Equifax Has Been Sending Consumers To a Fake Phishing Site for Almost Two Weeks (gizmodo.com)

← Back to Stories (view on slashdot.org)

Equifax Has Been Sending Consumers To a Fake Phishing Site for Almost Two Weeks (gizmodo.com)

Posted by msmash on Wednesday September 20, 2017 @08:05AM from the security-nightmare dept.

An anonymous reader shares a Gizmodo report (condensed for space): For nearly two weeks, the company's official Twitter account has been directing users to a fake lookalike website. After announcing the breach, Equifax directed its customers to equifaxsecurity2017.com, a website where they can enroll in identity theft protection services and find updates about how Equifax is handing the "cybersecurity incident." But the decision to create "equifaxsecurity2017" in the first place was monumentally stupid. The URL is long and it doesn't look very official -- that means it's going to be very easy to emulate. To illustrate how idiotic Equifax's decision was, developer Nick Sweeting created a fake website of his own: securityequifax2017.com. (He simply switched the words "security" and "equifax" around.) As if to demonstrate Sweeting's point, Equifax appears to have been itself duped by the fake URL. The company has directed users to Sweeting's fake site sporadically over the past two weeks. Gizmodo found eight tweets containing the fake URL dating back to September 9th.

154 comments

Min score:

Reason:

Sort:

Is someone paying them to be this stupid? by H3lldr0p · 2017-09-20 08:09 · Score: 5, Insightful

Because it's incredible how stupid this whole thing has been.
How can anyone be this bad at their core business?
1. Re:Is someone paying them to be this stupid? by fightinfilipino · 2017-09-20 08:11 · Score: 3, Insightful
  
  Because it's incredible how stupid this whole thing has been.
  How can anyone be this bad at their core business?
  the "free market" at work: screwing over ordinary people because who's going to stop them?
2. Re:Is someone paying them to be this stupid? by cayenne8 · 2017-09-20 08:13 · Score: 4, Interesting
  
  I would think at this point, the shareholders could unite, and vote to sweep the entire company clean....and start over.
  
  --
  Light travels faster than sound. This is why some people appear bright until you hear them speak.........
3. Re:Is someone paying them to be this stupid? by irrational_design · 2017-09-20 08:16 · Score: 1
  
  My thought exactly.
4. Re:Is someone paying them to be this stupid? by phantomfive · 2017-09-20 08:16 · Score: 3, Funny
  
  How can anyone be this bad at their core business?
  Their core business is, literally, collecting and sharing information. They shared it with a few too many people in this case, but hey, can you blame an over-achiever?
  
  --
  "First they came for the slanderers and i said nothing."
5. Re:Is someone paying them to be this stupid? by burtosis · 2017-09-20 08:17 · Score: 5, Funny
  
  Hahahaha, good one - free market. We don't need those stupid consumer protections ^H^H^H^H^H^H^H^H^H^H^H^H^H^H overreaching regulations.
6. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 08:18 · Score: 0
  
  The Equifax breach is the gift that keeps on giving.
  At this point I wonder if they're just a giant troll.
7. Re:Is someone paying them to be this stupid? by king+neckbeard · 2017-09-20 08:19 · Score: 3, Interesting
  
  How can anyone be this bad at their core business?
  Their core business is maintaining an oligopoly on an essential service, and they do that well. Keeping information safe is not part of their core business, and thus, they pay little attention to it.
  
  --
  This is my signature. There are many like it, but this one is mine.
8. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 08:22 · Score: 0
  
  Well, you seem to think it's ludicrous and 90% of your replies are in agreement.
  I hate to break it to you guys but denial like that is the reason "stupidity" like that happens. If you don't think every organization is susceptible to this, you've been snorting your own feces for too long.
9. Re:Is someone paying them to be this stupid? by Pascoea · 2017-09-20 08:22 · Score: 3, Insightful
  
  vote to sweep the entire company clean....and start over.
  Won't happen. There is no way they can afford that many multi-million dollar golden parachutes at the same time. And you're not going to see a single executive actually punished over this.
10. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 08:26 · Score: 2, Insightful
  
  Because a government enabled credit-reporting oligopoly is totally the same thing as a free market! Get the government to run it like healthcare and the postal service, that'll fix everything!
11. Re:Is someone paying them to be this stupid? by emil · 2017-09-20 08:27 · Score: 2
  
  A more likely scenario is civil damages exceeding the value of the corporation, followed by chapter 7 bankruptcy.
12. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 08:32 · Score: 2
  
  Ah, the elusive ideal free market. It must exist just across the way from ideal communism.
13. Re: Is someone paying them to be this stupid? by jaffreywali · 2017-09-20 08:34 · Score: 3, Informative
  
  Govt doesnâ(TM)t run healthcare in the US and the postal service actually does a good job of delivering mail.
14. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 08:36 · Score: 2, Funny
  
  Do you think they'd then be required to sell their database info to the highest bidder to recoup loses?
15. Re: Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 08:39 · Score: 0
  
  Can Zuckerberg afford it???
16. Re:Is someone paying them to be this stupid? by Revek · 2017-09-20 08:39 · Score: 1
  
  Generating a arbitrary number that affects their cattles ability to get a loan? Thats their core business.
17. Re:Is someone paying them to be this stupid? by Rick+Schumann · 2017-09-20 08:42 · Score: 1
  
  Their 'core business' is to divest the Human Race from their money, and they've done a bang-up job of that. All this 'cyber security' stuff is obviously not of interest to them -- unless it somehow inpinged upon their ability to suck money out of people, in which case I'm sure there were lashings of those dreadful unwashed IT people until situations were improved -- but the data of all us mere peasants? Why should they care about that?
18. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 08:44 · Score: 0
  
  Clearly you've never worked at Amazon
19. Re:Is someone paying them to be this stupid? by geekmux · 2017-09-20 08:46 · Score: 1
  
  Because it's incredible how stupid this whole thing has been.
  How can anyone be this bad at their core business?
  From Slap-On-The-Wrist fines for the Financial Industrial Complex, to the Too-Big-To-Fail bailouts for the US auto industry, tell me again how obscene incompetence and criminal behavior has been anything short of rewarded?
  THAT is how they can be this bad. Turns out it's actually worth it to put in a fucking half-assed effort.
20. Re:Is someone paying them to be this stupid? by Pascoea · 2017-09-20 08:47 · Score: 5, Funny
  
  Do you think they'd then be required to sell their database info
  I thought I heard it's already available online somewhere. Can't put my finger on where I heard that though.
21. Re:Is someone paying them to be this stupid? by Darinbob · 2017-09-20 08:51 · Score: 1
  
  Hiring competent people would eat away at profits!
22. Re: Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 08:52 · Score: 2, Insightful
  
  Pfffft, they're too big to fail (or too much money over government influence).
  They'll get a couple lashes from a whip to set an example and lose some revenue but they'll continue on. Consumers are their main product, not their customer.
  Businesses and banks will continue using them as if nothing happened. Years or decades later, information from this breach will be used by independent groups worldwide for identity theft related purchases. They may even drum up some new business for their consumer directed credit services. The entire system is a sham, it's not going anywhere. I'm buying some Equifax stock right now while it drops, they'll ultimately grow back... That's how shams at the highest levels work.
23. Re:Is someone paying them to be this stupid? by mishehu · 2017-09-20 09:08 · Score: 1
  
