Lol even my company that stores fucking CC info in a plaintext database and only moved to sending CCards over HTTPS like 3 months ago is more secure than this garbage.
[QUOTE=Darquan90;52680805][IMG]https://pbs.twimg.com/media/DJMm2IbXgAAbSvh.jpg[/IMG][/QUOTE]
At least she has all those years of experience working as a Professional
[QUOTE=Gbps;52679501]It's not. The actual vulnerability was in the Apache Struts framework.
No surprise from them though.[/QUOTE]
Was that proven? I thought that was just Equifax's excuse, and even Apache was like "Yo what the fuck, you have no way of knowing if it was our software."
[QUOTE=Cutthecrap;52679883]Hahahaha it was the same as well in Argentina!!
With this, NK and the live flea with a dangerous disease that went missing japan due to some grade A genius using a sheet of paper to contain it, I'm more convinced humanity will sooner or later commit a colossal mistake by negligence and fuck it up. Forever.[/QUOTE]
Wait what flea with a disease
I looked it ip and found nothing
[QUOTE=Darquan90;52680805][IMG]https://pbs.twimg.com/media/DJMm2IbXgAAbSvh.jpg[/IMG][/QUOTE]
Exactly what the fuck was Equifax thinking when they looked at her resume and decided she would be a perfect Chief Of Security? Better yet, what was she thinking when she got her degree in music composition and decided the best place to take that was to the tech industry?
[QUOTE=Xenomoose;52681164]Exactly what the fuck was Equifax thinking when they looked at her resume and decided she would be a perfect Chief Of Security? Better yet, what was she thinking when she got her degree in music composition and decided the best place to take that was to the tech industry?[/QUOTE]
I'm guessing nepotism. Somebody knew her at the company and got her the job. I know of at least one person at one of my jobs who had no background or experience in the position he has now yet somehow got the job.
Also I'm getting reminded of that running gag in Archer where guest was the password for everything.
[QUOTE=Protocol7;52681022]Was that proven? I thought that was just Equifax's excuse, and even Apache was like "Yo what the fuck, you have no way of knowing if it was our software."[/QUOTE]
Struts has had a number of quite severe known exploits for a while now. A few of which do allow remote code execution. If Equifax used Struts and haven't kept up to date (nobody in the industry ever actually does unless forced too) then it's a likely suspect.
[QUOTE=hexpunK;52681804]Struts has had a number of quite severe known exploits for a while now. A few of which do allow remote code execution. If Equifax used Struts and haven't kept up to date (nobody in the industry ever actually does unless forced too) then it's a likely suspect.[/QUOTE]
That's probably fair and true. Doesn't matter if the software creator fixes the vulnerabilities if you don't patch your copy of the software.
[QUOTE=hexpunK;52681804]Struts has had a number of quite severe known exploits for a while now. A few of which do allow remote code execution. If Equifax used Struts and haven't kept up to date (nobody in the industry ever actually does unless forced too) then it's a likely suspect.[/QUOTE]
That's exactly what happened.
[url]https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug/?amp=1[/url]
Bug was patched 2 months ago, but to be fair it might have taken Equifax time to fix.
[QUOTE=SleepyAl;52681848]That's exactly what happened.
[url]https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug/?amp=1[/url]
Bug was patched 2 months ago, but to be fair it might have taken Equifax time to fix.[/QUOTE]
There's always that fear as a team that you'll bump the version number up and something, somewhere will break. But like fuck the management team will give you the time to actually test it, and even if they did it could be an absolutely tiny thing that isn't visible when going through your routine test suites that breaks.
Though usually when a security critical bug is fixed it's in your best interest to just fucking move to it and deal with the bugs. Better to have a site that goes down once or twice than one that leaks customer information.
[QUOTE=SleepyAl;52681365]I'm guessing nepotism. Somebody knew her at the company and got her the job. I know of at least one person at one of my jobs who had no background or experience in the position he has now yet somehow got the job.
Also I'm getting reminded of that running gag in Archer where guest was the password for everything.[/QUOTE]
Either that or it's hard to find a female majoring in security, but Equifax was falling behind on their diversity quota.
