Posts

Showing posts from 2017

Problems with Equifax Breach Disclosure

"Insecurities in a security disclosure"UPDATE (9/20/17):
Looks like the observation in this blog has already become a reality. Phishing sites already up and running: http://www.businessinsider.com/report-equifax-directed-concerned-consumers-to-a-spoof-site-2017-9?utm_content=buffer1df4d&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer-bi
ORIGINAL STORY:
As I was going through the myriad of news articles and url's floating around, I ended up at this site equifaxsecurity2017.com. To my surprise I noticed that this site is NOT hosted in or by Equifax, instead it was hosted on a completely untrusted domain called "equifaxsecurity2017.com". Except the EQUIFAX logo, nothing on this site points to the authenticity of this site. Moreover this site redirects users to a 3rd party site that then asks UNAUTHENTICATED users to enter the last 6 digits of SSN and last name. As an Equifax consumer, the least anyone expects is that they have the ability to t…