  Are you sure you know what their core business is? I thought it was collecting all possible data, whether factually correct or not, shaking the cup with the bones in it, collecting money from their clients (not us the consumers), and after getting the money, rolling the bones out of the cup and proclaiming "THE BONES HAVE SPOKEN!!!"
24. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 09:12 · Score: 0
  
  Their (now fired) head of cyber security majored in music.
  James Damore was right. This is the new diversity first culture. Equifax now, Google tomorrow.
25. Re:Is someone paying them to be this stupid? by dcollins117 · 2017-09-20 09:21 · Score: 2
  
  How can anyone be this bad at their core business?
  I'm a member of two class action suits against Equifax. The first, ongoing since 2008, is because they violated the Fair Debt Reporting Act. I was also affected by this data breach. A quick Googling reports that there are at least 23 class action suits for this latest incident alone. In the scummy consumer credit marketplace incompetence is de rigueur.
26. Re:Is someone paying them to be this stupid? by dnaumov · 2017-09-20 09:24 · Score: 2
  
  Because it's incredible how stupid this whole thing has been.
  How can anyone be this bad at their core business?
  the "free market" at work: screwing over ordinary people because who's going to stop them?
  You misspelled "government protected racket".
27. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 09:25 · Score: 1
  
  Just more proof of how evil and restrictive government regulation is, everyone knows businesses can be trusted to police themselves. #MAGA!
28. Re: Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 09:31 · Score: 0
  
  "ongoing since 2008"
  Well at least the lawyers are getting rich.
29. Re:Is someone paying them to be this stupid? by zifn4b · 2017-09-20 09:53 · Score: 1
  
  the "free market" at work: screwing over ordinary people because who's going to stop them?
  The "free market" is not inherent stupid or intelligent. Making an administrator password "admin" is stupid. It was a human error by someone who is obviously a moron.
  
  --
  We'll make great pets
30. Re:Is someone paying them to be this stupid? by zifn4b · 2017-09-20 09:54 · Score: 1
  
  Hahahaha, good one - free market. We don't need those stupid consumer protections ^H^H^H^H^H^H^H^H^H^H^H^H^H^H overreaching regulations.
  Ok, a person made an admin password "admin". That's STUPID! Do you know of a government regulation that can fix stupid? If you do, I guarantee you will win a Nobel Peace Prize.
  
  --
  We'll make great pets
31. Re: Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 10:19 · Score: 0
  
  Is the Pope Catholic?
32. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 10:21 · Score: 1
  
  Punishing stupid with jail time has been proven to reduce, though not eliminate, stupid's influence on the average citizen. Might be good to start there.
33. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 10:21 · Score: 0
  
  > How can anyone be this bad at their core business?
  It's a big mystery, because last week a bunch of jabronis in here said it was perfectly fine for the former CSO to have degrees in music composition. So, since it can't be that, it must be something else.
34. Re: Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 10:24 · Score: 2, Funny
  
  No, he's Jesuit.
35. Re: Is someone paying them to be this stupid? by reboot246 · 2017-09-20 10:27 · Score: 1
  
  When you add together all the people on Medicare, Medicaid, and the VA, yes, the government runs a BIG part of healthcare in the US - approx 120,000,000 people, and it's going up every day.
  
  As far as the USPS, yes, they're good at delivering the mail, but a large portion (and growing) of their business is package delivery (because of Amazon), and they really suck at it.
36. Re: Is someone paying them to be this stupid? by liquid_schwartz · 2017-09-20 10:48 · Score: 4, Insightful
  
  When you add together all the people on Medicare, Medicaid, and the VA, yes, the government runs a BIG part of healthcare in the US - approx 120,000,000 people, and it's going up every day.
  To be fair the government isn't even trying to run health care efficiently. If it was Canada with a market 1/10th the size of the US, wouldn't be getting lower drug pricing. The states would be able to band together for greater purchasing power (or insurers across state lines for that matter). You could lower the cost of government medicine by >25% in an afternoon by merely dropping barriers that have been artificially put in place to keep well connected drug companies flush with cash. The Feds have clearly chosen the side they favor with health care policy - and it's drug companies not consumers, patients, or taxpayers.
37. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 10:48 · Score: 1
  
  No that's not the case... Someone didn't follow security policy and procedures that should've been put in place considering it is a financial institution. Regular internal and external security audits would've caught this mistake.
38. Re:Is someone paying them to be this stupid? by ShanghaiBill · 2017-09-20 10:56 · Score: 4, Insightful
  
  Punishing stupid with jail time has been proven to reduce, though not eliminate, stupid's influence on the average citizen.
  This is an idiotic knee-jerk solution. America already imprisons far more people than other countries, and we expend huge resources to do it, despite evidence that it increases future crime through direct recidivism as well as indirectly by destroying families and degrading communities.
  So now we are going to put even more people in prison, not because they are violent, but because they are stupid?
  Where is your "proof" that prison reduces stupidity? The PIC is a result of stupidity, not a solution to it.
  A far better solution is monetary penalties, that reduce the harm from stupidity by incentivising investors and shareholders to demand verified compliance with industry best practices.
39. Re: Is someone paying them to be this stupid? by ShanghaiBill · 2017-09-20 11:00 · Score: 3
  
  When you add together all the people on Medicare, Medicaid, and the VA, yes, the government runs a BIG part of healthcare in the US
  The US government spends about $6000 per capita on healthcare. Sweden's government spends about $4000 per capita. So America's health care is actually more socialist than Sweden's by total expenditure, although slightly less (60% vs 75%) as a percentage.
40. Re: Is someone paying them to be this stupid? by cayenne8 · 2017-09-20 11:13 · Score: 1
  
  I'm buying some Equifax stock right now while it drops, they'll ultimately grow back...
  
  Honestly, I've been thinklng the same....trying to see if it bottoms out and buy stock....but every time I think it is slowing down, they do something fscking stupid AGAIN.....and the bottom keeps dropping.
  
  --
  Light travels faster than sound. This is why some people appear bright until you hear them speak.........
41. Re:Is someone paying them to be this stupid? by rholtzjr · 2017-09-20 11:14 · Score: 3, Interesting
  
  I think a lawyer said it is pretty much over for Equifax. 20 billion in damages. Yikes!
  Yea, so when your IT folks raise concerns about security..... DON'T IGNORE THEM!
42. Re: Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 11:31 · Score: 0
  
  Right, like in China where they execute people for white collar crime.. Or at least they used to, because all fraud and malpractice was stopped.
  You fucking imbecile.
43. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 11:35 · Score: 0
  
  A company can't file chapter 7.
44. Re: Is someone paying them to be this stupid? by rholtzjr · 2017-09-20 11:36 · Score: 1
  
  Yup, the return on a class action suit is a pittance for the people affected compared to what the law firm that's handling it will get. Our $70/1 year credit monitoring service compared to the millions that the law firm will get.
45. Re: Is someone paying them to be this stupid? by quintus_horatius · 2017-09-20 11:38 · Score: 4, Insightful
  
  America already imprisons far more people than other countries, and we expend huge resources to do it, despite evidence that it increases future crime through direct recidivism as well as indirectly by destroying families and degrading communities.
  Maybe that's because we're putting the wrong people in jail.
46. Re: Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 12:00 · Score: 0
  
  Have another look before you say stupid things like this. Yes, she majored in music but she seems to be a legitimate computer security manager with a history of both computer security and management. This breach is probably career-ending for her (and rightly so), but this isnâ(TM)t anything close to a âoeYouâ(TM)re doing a heckuva good job, Brownieâ moment.
47. Re: Is someone paying them to be this stupid? by bjverzal · 2017-09-20 12:20 · Score: 2
  
