be saved by putting your social security number, or credit card information on the line, a company will do it. Make no mistake, they will always choose to cut corners over doing things the proper way, because the bottom line dictates all decisions.[/QUOTE]
It should be no different than a bank being federally regulated to protect your money.
Maybe it's time we use a different method to approve credit instead of trusting companies with such data? It also doesn't help they're using horrifically insecure methods of ID. SSN have no security checks at all. I can take my number and add/sub one number and get a valid number of someone else. They were never meant to be used in this way, and now we are all paying the price.
Holy fuck this company is done for, how are they even going to come back from all of this idiocy?
[QUOTE=ilikecorn;52679546]Simple solution: Every breach costs your company the entire year's profit. Multiple breaches in one year? Your entire board including CEO gets arrested for failure to protect data.[/QUOTE]
you would ruin half the companies in first months of such law ...
especially considering security holes are everywhere
be it hardware (e.g. instruction set)
firmware (bioses in mainboard, gpu or your routers)
software (from ring -3 to OS thru security software to end user applications)
technically some of the upcoming EU directive(s) are on edge to being able ruin any company
because you responsible even for what your partners do with any data you shared (even data not shared knowingly or willingly)
good luck to figure out what one of the massive companies do (if they do anything at all)
the resulting fine is just within hand and mood of the EU clerk
it's really hard to tell apart also 'done enough' vs 'not enough' vs easy to identify 'negligence' or 'nothing at all'
Was the head of their system security fucking President Skroob?
[QUOTE=nagachief;52679553]Maybe it's time we use a different method to approve credit instead of trusting companies with such data? It also doesn't help they're using horrifically insecure methods of ID. SSN have no security checks at all. I can take my number and add/sub one number and get a valid number of someone else. They were never meant to be used in this way, and now we are all paying the price.[/QUOTE]
I know the DoD is moving away from using SSN for documents and identification purposes, and is instead starting to use DoD ID numbers, which are a lot more secure.
I don't know what the hesitation is with making some sort of national ID program. We basically have one already that's called passports, but it's not card sized and doesn't include physical descriptions (hair/eye color, height, weight).
[QUOTE=QuinnithXD;52679558]Holy fuck this company is done for, how are they even going to come back from all of this idiocy?[/QUOTE]
Assuming they don't get shut down, they have a lock on this. Who actually sends in their info to Equifax, Experian or any other like this? No individual does, lending agencies do. Banks, credit unions, car dealerships, home builders.
[editline]13th September 2017[/editline]
[QUOTE=tyanet;52679795]doesn't include physical descriptions (hair/eye color, height, weight).[/QUOTE]
Neither do social security numbers. They're assigned and birth and never changed.
oh come the fuck on
five below had far better security than this just to use the cash register
Hahahaha it was the same as well in Argentina!!
With this, NK and the live flea with a dangerous disease that went missing japan due to some grade A genius using a sheet of paper to contain it, I'm more convinced humanity will sooner or later commit a colossal mistake by negligence and fuck it up. Forever.
jokes on you guys, my fp password is actually J!NX
[QUOTE=Cutthecrap;52679883]Hahahaha it was the same as well in Argentina!!
With this, NK and the live flea with a dangerous disease that went missing japan due to some grade A genius using a sheet of paper to contain it, I'm more convinced humanity will sooner or later commit a colossal mistake by negligence and fuck it up. Forever.[/QUOTE]
The article is about Argentina, the op for some dubious reason switched it to Venezuela.
I'm shocked that it took this long, there are crawlers that putt their way around the internet trying exactly this on any machines they can connect to.
That's literally the first thing you try.
[QUOTE=J!NX;52679885]jokes on you guys, my fp password is actually J!NX[/QUOTE]
Mine is "admin" :clown:
These are the real life events that let me suspend my disbelief when I find notes and messages containing passwords literally everywhere in Deus Ex-style games.
Guest?
The article only mentions Argentina, I don't think Equifax has operations in Venezuela.
[QUOTE=Marik Bentusi;52680239]These are the real life events that let me suspend my disbelief when I find notes and messages containing passwords literally everywhere in Deus Ex-style games.[/QUOTE]
That's because it's a thing people actually do. I see passwords written down on users desks all the time. And ironically, they are the same people that don't have good passwords. Like password14 tier. They are incapable of remembering anything. :v:
If Deus Ex were more like real life you'd be scrounging through notebooks of accounts and passwords written down to find which one you should use.
Password management is always shit and most company policy just makes it worse.
[i]"I have to change my password every 30 days and can't keep any old passwords? September2017 it is!"[/i]
