Fri Dec 6 17:50:39 2024
EVENTS
 FREE
SOFTWARE
INSTITUTE

POLITICS
JOBS
MEMBERS'
CORNER

MAILING
LIST

NYLXS Mailing Lists and Archives
NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2017-10-01

HANGOUT

2024-12-06 | 2024-11-06 | 2024-10-06 | 2024-09-06 | 2024-08-06 | 2024-07-06 | 2024-06-06 | 2024-05-06 | 2024-04-06 | 2024-03-06 | 2024-02-06 | 2024-01-06 | 2023-12-06 | 2023-11-06 | 2023-10-06 | 2023-09-06 | 2023-08-06 | 2023-07-06 | 2023-06-06 | 2023-05-06 | 2023-04-06 | 2023-03-06 | 2023-02-06 | 2023-01-06 | 2022-12-06 | 2022-11-06 | 2022-10-06 | 2022-09-06 | 2022-08-06 | 2022-07-06 | 2022-06-06 | 2022-05-06 | 2022-04-06 | 2022-03-06 | 2022-02-06 | 2022-01-06 | 2021-12-06 | 2021-11-06 | 2021-10-06 | 2021-09-06 | 2021-08-06 | 2021-07-06 | 2021-06-06 | 2021-05-06 | 2021-04-06 | 2021-03-06 | 2021-02-06 | 2021-01-06 | 2020-12-06 | 2020-11-06 | 2020-10-06 | 2020-09-06 | 2020-08-06 | 2020-07-06 | 2020-06-06 | 2020-05-06 | 2020-04-06 | 2020-03-06 | 2020-02-06 | 2020-01-06 | 2019-12-06 | 2019-11-06 | 2019-10-06 | 2019-09-06 | 2019-08-06 | 2019-07-06 | 2019-06-06 | 2019-05-06 | 2019-04-06 | 2019-03-06 | 2019-02-06 | 2019-01-06 | 2018-12-06 | 2018-11-06 | 2018-10-06 | 2018-09-06 | 2018-08-06 | 2018-07-06 | 2018-06-06 | 2018-05-06 | 2018-04-06 | 2018-03-06 | 2018-02-06 | 2018-01-06 | 2017-12-06 | 2017-11-06 | 2017-10-06 | 2017-09-06 | 2017-08-06 | 2017-07-06 | 2017-06-06 | 2017-05-06 | 2017-04-06 | 2017-03-06 | 2017-02-06 | 2017-01-06 | 2016-12-06 | 2016-11-06 | 2016-10-06 | 2016-09-06 | 2016-08-06 | 2016-07-06 | 2016-06-06 | 2016-05-06 | 2016-04-06 | 2016-03-06 | 2016-02-06 | 2016-01-06 | 2015-12-06 | 2015-11-06 | 2015-10-06 | 2015-09-06 | 2015-08-06 | 2015-07-06 | 2015-06-06 | 2015-05-06 | 2015-04-06 | 2015-03-06 | 2015-02-06 | 2015-01-06 | 2014-12-06 | 2014-11-06 | 2014-10-06 | 2014-09-06 | 2014-08-06 | 2014-07-06 | 2014-06-06 | 2014-05-06 | 2014-04-06 | 2014-03-06 | 2014-02-06 | 2014-01-06 | 2013-12-06 | 2013-11-06 | 2013-10-06 | 2013-09-06 | 2013-08-06 | 2013-07-06 | 2013-06-06 | 2013-05-06 | 2013-04-06 | 2013-03-06 | 