  Mistake? A mistake is applying the wrong patch. Negligence is applying none.
48. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 12:27 · Score: 0
  
  Government, no. But nature already has a mechanism that can fix stupid. Unfortunately, humans always seem to get in the way. Allowing stupid to survive and breed just increases the amount of stupid in the species. The longer nature is prevented from doing its job, the more stupid the human species will become as a whole.
49. Re: Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 13:06 · Score: 0
  
  we mandated those cheaper drug prices through law by saying we can copy any of your american drugs with little to no cost ..... i mean it works, as long as Americans pay for the research lol
50. Re:Is someone paying them to be this stupid? by rcase5 · 2017-09-20 13:06 · Score: 1
  
  I'm all for free markets. But every time I try to walk out of the market without paying for my stuff, they get very upset.
51. Re:Is someone paying them to be this stupid? by DivineKnight · 2017-09-20 13:45 · Score: 1
  
  1.) Fire all the smart people because they cost so much.
  2.) Profit!
  3.) Company collapses under lawsuits, pressure from competitors, outright thievery...
52. Re: Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 13:50 · Score: 0
  
  Maybe that's because we're putting the wrong people in jail.
  Precisely. If the US spent less time imprisoning non-violent drug offenders and vulnerable people who should have been diverted away from a life of crime by a social worker at some point earlier in their life, more time imprisoning the people who crash the economy or whose recklessness results in massive privacy violations or corrupt public officials who get kickbacks from prison operators...
  Let's just say the prisons would be less full, and society would be a better place.
53. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 13:52 · Score: 5, Insightful
  
  So now we are going to put even more people in prison, not because they are violent, but because they are stupid?
  No, but criminally negligent on such an epic scale it can be barely conveyed.
  If the financial information of 143 million US people has been compromised, this is literally almost every working age person in the country who has a credit history having their personal information put in the clear. And since people don't apparently have a choice in whether these assholes get their information, they could ruin the lives of people who didn't have a say in this company having their information for decades to come.
  The sheer magnitude of this fuck up is impossible to explain, because it could literally result in tens of billions in damages to consumers because some fucking idiot was too lazy or stupid to apply a known security patch. You know, like "well, the plane might explode if you fly above 5000 feet but we'll keep that secret" kind of depraved indifference.
  
  A far better solution is monetary penalties, that reduce the harm from stupidity by incentivising investors and shareholders to demand verified compliance with industry best practices.
  Mother fucking verified compliance with industry best practices????? Are you fucking kidding us? Incenti-fucking-vising goddamned shareholders??? Jesus fucking Christ, are you thinking when you type this shit?
  This colossal fuck up means pretty much every adult in America with a credit history could be spending the rest of the lives subject to fraud. All of them. Anybody who shows up in this massive database, with the most vital and sensitive and unalterable information about them.
  No, the only real response to this is Equifax pretty much needs to be wiped out as a legal entity, and the executives need to be treated as if they'd willfully destroyed lives to save a few bucks -- because they did. They were so grossly incompetent with managing the information of pretty much everyone you can't fucking incentivise investors and shareholders, you need to ensure the punishment is commensurate with the damage.
  This is beyond mother fucking "industry best practices". This is devastating. And at this point, that potential damage far exceeds the damage from hurricanes, tornadoes, and earthquakes, because tens of millions of people stand to lose everything they own.
  There's no fixing this, bullshit offer for credit monitoring aside, this is pretty much potentially a financial nuclear bomb.
  There's simply no way you can treat this as a fine, a slap on the wrist, and a fucking expectation that the fucking shareholders will scold them and make it not happen again.
  This pretty much has to have a scorched earth, prison, and public executions kind of response ... maybe not that last one, but this has to be responded to so harshly it isn't funny.
  But don't say stupid shit which implies that the "market" will correct this or that anybody involved in this fiasco should ever have anything to do with people's financial information ever again. This needs to be the equivalent of disbarment, banishment, and a lifetime of having every person impacted by this free to punch these clowns in the face for the rest of their lives -- because the fucking victims of this (which is pretty much everybody) will be dealing with this for the rest of their lives.
  Monetary fucking policies and fucking industry best practices. I sincerely hope you and everyone you know gets royally fucked by this, and then let's see what you think about shareholders and compliance with industry fucking best practices.
  Idiot.
  This is probably the highest value data breach in the history of mankind, and alarmingly that isn't even hyperbole. And you think industry standards are going to fix this?
54. Re: Is someone paying them to be this stupid? by rcase5 · 2017-09-20 14:07 · Score: 1
  
  You know what, I'm not buying this. I've heard other people defend this "Music major as a Chief Security Officer." I understand that Music has many mathematical properties, and if she has a Masters in Music, she is likely very intelligent. I also have no doubt that she had quite the resume when it came to security and management; I'd suppose you'd have to have those things if you were a Chief Anything Officer at Equifax.
  But you know what? Who cares?! The fact that she had both degrees (a Bachelors and a Masters) in Music tells me that she just wasn't that into this Chief Security/Information Officer stuff. Her first love was music, and that's great, but all of this computer stuff was just to pay the bills. I'm willing to wager there are plenty of undegreed I.T. people out there who would run circles around this person. This is a case of degree-snobbery. They wanted someone with a high-level degree in their Chief Security Officer role. It apparently didn't matter what degree it was, as long as it was a Masters in something.
  So unless this person minored in something even remotely related to computers (like electrical engineering, mathematics, etc.), I'm simply not buying this argument that she had an impressive resume to go along with the pair of completely unrelated degrees that won her the job. It seems to me that her heart just wasn't into this job, and it finally showed. As a result, 143 million people are likely to have their credit lives (and by extension, their real lives) ruined forever by this. So you'll forgive me if I'm not quite as sympathetic to "the Music major". This is not about picking on the music major, this is about having the right people, with the right passion, in the right jobs in the right places. This person was, evidently, none of those.
55. Re: Is someone paying them to be this stupid? by ShanghaiBill · 2017-09-20 14:14 · Score: 5, Insightful
  
  Maybe that's because we're putting the wrong people in jail.
  Prison should be for violent people that need to be physically separated from civilized society. For everyone else there are more appropriate punishments. For instance, the CEO of Equifax could wear an anklet tracking device while spending 60 hours per week changing bedpans in a nursing home for the next ten years. Instead of costing taxpayers, he would be benefiting society, and his family would still be intact.
  If he is separated from his family, his children will grow up without moral guidance, thus increasing the chance that they will get MBAs and try to become CEOs themselves, and the cycle will continue for yet another generation.
56. Re: Is someone paying them to be this stupid? by TheGratefulNet · 2017-09-20 14:16 · Score: 1
  
  bingo!
  non violent plant inhalers who really do NO HARM TO ANYONE are spending 10's of years in prison.
  meanwhile, white collar idiots who harm MILLIONS are passed over.
  yeah, we imprison more people than the rest of the world combined, but that's because the republicans kept forcing us to wage a 'war on drugs' that never worked and can never work.
  instead, we should reclaim consumer rights and imprison CEOs who fuck over multitudes of people.
  this country is failing fast. if we don't reverse our course, we'll truly become 2nd and then 3rd world status ;(
  
  --
  
  --
  "It is now safe to switch off your computer."
57. Re: Is someone paying them to be this stupid? by TheGratefulNet · 2017-09-20 14:18 · Score: 1
  
  prison is to DETER bad behavior.
  why do you think its NOT ok to imprison ceo's? the rich white guys are that untouchable to you?
  jail the corp leaders who fail and cause world-level problems.
  I could not care less if its violent or not. that's NOT the point!!
  
