XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
Privacy Policy
It is currently Wed Nov 21, 2018 10:33 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 59 posts ]  Go to page Previous  1, 2, 3
Author Message
 Post subject: Re: Equifax breach
PostPosted: Sun Nov 05, 2017 7:04 pm 
Offline
he who stacks pork
User avatar

Joined: Thu May 15, 2008 8:04 pm
Posts: 4381
Location: Uranus
Funny how I just got a letter from them last week regarding the July breach. Since then I have had to close up my credit card due to $2,000.00 of unauthorized purchases. In the letter from said morons, they tried to put me at ease that I would not be impacted financially. Fuckers. You don’t really care, do you?

-he who stacks pork

_________________
Powerbook 180, System 7.1, 100MB HD, 8MB Ram, external 20MB SCSI HD
2009 Surly 1x1 Anniversary Edition Rat Ride, 2016 9:zero:7 fatbike, 2014 9:zero:7 SS fatbike, 2013 SS PRC carbon 29er
I enjoy picnics on the beach with hot and crazy women


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Sun Nov 05, 2017 9:41 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:10 pm
Posts: 694
No they don't, and they never will be with the chump posse in power.

I don't know what really became of the Congressional hearing that the
ex-CEO of Equifax was hauled in front of, did anything come of it or
has all the twits from the twit drowned it out ?

Also does anyone else find it odd that chump is looking to Putin for NK help ?
hmmmm......


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Wed Nov 08, 2017 9:49 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6277
Location: NYC
Just finished watching the hearings on the Equifax, et al. data breach(es). Interim Equifax CEO assured the panel that they had now done a "top down" review of security practices and instituted "multi-level" protections. Since the data stolen was stored in plain text, he was asked if it was now being stored encrypted (time to lock the barn door, right?) HE SAID HE DIDN'T KNOW IF IT WAS!!!!!

Then was asked why, since this breach will affect millions for the rest of their lives, the Equifiax credit monitoring* offered was only for one year, he managed to evade that question completely.

*I signed up for it, for what little it might be worth, and it seems like a total piece of crap.


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Wed Nov 08, 2017 11:37 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 15194
Man 'o man, it pays to be rich. :upset:


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Wed Nov 08, 2017 7:09 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10175
Location: Caught between the moon and NYC
You know all those Lifelock commercials that have been running on a near-continuous loop lately?

Guess who buys identity theft protection for their customers from Equifax?


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Wed Nov 08, 2017 11:52 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9920
Location: North of the State of Jefferson
Encrypting the data at rest in the database might be helpful, but for cases like this I suspect it doesn't add much real world protection. Or to put it differently, I suspect the threat isn't primarily that someone will steal the individual (mammoth) data files that the database read/writes, rather that they gain access to query the database and exfiltrate the information by running lots of innocuous-looking queries. Encrypting the data on the disk doesn't usually protect from the database engine itself being compromised because, by and large, the database engine needs to be able to decrypt anything in its data files. I have no idea how the data were actually stolen in the Equifax breach, but I'd be a little surprised if the thieves tried to make off with the underlying files in a way that conventional encryption of the data at rest would have prevented (hey, it's just usually easier to submit a trickle of queries).

I can imagine more complex encryption/permission systems, but at the end of the day in order for the data to be valuable to the company some system or account somewhere is going to be able to read and write everything and that'll be the target as the attacker worms through the system. On top of that, encrypting everything at all stages is hard because, amongst many issues, for the data to be useful you have to be able to query it, at which point it's decrypted. That just changes the target of your attack.

It's also worth contrasting this with non-centrally maintained systems like laptop computers, etc. With those the danger is that the device itself will be stolen or lost, a threat for which encryption serves as appropriate and effective protection.

More controversially, I propose that the mere existence of these databases puts the data at risk, and in the long run we need to make these data less valuable or harder to access in mass. That notion is, I'm sure, an anathema to companies like Equifax. I also don't have a good idea how to get to the point, although personal encryption keys physically held by individual people that unlock the contents of a file with blockchain like signatures for verification, etc., etc., might point the right direction. Decentralizing the data might work but would be hard to manage and would have to be legislatively enforced. Making the data so low value that it's not worth stealing would also work, but credit and financial history data will probably always be valuable.

End ramble.
- Anonymous


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Thu Nov 09, 2017 12:56 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10175
Location: Caught between the moon and NYC
Rabble rabble rabble rabble!

Sometimes it feels like the only thing you can do.


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Mon Nov 05, 2018 9:40 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6277
Location: NYC
New information: Big pain in the ass when you thought the freeze you already put in place took care of things. Probably good idea to create Equifax (and Trans Union*) accounts, in order to prevent someone who has the stolen data from creating an account (before you do) to pause or remove your freeze, and then fraudulently apply for credit.

See comments, Belli, at https://krebsonsecurity.com/2018/11/equ ... more-45487

To create account

https://my.equifax.com/consumer-registr ... sonal-info (rated A+ at Qualys SSL Server Test)

*EDIT: TransUnion maybe


Top
 Profile  
 
 Post subject: Re: Equifax breach
PostPosted: Mon Nov 05, 2018 6:13 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 15194
UHHHHG, I wonder the odds of signing up for anything with such aholes isn't just putting more of your stuff at risk???


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 59 posts ]  Go to page Previous  1, 2, 3

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group