2013-02-06 | 2013-01-06 | 2012-12-06 | 2012-11-06 | 2012-10-06 | 2012-09-06 | 2012-08-06 | 2012-07-06 | 2012-06-06 | 2012-05-06 | 2012-04-06 | 2012-03-06 | 2012-02-06 | 2012-01-06 | 2011-12-06 | 2011-11-06 | 2011-10-06 | 2011-09-06 | 2011-08-06 | 2011-07-06 | 2011-06-06 | 2011-05-06 | 2011-04-06 | 2011-03-06 | 2011-02-06 | 2011-01-06 | 2010-12-06 | 2010-11-06 | 2010-10-06 | 2010-09-06 | 2010-08-06 | 2010-07-06 | 2010-06-06 | 2010-05-06 | 2010-04-06 | 2010-03-06 | 2010-02-06 | 2010-01-06 | 2009-12-06 | 2009-11-06 | 2009-10-06 | 2009-09-06 | 2009-08-06 | 2009-07-06 | 2009-06-06 | 2009-05-06 | 2009-04-06 | 2009-03-06 | 2009-02-06 | 2009-01-06 | 2008-12-06 | 2008-11-06 | 2008-10-06 | 2008-09-06 | 2008-08-06 | 2008-07-06 | 2008-06-06 | 2008-05-06 | 2008-04-06 | 2008-03-06 | 2008-02-06 | 2008-01-06 | 2007-12-06 | 2007-11-06 | 2007-10-06 | 2007-09-06 | 2007-08-06 | 2007-07-06 | 2007-06-06 | 2007-05-06 | 2007-04-06 | 2007-03-06 | 2007-02-06 | 2007-01-06 | 2006-12-06 | 2006-11-06 | 2006-10-06 | 2006-09-06 | 2006-08-06 | 2006-07-06 | 2006-06-06 | 2006-05-06 | 2006-04-06 | 2006-03-06 | 2006-02-06 | 2006-01-06 | 2005-12-06 | 2005-11-06 | 2005-10-06 | 2005-09-06 | 2005-08-06 | 2005-07-06 | 2005-06-06 | 2005-05-06 | 2005-04-06 | 2005-03-06 | 2005-02-06 | 2005-01-06 | 2004-12-06 | 2004-11-06 | 2004-10-06 | 2004-09-06 | 2004-08-06 | 2004-07-06 | 2004-06-06 | 2004-05-06 | 2004-04-06 | 2004-03-06 | 2004-02-06 | 2004-01-06 | 2003-12-06 | 2003-11-06 | 2003-10-06 | 2003-09-06 | 2003-08-06 | 2003-07-06 | 2003-06-06 | 2003-05-06 | 2003-04-06 | 2003-03-06 | 2003-02-06 | 2003-01-06 | 2002-12-06 | 2002-11-06 | 2002-10-06 | 2002-09-06 | 2002-08-06 | 2002-07-06 | 2002-06-06 | 2002-05-06 | 2002-04-06 | 2002-03-06 | 2002-02-06 | 2002-01-06 | 2001-12-06 | 2001-11-06 | 2001-10-06 | 2001-09-06 | 2001-08-06 | 2001-07-06 | 2001-06-06 | 2001-05-06 | 2001-04-06 | 2001-03-06 | 2001-02-06 | 2001-01-06 | 2000-12-06 | 2000-11-06 | 2000-10-06 | 2000-09-06 | 2000-08-06 | 2000-07-06 | 2000-06-06 | 2000-05-06 | 2000-04-06 | 2000-03-06 | 2000-02-06 | 2000-01-06 | 1999-12-06