  --
  
  --
  "It is now safe to switch off your computer."
58. Re: Is someone paying them to be this stupid? by burtosis · 2017-09-20 14:54 · Score: 1
  
  +all my mod points if I could post them. Jail these assholes for 20 years and let out an equal number of people doing hard time for possession of a small amount of marijuana that's now legal in thier state. I
59. Re: Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 15:05 · Score: 1
  
  Where is the broken windows policing philosophy when we really need it.
  Pull the super citizens business license. It's done for a Dr performing malpractice...
  Sorry Equifax, you are now barred from doing anymore business. Then fine the pants off of all senior management and c levels.
  Wake up, you're in America 2017.
60. Re: Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 15:10 · Score: 0
  
  The industry is profitable, it must be running as desired.
61. Re:Is someone paying them to be this stupid? by cbiltcliffe · 2017-09-20 15:26 · Score: 2
  
  Oh, if only I had mod points.
  How much saliva did you have to wipe off your monitor and keyboard after typing that up?
  That was.....brilliant.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
62. Re: Is someone paying them to be this stupid? by ShanghaiBill · 2017-09-20 15:34 · Score: 1
  
  prison is to DETER bad behavior.
  ... yet it has an extremely poor track record of doing that. People that go to prison are more likely to re-offend than people given more lenient punishments.
  A few centuries ago, we executed people for stealing bread. People still stole bread. Harsh punishments have far less deterrent value than the certainty of getting caught.
  If we start imprisoning CEO for making mistakes, far fewer honest people will want the job. So the pay will have to be much higher, and more dishonest people will be attracted since they can steal and embezzle enough to offset the legal jeopardy.
63. Re:Is someone paying them to be this stupid? by FeelGood314 · 2017-09-20 16:25 · Score: 1
  
  It isn't their core business keeping your information safe. You are the product not the customer. They sell your credit rating to banks and lenders. Keeping your information safe makes them no money and is in general an inconvenience. Allowing you to see your credit score and point out mistakes in it is a major expense with very little up side. So really, as a for profit company, why would they waste anything more than the bare minimum of resources on it? They definitely won't devote any key or intelligent employees.
  
  Based on American law Equifax is acting completely rationally and in their best interests. Everyone here can save their fake indignation. If you are upset about it have your politicians change the rules.
64. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 16:30 · Score: 0
  
  overreaching regulations.
  You misspelled "job-killing regulations".
65. Re:Is someone paying them to be this stupid? by rossz · 2017-09-20 18:26 · Score: 1
  
  Yes. Make the fines fucking huge when incompetence results in leaked private information. The fine needs to so big that the shareholders will revolt if the company has to pay it. That's the only way you can get management to throw some money at the IT department and security. A business will either invest in their security or shut down.
  
  --
  -- Will program for bandwidth
66. Re: Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-20 18:52 · Score: 1
  
  ISO27001 in the UK. Our policy for passwords states it must be X length, unique and contain numbers letters etc.
  Then we get audited by external body once a year who comes in and says prove that the passwords used is as per policy.
  If not its a fail and you can lose your certification and then lose your customers quite easily.
67. Re:Is someone paying them to be this stupid? by Bert64 · 2017-09-20 19:29 · Score: 2
  
  Some governments and industries require that sites be pentested prior to going live, even the most incompetent of pentesters would catch admin/admin.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
68. Re:Is someone paying them to be this stupid? by Wescotte · 2017-09-20 21:30 · Score: 1
  
  Simple, just pass a law making computers illegal.
69. Re: Is someone paying them to be this stupid? by KGIII · 2017-09-20 21:48 · Score: 2
  
  You have to work really hard to be this incompetent. Doing nothing, nothing all all - just playing mine sweeper, has to be better than this.
  
  --
  "So long and thanks for all the fish."
70. Re:Is someone paying them to be this stupid? by Wootery · 2017-09-20 22:54 · Score: 1
  
  Security can 'fall off the radar' for your average idiot CEO - they're sure security incidents only happen to other people.
  I think you have to have an independent team of security specialists perform a serious security audit at least every 6 months would go a long way.
  Perhaps even require the tiger team to report directly to shareholders. That would force the company to own the specifics of their security concerns.
71. Re: Is someone paying them to be this stupid? by burtosis · 2017-09-20 23:41 · Score: 2
  
  Riiiiight.... moral guidance. Because these people are not only the leaders of companies, they are the altruistic moral guiding light of everyone around them.
72. Re: Is someone paying them to be this stupid? by burtosis · 2017-09-20 23:45 · Score: 2
  
  Not mistakes, willful neglect and negligence, or outright criminal behavior. Plus everyone here is forgetting another aspect of jailing someone - punishment or "getting even" with the person who did the crime. I don't care if it deters not a single person, you jail people and screw thier lives in cases like this because they would be too busy enjoying time on thier second smaller yacht, away from thier larger one, to give a flying fk if you just forced them out.
73. Re: Is someone paying them to be this stupid? by LordWabbit2 · 2017-09-20 23:48 · Score: 1
  
  Their core business is not protecting data, it's gathering data. Which they seem pretty good at. The fact that it's sensitive data and *should* be protected, seems to have escaped them.
  
  --
  There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
74. Re:Is someone paying them to be this stupid? by zifn4b · 2017-09-21 00:01 · Score: 1
  
  Punishing stupid with jail time has been proven to reduce, though not eliminate, stupid's influence on the average citizen. Might be good to start there.
  There is no way to create a deterrent to stupidity because as we know, most people are unaware of how stupid they are because it actually requires sufficient intelligence to know this. Average ability people usually know when they are about to commit a crime but they are usually unaware of their own cognitive biases including overestimating their ability.
  
  --
  We'll make great pets
75. Re: Is someone paying them to be this stupid? by zifn4b · 2017-09-21 00:04 · Score: 1
  
  why do you think its NOT ok to imprison ceo's? the rich white guys are that untouchable to you?
  Better question: do you think it's okay to imprison tax payers for not paying their taxes (aka debtor's prison)? Think carefully before you answer. If you don't know the history of the topic I'd refrain from answering.
  
  --
  We'll make great pets
76. Re: Is someone paying them to be this stupid? by zifn4b · 2017-09-21 00:07 · Score: 1
  
  Riiiiight.... moral guidance. Because these people are not only the leaders of companies, they are the altruistic moral guiding light of everyone around them.
  And the solution is to force everyone to be altruistic I suppose then? We should have a set of policies where the government forcefully takes the fruits of everyone's labor and their property and redistributes it?
  
  --
  We'll make great pets
77. Re: Is someone paying them to be this stupid? by zifn4b · 2017-09-21 00:09 · Score: 1
  
  Right, like in China where they execute people for white collar crime.. Or at least they used to, because all fraud and malpractice was stopped.
  You fucking imbecile.
  You're the fucking imbecile. You have to actually prove there was intentional fraud and that what was done meets the legal definition of fraud. Just arbitrarily declaring something fraud does not make it so. We have laws in the United States for this sort of thing. The problem is substantiating the claim that it actually was fraud based on the legal definition of it.
  
