Slashdot Mirror
Equifax CSO 'Retires'. Known Bug Was Left Unpatched For Nearly Five Months (marketwatch.com)
phalse phace quotes MarketWatch: Following on the heels of a story that revealed that Equifax hired a music major with no education related to technology or security as its Chief Security Officer, Equifax announced on Friday afternoon that Chief Security Officer Susan Mauldin has quit the company along with Chief Information Officer David Webb.
Chief Information Officer David Webb and Chief Security Officer Susan Mauldin retired immediately, Equifax said in a news release that did not mention either of those executives by name. Mark Rohrwasser, who had been leading Equifax's international information-technology operations since 2016, will replace Webb and Russ Ayres, a member of Equifax's IT operation, will replace Mauldin.
The company revealed Thursday that the attackers exploited Apache Struts bug CVE-2017-5638 -- "identified and disclosed by U.S. CERT in early March 2017" -- and that they believed the unauthorized access happened from May 13 through July 30, 2017.
Thus, MarketWatch reports, Equifax "admitted that the security hole that attackers used was known in March, about two months before the company believes the breach began." And even then, Equifax didn't notice (and remove the affected web applications) until July 30.
Chief Information Officer David Webb and Chief Security Officer Susan Mauldin retired immediately, Equifax said in a news release that did not mention either of those executives by name. Mark Rohrwasser, who had been leading Equifax's international information-technology operations since 2016, will replace Webb and Russ Ayres, a member of Equifax's IT operation, will replace Mauldin.
The company revealed Thursday that the attackers exploited Apache Struts bug CVE-2017-5638 -- "identified and disclosed by U.S. CERT in early March 2017" -- and that they believed the unauthorized access happened from May 13 through July 30, 2017.
Thus, MarketWatch reports, Equifax "admitted that the security hole that attackers used was known in March, about two months before the company believes the breach began." And even then, Equifax didn't notice (and remove the affected web applications) until July 30.
Clearly, the root cause here is cat parasites that impaired judgement of the board and execs to ignore basic security practices in a trust and consumer data line of business. It is like mice getting attracted to cat urine smell, only with your financial information.
it will not change until AIs take over the world and enslave us, but that's a problem for 2019.
Actually, that was a problem for 2019 which we solve in 2047 by solving the problem 1997. We pushed Clippy into Microsoft office and everyone saw much earlier how annoying he was and it sealed his fate before they made him intelligent. You wouldn't believe how annoying it was to be enslaved by a smart version of Clippy. I don't know what the future hold but thank your lucky stars we aren't going to be enslaved by Omega Clippy. I still have nightmares about it... ("Looks like you're trying to breathe, would you like me to push air into your lungs?" "Fuck you, Clippy! Just let me die!" "Your response is illogical, you will live to continue serving us.")
Anons need not reply. Questions end with a question mark.