Key: Value:

Key: Value:

MESSAGE
DATE 2017-10-10
FROM Ruben Safir
SUBJECT Subject: [Hangout - NYLXS] credit reporting agency hack
The most devastating hack and survalience breach in history. Is it time
to end the use of credit reporting agencies?

What the Equifax hack means for you
Posted by Ben Rothke on Oct 10, 2017 10:09:15 AM

Tweet

Nettitude's very own Ben Rothke takes a look at the Equifax hack and
what it could mean for your business.
The breach

The specific details are still filtering out, but even the preliminary
information is staggering. Sometime between May and July 2017, Equifax,
an Atlanta, Georgia-based consumer credit reporting agency that collects
information on over 800 million individual consumers and more than 88
million businesses worldwide, was breached. The hack resulted in the
compromise of almost 150 million U.S. residents. Considering the US
population is about 325 million people, almost 1 of 2 people will be
effected by this breach.

As breach sizes go, this was still way behind the Yahoo hack of 1.5
billion user accounts, and in line with eBay attack with 145 million
users compromised, and the 130 million records of the Heartland Payment
Systems breach.

But what is unique of the Equifax data is the depth of the level of the
personally identifiable information (PII) that was compromised. This
includes social security numbers, dates of birth, driver license
information, banking account numbers, mortgage data and much more.

Rather than focusing on the raw number of records that were breached;
consider the nature of the data. If you weigh those values, then the
Equifax attacks quickly turns into the most devastating breach to date.
How did it happen?

The attackers targeted a known vulnerability in Apache Struts, an open
source framework for creating Java web applications. The specific
vulnerability CVE-2017-5638 was published on March 12, 2017 and a patch
issued soon after. Exploit code emerged shortly after the patch was
released.
What it means for you

There are many key takeaways from the breach, and I’d like to highlight
what I think are two of the most significant. These center around patch
management and breach notification.

The vulnerability was announced and patched in mid-March and the Equifax
attack didn’t commence until about 6 weeks later. That gave Equifax
about a month and a half to patch their affected systems.

Not every vulnerability is created equal and not every patch needs to be
installed immediately. Given the circumstances and configurations of the
network and applications, in addition to other dependencies, some
patches can be delayed.

But the nature of Apache Struts, given that it is used on servers
connected to the Internet, lends itself to having a much more aggressive
patching schedule. How aggressive that schedule has many dependencies
and each organization needs to determine what is right for their
specific environment.

There is no magic number when it comes to patching in this case, but it
should certainly be measured in days and no more than a week. In the
case of Equifax, this turned into months. The is a major patch
management fail, and Equifax paid a huge price for that.

What you can learn from the Equifax debacle is that patch management is
a serious endeavor and an integral part of any information security
program. You need to understand what software is deployed in your
organization and how it needs to be patched. The famous quote “eternal
vigilance is the price of liberty” can be applied to information
security, in that eternal patch management is the price of software
security.

The other area where Equifax dropped the ball was with their breach
notification. It took them almost two months, and they only made a
public disclosure on September 7. This roughly six-week gap from breach
awareness to disclosure is an unacceptable amount of time.

It’s not coincidental that the General Data Protection Regulation (GDPR)
which goes into effect in May 2018, mandates that in the event of a
personal data breach, organization must make notification without undue
delay within 72 hours after an organization becomes aware of the breach.
If notification is not made within 72 hours, the firm needs to provide a
reasoned justification for the delay.

For those organization that will be subject to GDPR, the 72-hour rule
will require them to make significant updates to their notification
policies and processes. This is not a trivial undertaking and requires
significant planning.

For those organizations that won’t have to deal with the monstrosity
known as GDPR, they still may have to deal with the HIPAA breach
notification rule or other requirements. This will need to make sure
their breach notification program needs to be updated, tested, and then
retested.

Specifically, if you don’t already have a formal and tested process in
place, create an organizational process to identify security breaches
and notify relevant authorities and individuals in the event a breach
leads to disclosure of personal information. It’s imperative that there
be staff assigned and responsibility for every specific task and subtask.

Finally, realize that breach notification is not just an IT issue.
There are a lot of stakeholders involved, from IT, information security,
marketing, privacy, to legal, customer service, and more.
Conclusions

Part of information security is learning from the mistakes of others.
The Equifax breach provides ample learning opportunities. Start making
changes today and take steps to reduce the risk of your business
becoming another cybercrime statistic. If you have any concerns about
your company’s cyber security strategy then get in touch with us here at
Nettitude. We can provide you with a half an hour free consultation to
advise you on the steps you need to take to boost your cyber security
defences.