  --
  We'll make great pets
78. Re: Is someone paying them to be this stupid? by Cederic · 2017-09-21 01:25 · Score: 1
  
  But you know what? Who cares?! The fact that she had both degrees (a Bachelors and a Masters) in Music tells me that she just wasn't that into this Chief Security/Information Officer stuff.
  What utter fucking elitist idiocy.
79. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-21 03:53 · Score: 0
  
  This is wrong.
  Corporate entities can absolutely file for Chapter 7 protection if they are looking to close the business. Granted, larger businesses may want to liquidate through Chapter 11, but I have filed Chapter 7 for small single-member LLCs in the past (as well as had Chapter 11s converted to Chapter 7).
80. Re:Is someone paying them to be this stupid? by ripvlan · 2017-09-21 04:21 · Score: 1
  
  They have been good at their core business. collecting and sharing financial data on millions of people. Nowhere in their charter does "security" or "trust" exist. We are the product they sell.... not security products.
  Just look at how they originally offered the free service to monitor accounts: first you had to sign up, they didn't automatically enroll you.. Second - you had to promise not to sue them (term since removed).
  They don't care about you, the product. They want high quality "data" and take good care of it like the hamburger makers want high quality cows. And if a cow dies - oh well, they'll look into it. They grow cows and sell hamburger. Hamburger is the product... not cows. You are a cow - your compiled financial data is the product.
  This consolidation of information has been a concern of mine for years. I always wondered what would happen if data was stolen at this level. Now I have to ask -- is it valuable anymore?
81. Re: Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-21 04:23 · Score: 0
  
  In other words Americans pay more and get less. The funny thing is, fiscal conservatives seem to either be totally ignorant of this, or in denial.
82. Re:Is someone paying them to be this stupid? by Areyoukiddingme · 2017-09-21 05:59 · Score: 1
  
  This is probably the highest value data breach in the history of mankind, and alarmingly that isn't even hyperbole.
  While this is manifestly true, it's such a gigantic breach that 148 million people are not going to be victimized. There literally aren't enough criminals to take advantage of all the data.
  I'm all for subjecting Equifax to the corporate death penalty just on principle, but as a practical matter, fraud rates will go up, but not astronomically higher. There simply aren't enough fraudsters to take advantage of all the opportunities for fraud presented by the breach.
  Unless someone manages to automate applying for credit using the data using a major botnet with enough independent IPs to dodge some of the automated fraud detection mechanisms. Then all your spittle would be fully justified.
83. Re: Is someone paying them to be this stupid? by torkus · 2017-09-21 07:25 · Score: 1
  
  Jailing more people is generally not a viable solution. Nor is it a particularly useful or effective one.
  Instead hold people RESPONSIBLE. (hint: if you're getting free room and board + entertainment + schooling + social time + etc. then you aren't especially responsible.
  Take away the CEO's money. Including their stock options and hidden offshore money and so on and so forth. Fine them personally for fuckups they knowingly allowed, endorsed, or perpetrated. None of the 'oh, Mr. CEO is resigning at the boards request and taking their million stock options while they transition over to CEO somewhere else' crap that we see all the time.
  Fine people relative to their income (hey, maybe we can do that for taxes too) and the level of stupidity the perpetrated. That will quickly make people very interested in doing the best they can, not the least they can get away with.
  
  --
  You can get rich if you own a politician, but you have to be rich to buy one in the first place.
84. Re: Is someone paying them to be this stupid? by torkus · 2017-09-21 07:31 · Score: 1
  
  A few centuries ago, people regularly starved to death and stealing bread was already a life or death decision. Your analogy might as well have included a car.
  With that said, I agree that prison isn't a functional detriment to those who would or do commit crimes. The threat of jail has very little effect on people not otherwise inclined to break laws either.
  However, CEO's are already compensated far higher than they were now that many years ago when people actually did expect them to be useful. Look at the ratio of average CEO income vs average worker income and the ratio has gone from 10 or 100:1 to 1000:1 and more...often much more. If a CEO is earning easily 1000 times what their average employee does then yes, I DO expect them to assume MUCH more risk (not less like is the case today)
  
  --
  You can get rich if you own a politician, but you have to be rich to buy one in the first place.
85. Re: Is someone paying them to be this stupid? by torkus · 2017-09-21 07:32 · Score: 1
  
  why do you think its NOT ok to imprison ceo's? the rich white guys are that untouchable to you?
  Better question: do you think it's okay to imprison tax payers for not paying their taxes (aka debtor's prison)? Think carefully before you answer. If you don't know the history of the topic I'd refrain from answering.
  Take away all their money. If the amount they have doesn't compensate for the wrong they perpetuated, then debtor's prison is suitable.
  
  --
  You can get rich if you own a politician, but you have to be rich to buy one in the first place.
86. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-21 08:57 · Score: 0
  
  While this is manifestly true, it's such a gigantic breach that 148 million people are not going to be victimized. There literally aren't enough criminals to take advantage of all the data.
  Well then, what is your threshold for how many people get completely fucked over before this becomes an epic fiasco? Even 5% is going to be about 7 million people. Do you even give a fuck as long as it's not you? In which case, you deserve to be on the receiving end of this.
  The problem with a breach of this nature is this information will float around for literally decades. There is no undoing this, just hoping that sooner or later you don't find yourself the victim of identify theft caused by these assholes.
  Unless someone manages to automate applying for credit using the data using a major botnet
  Bullshit. See, nobody has to target everyone at the same time. They have literally got years to trickle through this, and there will be many different actors all just quietly sitting there chipping away a few at a time.
  They won't be acting in concert, the dumb ones will try to do what you suggest, but lots of little smart ones will be out there, it will be the financial equivalent of a distributed attack.
  Some people might not ever be victimized, some poor bastards might get hit multiple times by multiple sources.
  It's like spam, they don't need to do some big mass application for credit, having viable data for 140+ million people means you just take a few here and there. Hell, you pick some at random, do a few at a time, and any individual crook has a pretty much limitless supply of victims, all with data which can't exactly be changed.
  You think my "spittle isn't justified", then stop and think about the stupidity of what you said: for decades to come, a vast amount of the American populace runs the risk of randomly having someone sneak through something which could ruin their lives, by what is now going to essentially be a whole bunch of independent botnets (for lack of a better word) targeting some small subset of that data, doing this entirely independent of one another, and if they have any smarts doing it in small batches so as not to arouse suspicion.
  Even at a slow trickle, this will be of such a magnitude as to be beyond anything you've ever seen, precisely because it's exactly the information which is best suited to this fraud.
  So, you, your family, and pretty much everyone you know, stands a decent chance of eventually being targeted by this. The result of which could be the loss of everything you own, and which can't readily be repaired.
  I sincerely hope you get to be one of those people. And then maybe instead of saying something like "oh, it's not that bad" you'll stop and think that almost 150 million people will be potential targets for literally decades to come, and the only way to guard against it will involve the idiotic assholes who let this happen int he first place.
  So when someone sells your house on you, or burns you and leaves you stuck with massive amounts of debt, or transfers all of your money to someplace else ... then by all fucking means, tell yourself people are blowing this shit out of proportion.
  There doesn't have to be enough fraudsters to exploit every impacted user, and nobody is going to do it all at once. But on a massive scale, tens of millions of people will have no way of knowing they've been seriously fucked over, and the same group of shitheads who let this fucking shit happen will be the ones saying "oh, you owe this money and therefore you're screwed".
  The people who police this failure and its consequences are going to be the same mother fucking people who allowed it to happen in the first place.
  You want spittle? Suck my dick and feel free to spit. But don't fucking pretend this isn't going to cost tens millions of people tens or hundreds of billions of dollars for the next decade or so.
87. Re: Is someone paying them to be this stupid? by burtosis · 2017-09-21 09:20 · Score: 1
  
