Posts

Showing posts from 2017

Problems with Equifax Breach Disclosure

"Insecurities in a security disclosure" UPDATE (9/20/17) : Looks like the observation in this blog has already become a reality. Phishing sites already up and running: http://www.businessinsider.com/report-equifax-directed-concerned-consumers-to-a-spoof-site-2017-9?utm_content=buffer1df4d&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer-bi ORIGINAL STORY: As I was going through the myriad of news articles and url's floating around, I ended up at this site  equifaxsecurity2017.com . To my surprise I noticed that this site is NOT hosted in or by Equifax, instead it was hosted on a completely untrusted domain called " equifaxsecurity2017.com ". Except the EQUIFAX logo, nothing on this site points to the authenticity of this site. Moreover this site redirects users to a 3rd party site that then asks UNAUTHENTICATED users to enter the last 6 digits of SSN and last name. As an Equifax consumer, the least anyone expects is...