back to article Equifax typo derails digital cert

Equifax has followed HSBC in making a hash of renewing one of its digital certificates. Consumers logging onto Equifax's UK website last week were greeted with a notice that the site couldn't be verified because its certificate had expired. That's the same problem HSBC banking business customers also experienced last week …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Since when...

    ... Is Equifax a bank? A consumer credit information tat bazaar perhaps (especially when they sell on your information without your express consent), but NOT a bank.

  2. Forget It
    Happy

    Equifax are now on my blacklist

    Equifax are now on my blacklist..

    and will have to pay 1 pound for the privilege of having me look up why in my database to tell them why.

    Purely an administrative charge you understand

  3. Anonymous Coward
    Anonymous Coward

    It's not just HSBC and Equifax,

    one other high street bank has an ongoing problem with its certificates, where, when online banking you occasionally find one that is least a year out of date. When I contacted them they didn't seem interested and just suggested I connect again.

  4. grom
    Unhappy

    This would be the same Equifax...

    that somehow managed to pass on a unique email address that I used only once to apply for my credit info to a phisher?

    I use unique email addresses for each business I deal with to catch any spammers (ie: equifax@insertmydomainhere.com) and almost 2 yrs after getting my credit record from them, I received a phishing attempt mailed to, yep, equifax@insertmydomainhere.com.

    It took many weeks of trying to explain this to them until I got hold of a security bloke there who understood why I was concerned (they sell identity fraud insurance after all) but after investigating couldn't explain how this had happened.

  5. Justin Case
    Paris Hilton

    Not Trivial

    Article says "such slip ups are trivial but embarrassing".

    If we spend time educating users to pay attention to the padlock and warnings given off by browsers then how is labeling this as something they can safely ignore going to help. FFS.

    Paris - because she is neither trivial nor embarrassing.

  6. Steve Hall

    RE: This would be the same Equifax...

    Did you entertain the possibility that the spammer might just have guessed your email address?

  7. B Candler Silver badge
    Stop

    "Unique" E-mail addresses aren't secure

    "I use unique email addresses for each business I deal with to catch any spammers (ie: equifax@insertmydomainhere.com) and almost 2 yrs after getting my credit record from them, I received a phishing attempt mailed to, yep, equifax@insertmydomainhere.com."

    Not surprising - just a brute-force attack. Spammers frequently send mails to {dictionary-of-usernames}@{dictionary-of-domains}. It's cheap and easy for them to do, and lets them discover new addresses to spam.

    To prevent this happening, you should add a sufficiently long strong random cookie into each username you generate, e.g.

    equifax-701c9a3c@insertmydomainhere.com

    Or you could use something more sophisticated like BATV, which encodes an expiry timestamp and a signature into the address.

    There's no evidence of Equifax having misappropriated your data here.

This topic is closed for new posts.