Showing posts from September, 2017

Problems with Equifax Breach Disclosure

"Insecurities in a security disclosure"UPDATE (9/20/17):
Looks like the observation in this blog has already become a reality. Phishing sites already up and running:
As I was going through the myriad of news articles and url's floating around, I ended up at this site To my surprise I noticed that this site is NOT hosted in or by Equifax, instead it was hosted on a completely untrusted domain called "". Except the EQUIFAX logo, nothing on this site points to the authenticity of this site. Moreover this site redirects users to a 3rd party site that then asks UNAUTHENTICATED users to enter the last 6 digits of SSN and last name. As an Equifax consumer, the least anyone expects is that they have the ability to t…