registered the domain Equihax.com
Uh, judging by ElReg, something along the lines of equinox.com would have been more effective.
FireEye removed an Equifax case study* from its website in response to a recently disclosed mega-breach at the credit reference agency. Equifax’s endorsement that FireEye’s tech protected it against zero-day and targeted attacks had more than the whiff of hubris about it once it emerged hackers had successfully pwned the …
Not when I checked 15 minutes ago but equifux.co.uk and the even more delicious equifux.me.uk were. I had them both in my 123 reg basket but bailed at the last minute. Decided against handing over personal data and payment info just to make a point about the loss of personal data and payment info.
“We have this category that Equifax calls unhandled malware, [with] which traditional security approaches haven’t been very helpful. Putting in FireEye has really helped us detect this unhandled malware, then gives us the capability to take action to stay secure.” Tony Spinelli, SVP and CSO of Equifax -- link
“The zero-day and targeted attacks that evade some of the simpler defenses are where you are going to need a next-generation product like FireEye. We looked at two or three other vendors in this space, but when we put FireEye up against the other two vendors, by far, FireEye detected and kept us secure from these issues.”
- Tony Spinelli, SVP and CSO, Equifax
Who were the other vendors because they must be really shit?
Quoting the article "... a Google cache snapshot can be found, at least temporarily ..."
So I visited the page, and it offers a report for downloading. Note that it actually said 'download'.
To get the download, all you have to do is hand over some personal data.
So I gave them some personal data - obviously I made it up on the spot, including the email address - and it said "THANK YOU. THE REPORT HAS BEEN EMAILED TO YOU." (My caps.)
It didn't bother verifying the address, or anything like that.
Who are these jokers? I sent twenty characters to their server and it sends a PDF to anybody I feel like naming.
DDOS courtesy of FireEye anyone?
Early indications are that hackers failed to go even deeper and access Equifax’s core consumer or commercial credit reporting databases.
Well why would they? They'd already got all the useful stuff!
I don't think they'd be particulalry interested in personal or commercial credit scores, they're not much use to a criminal compared to the names, addresses, phone numbers, social security numbers etc which they did get.
Yep. Going after me is a waste of time. The interval of my having money and not having any more is measured in hours, just paying the bills. Likelihood of obtaining a credit card or line of credit using my personal information? Zero. That's what a 78 gets you. (I know that's supposedly an impossible number but it yet remains 78.)
Biting the hand that feeds IT © 1998–2020