https://www.technewsworld.com/story/84801.html
Interesting article where Apache strikes back against the Equifax breach being caused by a vulnerability in their framework.
They note no one at the @equifax domain has been in contact with them, insinuating they haven’t managed their environment, and that Equifax didn’t use database encryption.
The article also goes into a good explanation of a zero day vulnerability.
Matt Roberts says
Very interesting article, for me it particularly shed more light on the continuing issues with Equifax’s response in recent weeks. Last week, I went on to their site and and typed my last six ssn digits to see if I was affected, and just as the article pointed out, it took almost no time to bring up a message telling me that I may have been affected and offering me the free “TrustedID Premier.” I looked into what other people were saying about it and decided not to sign up. This coupled with the fact that executives may have sold their shares directly following the incident signifies gross mismanagement if not illegal actions on the part of Equifax both before and after the incident.
Jonathan Duani says
I agree with Matt. I think it gave a lot more information on the current situation. Also I have heard that apache has been an issue in the past. It is interesting that even with it being such a known issue people still seem to neglect it.