With the Equifax exploit being exposed it has become clear that hackers are not restricting their efforts to the Microsoft Stack.
When Equifax released the method of intrusion into their system, it was based on a popular Java framework called Struts. Struts has been around a long time, and was one of the earlier tools that popularized the MVC pattern, long before Dot Net even thought about it.
Hackers exploited a hole in the Struts framework on the Equifax system allowing them to capture large amounts of private information from millions of individuals.
What bothers me the most is how this benefits the agencies tracking credit information. Equifax does not guarantee that they will recover your data, or that your data is even part of what has been exploited. So, for $10, you can have your credit information frozen. Well, I didn’t give them my data; at least not directly. They should be providing this as a service.
With 145 million potential individual credit profiles having been stolen, this is a real cash cow for Equifax. If only a small percentage of the individual accounts they hold are locked, at $10 each, that is a huge revenue stream. But wait, there’s more. If you really want to lock your credit, you have to do it individually with all three credit bureaus. So now all three credit bureaus win a big cash bonus.
In the last few hours, Equifax has released their intention to allow individuals to be able to have more control over access to their personal data, for free, for life. That is a amazing response.
Here’s the issue…their system will still be using the internet, will be written using tools that can be hacked, etc. And so will every system we write and introduce to the internet.
All of my rambling leads me to one conclusion. The internet is not a safe place, at least with the tools we currently use when writing software. If that’s true, then what should we put on the internet? It feels like a large school of fish gathered together to find safety in numbers. We’re surrounded by sharks, and our safety depends on the massive amount of targets.
Is this paranoia, or do we really need to put energy into a better way? If you can find direction in this wandering, why not leave a comment with your thoughts?
Cheers,
Ben