Hey, don't talk shit about managers with art degrees in tech jobs. One of the dev managers at my workplace has a masters in art, and he routinely misunderstands technical limitations and capabilties, focuses on metrics instead of quality of work, has little to no technical understanding of our products...
Wait a sec... :thinking:
[QUOTE=SleepyAl;52681365]I'm guessing nepotism. Somebody knew her at the company and got her the job. I know of at least one person at one of my jobs who had no background or experience in the position he has now yet somehow got the job.
Also I'm getting reminded of that running gag in Archer where guest was the password for everything.[/QUOTE]
As employment at HP was [URL="https://www.boardroominsiders.com/executive-profiles/1006308/Equifax,-Inc./Susan-Mauldin"]apparently[/URL];
[QUOTE]
Senior director, Information Security, Audit and Compliance[/QUOTE]
And at First Data
[QUOTE]Senior Vice President and Chief Security Officer [/QUOTE]
How hard is it to get one of these jobs without an education in IT? Is this common in the business world? I honestly don't know.
So this is the kind of security these motherfuckers had, the same motherfuckers who kept sending me letters about a debt I allegedly had on a cellphone number at my name, a number I didn't even know I have until a month ago, and wanted me to pay 1600Ar$ for it.
Hope they get fucked with lawsuits. This shit is embarrassing.
[QUOTE=Tumama;52682459]So this is the kind of security these motherfuckers had, the same motherfuckers who kept sending me letters about a debt I allegedly had on a cellphone number at my name, a number I didn't even know I have until a month ago, and wanted me to pay 1600Ar$ for it.
Hope they get fucked with lawsuits. This shit is embarrassing.[/QUOTE]
[url]https://www.usatoday.com/story/money/2017/09/11/equifax-hit-least-23-class-action-lawsuits-over-massive-cyberbreach/653909001/[/url]
hope it kills them. It'll set a really good precedent too.
[QUOTE=Raidyr;52682118]As employment at HP was [URL="https://www.boardroominsiders.com/executive-profiles/1006308/Equifax,-Inc./Susan-Mauldin"]apparently[/URL];
And at First Data
How hard is it to get one of these jobs without an education in IT? Is this common in the business world? I honestly don't know.[/QUOTE]
Honestly most formal degrees for security don't actually teach you shit. Not uncommon for someone to get a job without, but they usually have skills.
[QUOTE=Levelog;52682604]Honestly most formal degrees for security don't actually teach you shit. Not uncommon for someone to get a job without, but they usually have skills.[/QUOTE]
For the most part, Universities will only teach you management of lower-level employees and very little to no technical work.
Technical schools and Community Colleges will teach the actual field-relevant skillsets.
Can we start building the gallows?
[QUOTE=Levelog;52682604]Honestly most formal degrees for security don't actually teach you shit. Not uncommon for someone to get a job without, but they usually have skills.[/QUOTE]
I stumbled into working in IT with no real training or what not
I just work with computers all the time so the company said "fuck it put him in the IT department" and it's been a pretty good deal for the company so far
[editline]15th September 2017[/editline]
Although, Equifax being as large as it is should probably have someone in charge that at least is qualified.
[QUOTE=SleepyAl;52681365]I'm guessing nepotism. Somebody knew her at the company and got her the job. I know of at least one person at one of my jobs who had no background or experience in the position he has now yet somehow got the job.
Also I'm getting reminded of that running gag in Archer where guest was the password for everything.[/QUOTE]
Yeah, learning this actually makes sense to me. It would have been surprising to learn that everyone on board was a seemingly compotent, educated, individual with long histories in computer security or science. Nepotism makes things add up.
[QUOTE=HumanAbyss;52684709]I stumbled into working in IT with no real training or what not
I just work with computers all the time so the company said "fuck it put him in the IT department" and it's been a pretty good deal for the company so far
[editline]15th September 2017[/editline]
Although, Equifax being as large as it is should probably have someone in charge that at least is qualified.[/QUOTE]
Yeah, just saying that not having a security degree doesn't disqualify you from a job like that even at a big company, a business or management degree is probably more common. Though this person seems to be incompetent.
Sorry, you need to Log In to post a reply to this thread.