  Absolutely. The best places to live in the world, with the highest quality of life, education, lowest infant mortality, longest lifespans, etc all do this.
88. Re:Is someone paying them to be this stupid? by Anonymous Coward · 2017-09-22 05:06 · Score: 0
  
  But the admin/admin thing was for Argentina Equifax...had nothing to do with the US customer data that was exposed.
Put them to death! by emil · 2017-09-20 08:16 · Score: 2

SFWeekly is calling for all Equifax employees to be executed.
In all seriousness, the Equifax credit freeze does not work very well, and their freeze needs to work over Experian and TransUnion (and Equifax should pay for it).
1. Re:Put them to death! by Rick+Schumann · 2017-09-20 08:44 · Score: 2
  
  Heads on poles outside their corporate offices. I'm down with that.
2. Re:Put them to death! by Anonymous Coward · 2017-09-20 08:49 · Score: 0
  
  Ha.
  Execution might be a little much, but I do believe the top brass should have their personal fortunes taken, and lower levels of employees should also have a lesser financial penalty.
  Everyone in that company had a duty to protect that info, and they failed. The whole organization failed. Unless there is a penalty felt PERSONALLY by people, this will never end.
3. Re:Put them to death! by Anonymous Coward · 2017-09-20 08:55 · Score: 0
  
  SFWeekly is calling for all Equifax employees to be executed.
  Reading the article, I see that they consider this penalty to be justified because Equifax has an "overwhelmingly white and male leadership structure". The article goes on to say that,
  
  If we care at all about the wellbeing of our fellow citizens or any form of redistributive racial justice, this point is abundantly clear: Anyone at Equifax who’s convicted of negligence and corporate malfeasance merits the death penalty, full stop.
4. Re:Put them to death! by SternisheFan · 2017-09-20 09:34 · Score: 1
  
  It's really really bad what the C*O's of Equifax have done, they totally shirked their responsibilities as "leaders", and life in prison would, in my opinion, be appropriate punishment. To call for all of this company's employees to be sentenced to death? C'mon. By this logic, all the starving, mislead citizens of N. Korea should be nuked along with their crazy leader. That's morally wrong on so many levels.
5. Re: Put them to death! by bestweasel · 2017-09-20 09:55 · Score: 1
  
  You'll notice that the author, the apparently overwhelmingly white and male Peter Lawrence Kane, did not call for the death penalty just for the overwhelmingly white and male leadership structure but for all Equifax employees. Such fair-minded and impartial treatment should surely be encouraged rather than criticized.
6. Re:Put them to death! by Anonymous Coward · 2017-09-20 10:13 · Score: 0
  
  Ha.
  Execution might be a little much, but I do believe the top brass should have their personal fortunes taken, and lower levels of employees should also have a lesser financial penalty.
  Everyone in that company had a duty to protect that info, and they failed. The whole organization failed. Unless there is a penalty felt PERSONALLY by people, this will never end.
  No, no, absolutely NO! We need to shoot for the stars (OP suggestion) and if we only make it to then moon (your suggestion) then I guess we can be okay with it. :D
7. Re:Put them to death! by Anonymous Coward · 2017-09-20 14:11 · Score: 0
  
  SHUT THEM DOWN!!
  Make the company shutdown, sell all their assets, and fire the employees. The big whammey is you didn't create an account at Equifax for their services, they have a dossier on you if you want them to or not.
8. Re: Put them to death! by Anonymous Coward · 2017-09-20 16:23 · Score: 0
  
  Credit should be frozen by default and only opted into. The biggest scam ever. I don't want your credit.
Additionally by 93+Escort+Wagon · 2017-09-20 08:21 · Score: 4, Insightful

It's worth pointing out that it's pretty stupid to use a link obfuscator (aka short URL service) in this situation... which this "Tim" person from Equifax also did - he used a link shortener to direct people to the fake website!
(I'd argue link shorteners are evil in general, but that's a discussion for another day)

--
#DeleteChrome
1. Re:Additionally by Quirkz · 2017-09-20 08:41 · Score: 2
  
  (I'd argue link shorteners are evil in general, but that's a discussion for another day)
  Yeah, it seems like obfuscation of links causes more problems than I'd like. But in a world where lots of common services have a character limit (not just Twitter--even Slashdot's signature function is severely limited), sometimes a shortener is a necessity.
  
  --
  The Quirkz Handbook of Self-Improvement for People Who Are Already Pretty Okay
2. Re:Additionally by Anonymous Coward · 2017-09-20 11:19 · Score: 0
  
  (I'd argue link shorteners are evil in general, but that's a discussion for another day)
  Absolutely they are .. they got made so vain assholes could cram more into twitter messages. I have steadfastly refused to click on any shortened URL as long as they've existed, since you have no way of knowing where you're going, who is getting an affiliate link in there, and what the people in the middle are doing.
  URL shorteners are not only evil, they're idiotic an inherently unsafe because it expects you to play URL roulette.
  And, on topic, Equifax clearly are incompetent to run websites and need some serious legal penalties, because exposing the personal financial information of pretty much what works out to be every working adult in the US is a security breach on such an epic scale as to defy belief. Pretty much the entire country is at risk, and there is no recovering from losing control information which can't be altered.
  Oh, and then they were sneaky douchebags who offered to give you credit protection which had a clause in the TOS which made you surrender your right to class action suits.
  That guy suggesting everyone from Equifax be put to death isn't far off the mark, these ass clowns have caused irreparable harm, and just before they disclosed this they were lobbying to have even less regulations. Every greedy asshole wants less regulation so his own greed and incompetence doesn't get in his way of seeking profit at the expense of the clients they serve.
  Oh, wait, you're not Equifax's client, they just got access to all of your data and were too greedy and stupid to actually safe guard it like they should be required to. You're their product even though you never agreed to give them your data and have no choice to opt out.
  So, to all you blackhats out there ... doxxing every motherfucking employee of this company, their family, extended family ... this is now fair game and should be done post haste. But don't worry, I'm sure Trump the idiot will pardon the CEO if it comes to anything like penalties. Greedy cocksuckers have to stick together.
3. Re:Additionally by thegarbz · 2017-09-20 21:09 · Score: 1
  
  (I'd argue link shorteners are evil in general, but that's a discussion for another day)
  Link shorteners in general aren't evil, but their no click, no confirmation implementation is. They should always direct to an intermediate page which shows clearly where the shortener is directing you and wait for confirmation to do so.
Wow by JohnFen · 2017-09-20 08:22 · Score: 3, Insightful

The level of Equifax's ongoing idiocy is amazing. Almost impressive, even.
The fact that they can't even get the most basic security things right strongly suggests that their core business activities are likely to be run with the same amount of incompetence.
1. Re:Wow by whoever57 · 2017-09-20 08:35 · Score: 4, Funny
  
  Don't forget that they have a talent deficit: they just lost their head of information security.
  
  --
  The real "Libtards" are the Libertarians!
2. Re:Wow by Anonymous Coward · 2017-09-20 08:53 · Score: 0
  
  The level of Equifax's ongoing idiocy is amazing. Almost impressive, even.
  I'll just leave this here.
3. Re:Wow by computational+super · 2017-09-20 09:00 · Score: 4, Funny
  
  AND they have nobody to compose a new corporate jingle!
  
