Equifax Should Go Away

As most everyone who absorbs a daily dose of news knows, Equifax got hacked and now the personal information for 44% of the US population has been stolen. Most likely, if you’re an avid consumer participating in the credit industry machine, your information got pwned. It’s likely that most of the people you know who work, pay bills, use the Internet, and buy things with credit cards or with loans got pwned.

This has got to stop. Equifax was hacked due to Apache Struts CVE-2017-5638, and a patch was available, but not applied to their web-servers!

I do IT stuff. So to say. I also know that no matter what operating system I use that there are automated ways of updating my OS and software. If there aren’t, then I’ll script something that will do it for me. I install security and functional updates as soon as they’re available. I watch the blogs, security advisories, email lists, news feeds, etc… And it’s probably still not enough. If I had the budget, I’d dedicate someone to security as I don’t think even a small company can afford the type of breach that Equifax will most likely weather and carry on, using our personal information as their product.

And we have to face it: we are their product. Our information is what they use to make money. How the hell is that even legal? Oh, probably because money. Money. That tends to drive most everything doesn’t it? Or at least the love of it and the greed for as much as possible. It’s worse than Heroin, as it seems.

The vulnerability that allowed Equifax to get hacked was specific to Apache Struts, a framework for running Java under Apache. It’s not super common because most people running Apache are using PHP — most new servers deployed on the Internet last year (2016) were supposedly using PHP. Anyway, my point is that you shouldn’t worry that it is a common exploit — it’s been patched and Struts is popular, but not used by everyone.

Still, you have to wonder about their architecture that allowed the balance of all their sensitive information to be plucked away so easily. Did they not perform Risk Management? I would think that such a company with such incredibly sensitive information would have. And if they did and it still happened then maybe they hadn’t implemented their plan to fix any weak parts? I just can’t believe that Equifax took information security serious enough. Equifax is a company with the EXACT information that hackers are always looking for — you’re a prime target! When I worked in the video game industry I found out that as developers, you’re targeted constantly and you have to always be proactive. You can never let your guard down. And in the case of Equifax, they’re probably one of the biggest treasure troves a hacker could ever hope for besides the keys to the bank itself.

When I hear about massive IT failures on this level, I first experience a bit of sympathy for the staff and people who have to work 24×7 until it’s fixed and they’re confident the intrusion has been contained. But, with this, their IT staff blundered in such a way that it will most likely affect me and cause me to have to spend my own time dealing with it. It’s a huge inconvenience to me, their unwilling product.

Deep in my heart, I’d like to see Equifax go away. I’d like to see it sued out of existence. I’d like to see the government step up and slap some hardcore regulations on the industry but there’s no chance of that happening right now. In fact, sad to say, all we can do right now is be mad and buy some credit protection. We don’t have a choice but to be part of this credit industry machine — there’s no way off this ride if you want to be an active part of society and buy things. Even greater is the affect the credit industry has had on renting property, leasing, and even employment — what happens now?

I want to see regulations that say they can’t keep my personal information at all. But you know that’s not going to happen — we have an established industry that has money to lobby and influence. I’d like to see regulations in place that prevent them from at least storing my SSN but that’s the key identifier in credit reporting. A number that was never intended to be used for it — but try to get credit or a loan without giving it up.

So the way I see it now is that they have us and there’s little to nothing we can do aside of hoping for laws and regulations to protect our information. When industry giants screw up it can hurt everyone and in this case, it probably will. We’re their product, unwillingly. And in America, corporations have more power than me or you.

Record! Record! RECORD!!!

Okay, so I think I have a better plan: I’m just going to use my iPad and record everything on it. I love technology and drool over a giant recording rig and even have some decent gear – I want to focus on writing rather than the software and I think the share feature, along with the simplistic (almost too simplistic in some cases) interface in Garage Band in IOS does it for me.

Continue reading

Indian village renames itself for company in show of gratitude.

Link to original article.

I admire people like this – this guy came to the US to study on a visa and after it expired, he returned to India and started a company. His company has been successful and after a water-cooler conversation with a co-worker, he decided to help a small village by installing 15 hand water pumps so they didn’t have to trek long distances to collect unclean water.

Clean water is the most important resource in the world yet we ignore it and do not appreciate it. Diarrhea sadly is a leading killer in poor under-developed countries and that typically comes from parasites and pathogens in the water – providing clean water can cause amazing changes in areas where previously they have had little ways to produce it.

I admire people like this and it just goes to show a new class of people who don’t care about material items as much and prefer to help their fellow man out. We should all learn from this – if we all learn to help each other, wouldn’t it make the world a better place? Can anyone pose an honest and logical argument against helping people? Sure there limits to what you can do before people become dependent and we do not want to create a welfare situation but some things can be provided and hopefully the people will be left with the impression that someone helped them and they should want to help others. I hope it starts to spread like a plague.

My hat is off to you, Kunal Bahl – keep up the awesome work.

Brent