[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

to patch two-month-old bug led to massive Equifax breach

From: Richard Stallman
Subject: to patch two-month-old bug led to massive Equifax breach
Date: Thu, 14 Sep 2017 16:52:13 -0400

------- Start of forwarded message -------
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE,
        RP_MATCHES_RCVD,URIBL_BLOCKED autolearn=disabled version=3.3.2
Date: Wed, 13 Sep 2017 20:31:01 -0700
To: address@hidden
Content-Disposition: inline
Message-ID: <address@hidden>
From: PRIVACY Forum mailing list <address@hidden>
Subject: [ PRIVACY Forum ] Failure to patch two-month-old bug led to massive
 Equifax breach
Reply-To: PRIVACY Forum mailing list <address@hidden>
Content-Type: text/plain; charset="us-ascii"

Failure to patch two-month-old bug led to massive Equifax breach


        Thursday's disclosure strongly suggests that Equifax failed to
        update its Web applications, despite demonstrable proof the
        bug gave real-world attackers an easy way to take control of
        sensitive sites.  An Equifax representative didn't immediately
        respond to an e-mail seeking comment on this possibility. As
        Ars warned in March, patching the security hole was labor
        intensive and difficult, in part because it involved
        downloading an updated version of Struts and then using it to
        rebuild all apps that used older, buggy Struts versions. Some
        websites may depend on dozens or even hundreds of such apps,
        which may be scattered across dozens of servers on multiple

 - - -

- --Lauren--
Lauren Weinstein (address@hidden): https://www.vortex.com/lauren 
Lauren's Blog: https://lauren.vortex.com
Google Issues Mailing List: https://vortex.com/google-issues
Founder: Network Neutrality Squad: https://www.nnsquad.org 
         PRIVACY Forum: https://www.vortex.com/privacy-info
Co-Founder: People For Internet Responsibility: https://www.pfir.org/pfir-info
Member: ACM Committee on Computers and Public Policy
Google+: https://google.com/+LaurenWeinstein
Twitter: https://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800
- --- Impeach Trump ---
privacy mailing list
------- End of forwarded message -------

Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]