  --
  Proud neuron in the Slashdot hivemind since 2002.
4. Re:Wow by JohnFen · 2017-09-20 09:34 · Score: 1
  
  Are you saying that you think this is the result of malice?
5. Re:Wow by Anonymous Coward · 2017-09-20 11:47 · Score: 0
  
  Saving y'all a click: Sufficiently advanced incompetence is indistinguishable from malice.
6. Re:Wow by cbiltcliffe · 2017-09-20 15:40 · Score: 1
  
  Don't need to click. Just mouseover and check the status bar.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
7. Re:Wow by Anonymous Coward · 2017-09-20 22:17 · Score: 0
  
  The level of Equifax's ongoing idiocy is amazing. Almost impressive, even.
  No, it isn't. This is "par for the course".
  Think about it. Why is this linky linky thing stupid? Put another way: What would have been better?
  Why, .equifax.com, that is, use the DNS as the distributed name database it is, and make handy use of the SOA feature. But amazingly, many many people have no idea whatsoever that this is how DNS works. Even people right in tech, who ought to know since it's part of their daily bread and butter. Think about that for a minute. Why is this so and how did this come to be?
  I doubt you or even most others here could give a cogent answer to that, which is telling. But you're welcome to try. Show us that you at least really thoroughly grasp your own field, before criticizing the cee-section idiots on top of equifax for having failed to take appropriate measures before it all went down the crapper for them.
8. Re:Wow by Anonymous Coward · 2017-09-21 00:28 · Score: 0
  
  I would do it for a song!
9. Re:Wow by Anonymous Coward · 2017-09-21 01:52 · Score: 0
  
  I just finished writing a new theme song that I think would work perfectly. Its called "We bring you joy, we bring you strife"
10. Re:Wow by JohnFen · 2017-09-21 02:48 · Score: 1
  
  Think about it. Why is this linky linky thing stupid? Put another way: What would have been better?
  What would have been better is to follow standard practice with important domain names: you register the name you want as well as all of the variations/typos that might be easily confused with it.
  Typosquatting isn't anything like a new thing.
just cause they can by Anonymous Coward · 2017-09-20 08:28 · Score: 0

I find it ironic that some of you love and at times take side of the business that fuck you over... now you have a lifetime to defend them and also you social security number... ha ha ha...
I'm an expert -- I have a degree by Anonymous Coward · 2017-09-20 08:29 · Score: 1

In music.
Remember Enron... by Anonymous Coward · 2017-09-20 08:33 · Score: 0

They probably read "The Smartest Guys in the Room: The Amazing Rise and Scandalous Fall of Enron" and cashed out to lawyer up before it was too late.
1. Re: Remember Enron... by Anonymous Coward · 2017-09-20 13:09 · Score: 0
  
  Downmod affiliate spam.
  Fuck off Creimer, get back to the gym.
It's still not safe! by sentiblue · 2017-09-20 08:34 · Score: 5, Insightful

So equifax.com sits in an IP block that is directly managed by Equifax itself. Whereas, equifaxsecurity2017.com is in a block owned by CloudFlare.

This leads me to believe that the hackers didn't just get the website and the database. They got the entire network and that Equifax up until today is unsure if their network is safe yet. Equifax's decision to host the new website in CloudFlare is to make sure that they don't give additional information to hackers who are ALREADY in.
1. Re:It's still not safe! by Calydor · 2017-09-20 08:44 · Score: 1
  
  So after all these security fuckups, you think they're competent enough to get the idea that they have no idea whether their network is compromised?
  
  --
  -=This sig has nothing to do with my comment. Move along now=-
2. Re:It's still not safe! by clonehappy · 2017-09-20 08:48 · Score: 1
  
  So instead of giving my information to the hackers that have breached Equifax's network, I get to hand it over the the hackers that have breached CloudFlare's network. Better or worse?
  No network is secure.
3. Re:It's still not safe! by Anonymous Coward · 2017-09-20 08:53 · Score: 0
  
  ...Or they wanted an easy way to quickly stand up a simple web site which was going to get a metric poo-ton of traffic in a very short time period, and decided that it was cheaper to pay CloudFlare to do what CloudFlare does best rather than standing and securing up hundreds of new external-facing web servers on their own network just to tear 3/4 of them back down a week or so later.
  There might also be a joke hiding somewhere in there about Equifax unintentionally becoming a content delivery network...
4. Re:It's still not safe! by Anonymous Coward · 2017-09-20 08:55 · Score: 2, Insightful
  
  They could have easily created a subdomain under the official equifax.com domain but still made the IP under Cloudflare or whatever they wanted to do. They're just idiots.
5. Re:It's still not safe! by OverlordQ · 2017-09-20 09:49 · Score: 1
  
  > Equifax's decision to host the new website in CloudFlare is to make sure that they don't give additional information to hackers who are ALREADY in.
  What? Do you even know how CloudFlare works?
  
  --
  Your hair look like poop, Bob! - Wanker.
6. Re: It's still not safe! by Anonymous Coward · 2017-09-20 10:23 · Score: 0
  
  Now they will have probably brought in outside contractors to try and stem the shitstorm
7. Re: It's still not safe! by Anonymous Coward · 2017-09-20 10:38 · Score: 0
  
  The website code to see if you are exposed is bloated. It should be this:
  Yes.
8. Re:It's still not safe! by Anonymous Coward · 2017-09-20 11:31 · Score: 1
  
  Subdomains are bad - they receive all of the parent domain's cookies in most cases, and can set cookies for the parent domain, which hackers can use if they have access to subdomains to attack the primary site. For example, if a business wanted to keep it's own business.com domain but run a shop with Shopify at store.business.com, they are pretty dependent on Shopify's security practices to keep business.com safe.
  So why would anyone trust a third party running software for their subdomain, rather than getting it separated out? Brand and ease of use. They are the king and queen of the internets.
9. Re: It's still not safe! by rholtzjr · 2017-09-20 11:43 · Score: 1
  
  What gave you the impression that outside contractors were not the initial cause of this?
10. Re:It's still not safe! by Anonymous Coward · 2017-09-20 14:44 · Score: 0
  
  This. Seriously.
  For those who don't know/use/understand cloudflare:
  Cloudflare is a DNS provider, they provide SSL termination and HTTP proxy service. They require access to the domain you want to secure (you have to point your nameserver records at their DNS servers) and you can OPTIONALLY enable their HTTP/HTTPS proxy service.
  If you DO enable their proxy service; they replace your DNS records with their own servers; and terminate SSL (optionally) and proxy the connection (at layer 7) through to your actual (server/load balancer).
  In so doing; they provide application-based, geographic, IP, or API driven rules to either allow, prompt/challenge, or block incoming connections based on headers / URL / request origin / etc.
  The IP address matching Cloudflare does not in any way indicate that anything unusual is going on; it just means that someone figured "It's likely a good idea that we obfuscate (whatever CRM we want to use for this quick site) behind something that has some field-tested security / rules and enable them all"
  Equifax is a fucking nightmare and I hope this leads to their total and complete demise. That said; this has NOTHING to do with Cloudflare.
11. Re:It's still not safe! by Anonymous Coward · 2017-09-21 01:39 · Score: 0
  
  You should read up on CloudFlare and how it works.
12. Re: It's still not safe! by houghi · 2017-09-21 02:35 · Score: 1
  
  We hired outside contractors to ask if it where possible that contractors are a security risk and they said that was unpossible.
  
