7 Replies. 1 pages. Viewing page 1.
Newer [  1  ] Older
7.
 
Re: Saturday Safety Dance
Sep 17, 2017, 13:25
7.
Re: Saturday Safety Dance Sep 17, 2017, 13:25
Sep 17, 2017, 13:25
 
Cutter wrote on Sep 16, 2017, 13:37:
Bumpy wrote on Sep 16, 2017, 12:45:
Arts and music major with no IT or tech schooling, eh?

If true, that's a bit of a red flag I'd think. I see a bit more than wrist slapping about to go down.

I don't think that means anything. Loads of people come out with degrees they never use and go into other fields. I studied history and ended up working as a tech monkey and sales engineer in IT for over a decade. The rest of it's been hospitality. Neither of which my education would have applied to. With the exception of something really educationally specific like medicine or engineering anyone can learn anything on their own and go on to do that.


Agreed. It makes for a nice headline but means little in practice.
- Boppa
6.
 
Re: Saturday Safety Dance
Sep 17, 2017, 10:35
6.
Re: Saturday Safety Dance Sep 17, 2017, 10:35
Sep 17, 2017, 10:35
 
Dev wrote on Sep 16, 2017, 14:53:
Cutter wrote on Sep 16, 2017, 13:37:
Bumpy wrote on Sep 16, 2017, 12:45:
Arts and music major with no IT or tech schooling, eh?

If true, that's a bit of a red flag I'd think. I see a bit more than wrist slapping about to go down.

I don't think that means anything. Loads of people come out with degrees they never use and go into other fields. I studied history and ended up working as a tech monkey and sales engineer in IT for over a decade. The rest of it's been hospitality. Neither of which my education would have applied to. With the exception of something really educationally specific like medicine or engineering anyone can learn anything on their own and go on to do that.

Their entire business is personal info, these guys should have some of the highest security spending and focus in the industry. They don't.

Other people's personal information they were never given permission to gather, that they sell to other companies, that the people who are the subject of the data must pay to access, and must pay if they want "some" control over that data. As the personal information they are holding is not that of a primary customer, their concern for it's security is secondary. Also, particularly with the current administration, they're unlikely to get into much trouble with the government, maybe a slap on the wrist fine.

As far as the CSO goes, she may very well have worked her way through the ranks of IT, r at least been heavily involved with. A few decades ago it wasn't completely uncommon for people to start working in IT because companies needed IT workers. It's also possible she was part of the "in" management group, and she was put in charge of security because all you need is management skills.
5.
 
Re: Saturday Safety Dance
Sep 16, 2017, 15:14
5.
Re: Saturday Safety Dance Sep 16, 2017, 15:14
Sep 16, 2017, 15:14
 
They got ya fingerprint, all other data from ya and now faceid , next up blood test login and they are ready to go....

And the sheep's keep on going : baaaaaaahh baaaahh
4.
 
Re: Saturday Safety Dance
Sep 16, 2017, 14:53
Dev
4.
Re: Saturday Safety Dance Sep 16, 2017, 14:53
Sep 16, 2017, 14:53
Dev
 
Cutter wrote on Sep 16, 2017, 13:37:
Bumpy wrote on Sep 16, 2017, 12:45:
Arts and music major with no IT or tech schooling, eh?

If true, that's a bit of a red flag I'd think. I see a bit more than wrist slapping about to go down.

I don't think that means anything. Loads of people come out with degrees they never use and go into other fields. I studied history and ended up working as a tech monkey and sales engineer in IT for over a decade. The rest of it's been hospitality. Neither of which my education would have applied to. With the exception of something really educationally specific like medicine or engineering anyone can learn anything on their own and go on to do that.


It MAY not mean anything. It depends on training, certs, experience, jobs worked since graduation. But it's a red flag unless all the rest is satisfactory.

Two other red flags.

She "retired" after the breach.

She (and perhaps Equifax) are trying to scrub her history and music major items from the intarwebs.

But the biggest issue? Everything we are learning about this points to incompetence in Equifax's security.
1) The admin/admin creds and plain text storage of Argentina's stuff, including creds and their equiv of SSN.
2) The fact that this current leak wasn't encrypted properly and access restricted to least permissions, else the hackers wouldn't have gotten away with anything but an encrypted DB that wouldn't have been a problem.
3) They waited two months to patch the apache struts issue (and they publically announced what vulnerability got them hacked, which is rather stupid of them, that two month issue will likely nail them at the class actions).
4) They were using current time/date as the unfreeze pins until someone pointed it out
5) they incorrectly configured the security certificate on the Equifaxbreach site, which popped upwarnings
6) they didn't host the Equifax breach site as a subdomain, which given the previous item, may lead some to doubt security and authenticity of the site
7) The breach site gives inconsistent results as to if your data was stolen, depending on if you access it through web, mobile, etc. Does it even look up anything at all? And it still hasn't emailed me back after signing up and it's been days.
8) they've had MULTIPLE previous breaches... only they bragged it didn't touch their core. Now it has
9) WTF were they storing credit card numbers for 6+ months, unencrypted for, that were able to be stolen by hackers? The 200k of them that got stolen.
10) They got hit with a zero day... that was tried after two months of not bothering to patch. No custom phishing, or custom malware, a bog standard vulnerability.


Their entire business is personal info, these guys should have some of the highest security spending and focus in the industry. They don't.

This comment was edited on Sep 16, 2017, 15:04.
3.
 
Re: Saturday Safety Dance
Sep 16, 2017, 14:14
3.
Re: Saturday Safety Dance Sep 16, 2017, 14:14
Sep 16, 2017, 14:14
 
I did the credit freeze for Equifax, TransUnion, and Experian. Experian was by far the most convoluted process. In fact I couldn't get Experians's online freeze to take. They asked me to upload scans of my driver's license and a utility bill. But once I tried to upload them it rejected them because they were not tiff format (they never specified what format was expected). I did it again in tiff and it rejected it because it was in color, not b&w (again no specification beforehand). I redid the scans a third time and it continued to insist they were in color. At this point I called their automated phone line and completed the freeze that way. But with my wife's info I couldn't get Experian to accept an online request, or the automated phone request. So we are having to mail in the documentation via snail mail.
Avatar 33441
2.
 
Re: Saturday Safety Dance
Sep 16, 2017, 13:37
2.
Re: Saturday Safety Dance Sep 16, 2017, 13:37
Sep 16, 2017, 13:37
 
Bumpy wrote on Sep 16, 2017, 12:45:
Arts and music major with no IT or tech schooling, eh?

If true, that's a bit of a red flag I'd think. I see a bit more than wrist slapping about to go down.

I don't think that means anything. Loads of people come out with degrees they never use and go into other fields. I studied history and ended up working as a tech monkey and sales engineer in IT for over a decade. The rest of it's been hospitality. Neither of which my education would have applied to. With the exception of something really educationally specific like medicine or engineering anyone can learn anything on their own and go on to do that.

"Van Gogh painted alone and in despair and in madness and sold one picture in his entire life. Millions struggled alone, unrecognized, and struggled as heroically as any famous hero. Was it worthless? I knew it wasn't."
1.
 
Re: Saturday Safety Dance
Sep 16, 2017, 12:45
1.
Re: Saturday Safety Dance Sep 16, 2017, 12:45
Sep 16, 2017, 12:45
 
Arts and music major with no IT or tech schooling, eh?

If true, that's a bit of a red flag I'd think. I see a bit more than wrist slapping about to go down.
7 Replies. 1 pages. Viewing page 1.
Newer [  1  ] Older