Reply to post: Corporate Greed

Apache Foundation rebuffs allegation it allowed Equifax attack


Corporate Greed

Using an open source version of Apache was Equifax's choice.

What will most InfoSec professionals tell you about using open source when it comes to IA or IA-enabled software? Simple: DON'T Accept the RISK.

I'm willing to bet an InfoSec professional somewhere at Equifax provided this warning. Management Ignored it.

Or... Equifax decided to not hire InfoSec professionals with experience and training in penetration testing and/or software development testing. Because the open source item would have been addressed as a risk; especially where a web application uses/relies on security (for login and credential protection at a minimum).

Either way, Equifax is negligent. It's not Apache's fault; this rests square on Equifax's shoulders.

Credit organizations have more information on us than most people know. For instance: properties purchased/sold, vehicles purchased/sold, credit/debit card use history (location, amount, etc.), marriage(s)/divorce(s) information, organizational memberships, registered to vote and where you've voted history, where and type of hotel rooms you've used, on and on and on. It's a treasure trove of information for Intel and LE agencies to grab on you.

Credit agencies have had us all by the left nut for a long time, and more of them pop up each year... it's time we use this to reign them back a bit, and set an example to corporate greed executives who think they have a better money maker than a casino.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022