Language Selection

English French German Italian Portuguese Spanish

Apache Mounts Strong Defense, Equifax Retreats

Filed under
Security

One of the largest financial data breaches in U.S. history, it exposed names, addresses, Social Security Numbers, birth dates, driver's license numbers and other sensitive information belonging to 143 million U.S. consumers, as well as data belonging to an undisclosed number of UK and Canadian consumers.

The attackers also accessed credit card data for about 209,000 consumers and credit dispute information for about 182,000 consumers, Equifax said.

[...]

However, with respect to the possibility that it resulted from an exploitation of a vulnerability in the Apache Struts Web Framework, it was not clear which vulnerability could have been utilized, Gielen said.

One assumption connected the breach to CVE-2017-2805, one of several patches Apache announced on Sept. 4.

"However, the security breach was already detected in July, which means that the attackers either used an earlier announced vulnerabiity on an unpatched Equifax server or exploited a vulnerability not known at this point in time -- a so called Zero Day Exploit," Gielen noted.

The committee members have put enormous effort into "securing and hardening the software we produce," he added, and they fix problems that come to their attention.

There's a distinction between the existence of an unknown flaw in the wild for nine years and failing to address a known flaw for nine years, said Gielen, emphasizing that the committee just learned about this flaw.

The has not had any contact with anyone using the @equifax domain on any Apache list in more than two years, said Apache spokesperson Sally Khudairi.

"To be clear, whilst we haven't had contact with anyone using the @equifax domain -- official or otherwise -- that is not to say there isn't a chance that someone from their team may have done so using an alternate channel," she told LinuxInsider.

Read more

More in Tux Machines

Linux Foundation: Heather Kirksey and the New LF Report

  • Heather Kirksey on Integrating Networking and Cloud Native
    As highlighted in the recent Open Source Jobs Report, cloud and networking skills are in high demand. And, if you want to hear about the latest networking developments, there is no one better to talk with than Heather Kirksey, VP, Community and Ecosystem Development, Networking at The Linux Foundation. Kirksey was the Director of OPNFV before the recent consolidation of several networking-related projects under the new LF Networking umbrella, and I spoke with her to learn more about LF Networking (LFN) and how the initiative is working closely with cloud native technologies. Kirksey explained the reasoning behind the move and expansion of her role. “At OPNFV, we were focused on integration and end-to-end testing across the LFN projects. We had interaction with all of those communities. At the same time, we were separate legal entities, and things like that created more barriers to collaboration. Now, it’s easy to look at them more strategically as a portfolio to facilitate member engagement and deliver solutions to service providers.”
  • Linux Skills Most Wanted: Open Source Jobs Report
    The 2018 Open Source Technology Jobs Report shows rapid growth in the demand for open source technical talent, with Linux skills a must-have requirement for entry-level positions. The seventh annual report from The Linux Foundation and Dice, released Wednesday, identifies Linux coding as the most sought-after open source skill. Linux-based container technology is a close second. The report provides an overview of open source career trends, factors motivating professionals in the industry, and ways employers attract and retain qualified talent. As with the last two open source jobs reports, the focus this year is on all aspects of open source software and is not limited to Linux.

Games: Steam Summer Sale, GNU/Linux Version of Turok, GNU FreeDink

  • Steam Summer Sale is up, free game from Humble Store & Fanatical sale too
    There's quite a lot of sales and stuff going on right now, so I'm going to cram some into one article to give you an extra scoop with sprinkles and all. Firstly, head on over to Humble Store to grab a free copy of Shadowrun Returns Deluxe. Note: You do need to be subscribed to their newsletter to get it and it's only going on for 48 hours.
  • The Linux version of Turok has left beta, available to everyone
    Turok, the revamp of the 1997 shooter arrived in Beta for Linux back in May and now it's officially out.
  • GNU FreeDink - One Of The Few Fully Free Software Games - Now Runs On The Web
    When it comes to obscure projects under the official GNU Project umbrella, GNU FreeDink is one of them as being a free software game whose lineage traces back to the Dink Smallwood title from the late 90's. Nearly twenty years after the game's original release, the latest GNU FreeDink release is now available that allows it to be played within web-browsers. GNU FreeDink is the GNU maintained version of the Dink Smallwood game based upon its source release and then with any and all proprietary assets (like sounds) replaced to make it completely free software, with many otherwise "open-source" games still relying upon non-libre licensed in-game assets.

Software: LabPlot 2.5, GNU Parallel 20180622 ('Kim Trump'), Ick ALPHA-6

  • LabPlot 2.5 released
    It took much more time to finalize the release than we planned in the beginning after the 2.4 release was done. But we hope the number of features we implemented for 2.5 and their impact on the workflows supported by LabPlot can justify this delay. The source code and the installers for Windows and for Mac OS X can be found on our download page, as usual. In this release we again increased the number of data sources and added the support for the import of data from SQL databases. The user can import either from single tables or import the result of a custom SQL queries.
  • Krita 4.1 Beta Comes with a New Reference Images Tool and Supports Multi-Monitor Workspace Layouts
  • GNU Parallel 20180622 ('Kim Trump') released
    GNU Parallel 20180622 ('Kim Trump') has been released.
  • Ick ALPHA-6 released: CI/CD engine
    It gives me no small amount of satisfaction to announce the ALPHA-6 version of ick, my fledgling continuous integration and deployment engine. Ick has been now deployed and used by other people than myself.

Red Hat News and Disappointing Quarter, Buybacks Initiated