From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: to patch two-month-old bug led to massive Equifax breach Date: Thu, 14 Sep 2017 16:52:13 -0400 Message-ID: Reply-To: rms@gnu.org NNTP-Posting-Host: blaine.gmane.org Content-Type: text/plain; charset=Utf-8 X-Trace: blaine.gmane.org 1505422533 27421 195.159.176.226 (14 Sep 2017 20:55:33 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 14 Sep 2017 20:55:33 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Sep 14 22:55:25 2017 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dsbAT-0006vH-J2 for ged-emacs-devel@m.gmane.org; Thu, 14 Sep 2017 22:55:25 +0200 Original-Received: from localhost ([::1]:50020 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dsbAb-0002P5-0T for ged-emacs-devel@m.gmane.org; Thu, 14 Sep 2017 16:55:33 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:49027) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dsb7P-0000FY-DL for emacs-devel@gnu.org; Thu, 14 Sep 2017 16:52:16 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dsb7O-0005ka-B4 for emacs-devel@gnu.org; Thu, 14 Sep 2017 16:52:15 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:58748) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dsb7O-0005kV-7p for emacs-devel@gnu.org; Thu, 14 Sep 2017 16:52:14 -0400 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1dsb7N-0003KV-K7; Thu, 14 Sep 2017 16:52:13 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:218303 Archived-At: ------- Start of forwarded message ------- X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE, RP_MATCHES_RCVD,URIBL_BLOCKED autolearn=disabled version=3.3.2 Date: Wed, 13 Sep 2017 20:31:01 -0700 To: privacy-list@vortex.com Content-Disposition: inline Message-ID: From: PRIVACY Forum mailing list Subject: [ PRIVACY Forum ] Failure to patch two-month-old bug led to massive Equifax breach Reply-To: PRIVACY Forum mailing list Content-Type: text/plain; charset="us-ascii" Failure to patch two-month-old bug led to massive Equifax breach https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug/ Thursday's disclosure strongly suggests that Equifax failed to update its Web applications, despite demonstrable proof the bug gave real-world attackers an easy way to take control of sensitive sites. An Equifax representative didn't immediately respond to an e-mail seeking comment on this possibility. As Ars warned in March, patching the security hole was labor intensive and difficult, in part because it involved downloading an updated version of Struts and then using it to rebuild all apps that used older, buggy Struts versions. Some websites may depend on dozens or even hundreds of such apps, which may be scattered across dozens of servers on multiple continents. - - - - --Lauren-- Lauren Weinstein (lauren@vortex.com): https://www.vortex.com/lauren Lauren's Blog: https://lauren.vortex.com Google Issues Mailing List: https://vortex.com/google-issues Founder: Network Neutrality Squad: https://www.nnsquad.org PRIVACY Forum: https://www.vortex.com/privacy-info Co-Founder: People For Internet Responsibility: https://www.pfir.org/pfir-info Member: ACM Committee on Computers and Public Policy Google+: https://google.com/+LaurenWeinstein Twitter: https://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 - --- Impeach Trump --- _______________________________________________ privacy mailing list https://lists.vortex.com/mailman/listinfo/privacy ------- End of forwarded message ------- -- Dr Richard Stallman President, Free Software Foundation (gnu.org, fsf.org) Internet Hall-of-Famer (internethalloffame.org) Skype: No way! See stallman.org/skype.html.