--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
_______________________________________________
Hangout mailing list
Hangout-at-nylxs.com
http://www.nylxs.com/mailman/listinfo/hangout

  1. 2017-10-02 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Fwd: [Perlweekly] #323 - Web or DevOps? What is
  2. 2017-10-02 Ruben Safir <ruben.safir-at-my.liu.edu> Subject: [Hangout - NYLXS] Fwd: IEEE Day 2017 Celebration-Oct6 Event
  3. 2017-10-02 From: "Free Software Foundation" <info-at-fsf.org> Subject: [Hangout - NYLXS] Free Software Supporter Issue 114, October 2017
  4. 2017-10-02 ISOC-NY announcements <announce-at-lists.isoc-ny.org> Subject: [Hangout - NYLXS] [isoc-ny] Interbet Society Global Policy
  5. 2017-10-03 From: "American Museum of Natural History" <mat-at-amnh.org> Subject: [Hangout - NYLXS] Hear What MAT Alumni Have to Say
  6. 2017-10-07 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Spidey Alert
  7. 2017-10-08 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] AOL instant Messaging is died on 12-15
  8. 2017-10-08 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] AIM - no long term stability in anything
  9. 2017-10-02 Gabor Szabo <gabor-at-szabgab.com> Subject: [Hangout - NYLXS] [Perlweekly] #323 - Web or DevOps? What is the
  10. 2017-10-08 ruben <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Surveilance 24/7
  11. 2017-10-09 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Movie of the week
  12. 2017-10-09 Gabor Szabo <gabor-at-szabgab.com> Subject: [Hangout - NYLXS] [Perlweekly] #324 - Mad Scrambles sometimes find
  13. 2017-10-10 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] New Webserver
  14. 2017-10-10 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Desktop troubles
  15. 2017-10-10 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] credit reporting agency hack
  16. 2017-10-11 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] NYC MAyor Election Debate
  17. 2017-10-14 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Movie of the Week
  18. 2017-10-12 RestorationART <restorationart-at-restorationplaza.org> Subject: [Hangout - NYLXS] Pauletta Washington, Denise Burse, The Old Settler,
  19. 2017-10-09 From: "Yi Qian, IEEE ICC'18 TPC Chair" <noreply-at-comsoc.org> Subject: [Hangout - NYLXS] Reminder: IEEE ICC'18 Technical Paper Submissions
  20. 2017-10-23 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] apache and audit
  21. 2017-10-23 Gabor Szabo <gabor-at-szabgab.com> Subject: [Hangout - NYLXS] [Perlweekly] #326 - What is your your favorite
  22. 2017-10-24 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Nobody is safe
  23. 2017-10-24 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] MTA Disgrace and the Mayor
  24. 2017-10-24 From: "S." <sman356-at-yahoo.com> Re: [Hangout - NYLXS] MTA Disgrace and the Mayor: He was not there
  25. 2017-10-26 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] More Healthcare News
  26. 2017-10-26 Ruben Safir <ruben-at-mrbrklyn.com> Re: [Hangout - NYLXS] More Healthcare News
  27. 2017-10-31 From: "IEEE ComSoc Meetings" <noreply-at-comsoc.org> Subject: [Hangout - NYLXS] Save on IEEE GLOBECOM'17 Registration | Discounts
  28. 2017-10-30 From: "American Museum of Natural History" <fieldtrips-at-amnh.org> Subject: [Hangout - NYLXS] Upcoming Programs for Teachers and School Groups
  29. 2017-10-30 From: "Georgia Young, FSF" <info-at-fsf.org> Subject: [Hangout - NYLXS] LibrePlanet 2018 Call for Sessions deadline
  30. 2017-10-26 IEEE Engineering in Medicine and Biology Society <noreply-at-embs.org> Subject: [Hangout - NYLXS] Call for Nominations for Distinguished Lecturers

NYLXS are Do'ers and the first step of Doing is Joining! Join NYLXS and make a difference in your community today!