  --
  Don't fight for your country, if your country does not fight for you.
13. Re: It's still not safe! by JohnFen · 2017-09-21 04:15 · Score: 1
  
  What gave you the impression that outside contractors were not the initial cause of this?
  Because no contractors were blamed. Considering that it's common to blame contractors for problems (whether or not they were the cause), it speaks volumes that this isn't happening here.
14. Re:It's still not safe! by ripvlan · 2017-09-21 04:26 · Score: 1
  
  I went looking to see if my records were affected. Then followed the link to their special website -- and was mildly nervous over the name. I then realized how stupid the name was and was sure the spammers would start sending out fake look-a-like links.
  Apparently their naming scheme is to cover next year's planned leak of data.
  Of course when these reports began to come to light I immediately went and verified that I had been on a real site. There was no feedback - I submitted a task to them and was presented with "due to volume this make take awhile" -- it's been a week and still no email from them. And yes -- I went back and verified a third time that I was on the real site.
  But I'm still nervous.
15. Re: It's still not safe! by rholtzjr · 2017-09-21 04:53 · Score: 1
  
  Uh, so the CSO personally configured the system with a default username/password of admin/admin. I was talking at the level. She is just the one who has been held accountable, not the one who actually did the deed. And with the way most BIG companies operate nowadays, I would it hard to show that the actual deed WAS an internal employee.
The only reasonable solution... by sinij · 2017-09-20 08:52 · Score: 5, Funny

The only reasonable solution here is to jail Nick Sweeting for fraud.
Wall street is also turning into a clickbait scam! by deviated_prevert · 2017-09-20 09:01 · Score: 1

Same as slashdot advertising links like this one.

Hey Guys! You might remember my post earlier where I whined about my husband failing to perform in bed and would rarely get me turned on at all? At first I was like: WTF, where do all those adult film stars get their stamina? — we've tried everything you can think of, from Viagra to other libido pills, nothing seemed to work. Bullshit! — his dick remained limp and sex didn’t last for more than a couple of minutes.
After about 6 months I gave up. I decided it was in his age and part of his physical condition, and that there was nothing we could do about it. Also, I can’t say I wanted sex that bad myself, knowing that I wouldn't be satisfied, and he’d be upset. I felt my husband totally losing confidence in himself and it was frustrating.
but then again slashcode advertising sucks dead horse balls!
Clint Eastwood is not dead yet and neither is his dick! His last words will be "dying ain't much of a livin' boy" if there is any humor left in the world.
On topic, the whole equifax situation in a way is similar and is proving to be complete and utter Wall Street bullshit IMHO and is in itself just a stock option clickbait scam. Just watch what happens when equifax goes on sale. I am almost willing to bet that the board is secretly considering offers right now and that is why the execs cashed a swack of shares. It almost seems as if their IT stupidity is deliberate to bring the stock down to the point where a buyout becomes possible.

--
This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
For Immediate Release and Action by ewhac · 2017-09-20 09:06 · Score: 1

Dear Equifax Executive and Marketing/Communications Staff:
You're all fired, for cause, effective immediately. Concordant with a for-cause firing, any and all severance benefits are rendered null and void. Surrender all company property, including cell phones and computers, to HR immediately. Please collect your personal effects; security will be instructed to escort you off company property no later than 18:00 EDT.

--
Editor, A1-AAA AmeriCaptions
1. Re:For Immediate Release and Action by 4wdloop · 2017-09-20 09:23 · Score: 1
  
  What HR? You've just fired them too....
  
  --
  4wdloop
Re:Wall street is also turning into a clickbait sc by Anonymous Coward · 2017-09-20 09:07 · Score: 0

But why would anyone want to buy out a company that might have a worse reputation than Hitler?
Can we just jail all of equifax by Anonymous Coward · 2017-09-20 09:25 · Score: 1

It seems like we're reaching a point where we should just take every employee in anyway involved with the decisions that equifax has made in the last 5 years, and put them in jail for something like criminal negligence
1. Re:Can we just jail all of equifax by Anonymous Coward · 2017-09-20 16:11 · Score: 0
  
  By the same token, it seems that all credit checks (which are included in employment background checks) should be assumed to be in favor of the applicant.
  Ha, Ha HA.
  Though actually fair and just, as if that will ever happen. Even if legislated, it will be another 'elect me - I was on your side' crap with no actual enforcement.
Corporate Death Penalty by Anonymous Coward · 2017-09-20 10:15 · Score: 0

Kill all the execs, revoke the business license, burn down the building
The entire executive and management teams... by Anonymous Coward · 2017-09-20 10:59 · Score: 0

Need drawn and quartered by their golden parachutes.
Re:Wall street is also turning into a clickbait sc by JohnFen · 2017-09-20 11:04 · Score: 1

For the data
The only fair solution by Anonymous Coward · 2017-09-20 11:34 · Score: 0

Make all shareholders personally responsible for their share of the fines and judgments. The bill comes out to $10B after liquidating all assets and you own 1% of outstanding shares? Your personal liability is $100M.
Go ahead and make it non-dischargeable in bankruptcy for extra lulz. Might make other companies take their externalities more seriously.
Equifax shit in the pool at the cool kid's birthday party this time.
CSO with music degree by Anonymous Coward · 2017-09-20 12:22 · Score: 0

majoring in playing the rusty trombone no doubt! Cant see any other way she would have gotten the job!
Re:Wall street is also turning into a clickbait sc by rholtzjr · 2017-09-20 14:20 · Score: 1

But the data may already be public? Soooo, that is kinda defeating the purpose.
Contact Us by rholtzjr · 2017-09-20 14:34 · Score: 1

LOL, has anyone read their "Contact Us" page on their site. I quote:

Powering the World with Knowledge
Yea, they sure did! They just gave all the personal information for pretty much all the working class Americans.
Now that is a great motto for a company that actually adhered to their mission statement.
Fake? by tbq · 2017-09-20 18:10 · Score: 1

Customers would be in even more trouble if Equifax was sending them to a real phishing site.
Security by Bert64 · 2017-09-20 19:26 · Score: 1

Perhaps they were trying to do their customers a favor for once, redirecting them to a site that's likely to be fare more secure than their own.

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
150mil = ALL american adults got pwned by Anonymous Coward · 2017-09-21 01:33 · Score: 0

Remember half the people are kids.
150mil american adults = all american adults.
Re:Wall street is also turning into a clickbait sc by JohnFen · 2017-09-21 02:59 · Score: 1

Not even close to all of their data was made public.
Re:Wall street is also turning into a clickbait sc by rholtzjr · 2017-09-21 04:06 · Score: 1

Just the most critical information that affects pretty much ALL working class individuals in the US. It does not take a rocket scientist to actually realize that if the information taken is the primary basis for any other information they may have, even though it was not taken, will devalue any of said information to the point of insignificance. Since the underlying base information has now been compromised any other data derived from it has now been made much less valuable almost to the point of worthless.
So, in hoping that the company survives this debacle, it would have to be looked as to whether they diversified their company to not rely solely on this base information. In other words, does their information include anything where their "product" (e.g. the consumers that were compromised) still holds any value
BTW, if you actually look at their corporate mission statement, one of the values they purported to achieve was Integrity. I'd definitely say, in this case, they failed big on that one.
Re:Wall street is also turning into a clickbait sc by JohnFen · 2017-09-21 04:21 · Score: 1

in hoping that the company survives this debacle
Personally, I hope they go out of business. The level of incompetence they continue to demonstrate indicates to me that the situation is not redeemable.

BTW, if you actually look at their corporate mission statement, one of the values they purported to achieve was Integrity.
Corporate mission statements are almost always marketing BS. Does anyone really take them seriously?
Besides, this is Equifax. We've already known for a very long time that "integrity" isn't exactly their #1 priority.