Equifax has lost the keys to the kingdom in the latest security breach.
Today, it came out that “Equifax Says Cyberattack May Have Affected 143 Million Customers” in the latest Equifax security breach. While the number alone falls well short of some other recent hacks, the potential for damage makes it even more serious than both Yahoo! breaches combined. The Yahoo! breaches were serious enough because password resets usually take place via email, but at least that requires the data thieves to work harder to get more information. Since Equifax has all credit data, including Social Security numbers, it is a one-stop shop for hackers. It is sufficient information for identity thieves to present to creditors, lenders and other service providers, to include information that identifies a person as the legitimate account holder.
“This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”
While there is no evidence that “core … reporting databases” were breached, the potential exists, and, as a result, Equifax has set up a website Cybersecurity Incident & Important Consumer Information where you can put in your last name and last six of your SSN to check whether or not you qualify for free credit monitoring.
Sadly, that falls far flat from a real solution, because once the information is out there, it is out there, and it can impact someone years from now. It really is time that companies that are negligent with personal identifying data be legally liable for their lack of safeguards.
WordFence recently posted about a “highly effective Gmail phishing” campaign that has fooled or almost fooled several technically savvy people. It just goes to show that you can never allow yourself to become too complacent.
A new phishing technique that affects GMail and other services and how to protect yourself.>
~Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited
I finally did it, and you too can just delete your Yahoo account, full of security holes and blunders.
“Only old people have Yahoo accounts,” I finally told my daughter. Yes, it was a bit underhanded, but really? I’ve been trying to get her off of Yahoo for at least 3 years, and this last security breach, in which they told no one about until forced to reveal it, was simply the last straw. So, I waited for her to delete it, and waited, and waited, and finally one day after I didn’t hear back from her, I removed all subaccounts.
Continue reading “Just Delete Your Yahoo Account Already” →
Russia continues to be the bogeyman in Democratic distractions to blame anyone and everyone else for their failure to win the election. Now, the Washington Post is stirring up the pot again in “Secret CIA assessment says Russia was trying to help Trump win White House“. The truth is that the supposed story is a Russian DNC hack crock.
In another example of how far the Washington Post has lost its way (along with all the other so-called “news” media), it recently posted. True, at least they tried to “balance” the article with some dissenting voices sprinkled here and there, but the real fact is that very few “news” outlets have really investigated the truth of the matter in any kind of fact-based way. Continue reading “Russian DNC Hack Crock” →
Some scary stuff that affects all versions of Windows since at least XP!
This week there has been a lot of news about a flaw in Windows that could be used by web sites to easily gain access to a visitor’s Windows login name and password. This article explains how this flaw works and how you can prevent it.
Source: Understanding the Windows Credential Leak Flaw and How to Prevent It
The story that LinkedIn was hacked broke yesterday, but how does it affect you?
Yesterday, Motherboard broke the story that LinkedIn was hacked. However, it turns out that it was actually four years ago, so why is it news today? More to the point, should you run out and change your password? Turns out, maybe, maybe not.
Continue reading “LinkedIn Was Hacked, Should You Change Your Password?” →
AKA, What good is a checksum, anyhow?
A lot of download sites present checksums for you to check that what they host is actually what you download. I, for one, have always been dubious of such measures, and the recent Linux Mint breach proves what I’ve always suspected.
Continue reading “Linux Mint Breach Lessons” →
TLDR: Stuff happens.
Various news outlets are abuzz about the United Airlines and New York Stock Exchange technical glitches today. They happened within hours of each other, so it is only natural that someone somewhere would wonder whether or not they were hacked. Continue reading “United and NY Stock Exchange Outages Due to Hackers?” →