* Posts by matthew.wilson@pobox.com

3 posts • joined 18 Sep 2017

Sole Equifax security worker at fault for failed patch, says former CEO

matthew.wilson@pobox.com

That's spectacular.

That CVE was in the weekly US-CERT alert email. It was discussed in the tech media. It was on The Register front page. The initial fix was in April's Quarterly Patch Set, and somebody in the company should have got an email about that. Here's the advisory that I got in my email. It's pretty clear about the risk.

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html?elq_mid=75866&sh=1426070719220423041815081213153331041230&cmid=SPPT160711P00036#AppendixFMW

Equifax has (or had) 9500 employees, and only ONE person was responsible for keeping an eye on the alerts?

Nah, sorry, it's not that employee's fault. What they have there is a failure to take this stuff seriously.

White House staffers jabbed with probe over private email use

matthew.wilson@pobox.com

Hypocrisy is the world's #1 philosophical framework. The trick is to shout "hypocrisy" first.

Equifax's IT leaders 'retire' as company says it knew about the bug that brought it down

matthew.wilson@pobox.com

They should have been reading The Register! I read about this bug on this site, I sent up the balloon and we had it patched overnight. I found a ready-to-use curl command that I could use to show the devs just how serious the problem was, and there were no arguments.

I'm actually a bit surprised by how few international-headlines breaches were caused by that bug.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019