Security

FireEye pulls Equifax boasts as it tries to handle hack fallout

Now credit freezes may not even be secure


FireEye removed an Equifax case study* from its website in response to a recently disclosed mega-breach at the credit reference agency.

Equifax’s endorsement that FireEye’s tech protected it against zero-day and targeted attacks had more than the whiff of hubris about it once it emerged hackers had successfully pwned the credit reference agency’s systems and accessed all manner of sensitive information.

Equifax back FireEye for hacker defence

The breach, discovered in late July but disclosed only last Thursday, affected 143 million US consumers and an as-yet undisclosed number of Brits and Canadians.

The intrusion began in mid-May and went undetected for two months until 29 July. Criminals had access to names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers of millions of Americans as well as the credit card numbers of 209,000 US consumers.

Early indications are that hackers failed to go even deeper and access Equifax’s core consumer or commercial credit reporting databases. Equifax said that hackers exploited an unspecified web application vulnerability to hack into its systems.

Equifax has reportedly hired incident response experts at FireEye Mandiant to investigate the breach. These experts have also been helping with PR aspects of damage limitation, it seems. Brandan Schondorfer of Mandiant registered the domain Equihax.com on Tuesday (5 September), two days before the breach was publicly disclosed, thereby preventing anyone else intent on poking fun at Equifax – or perhaps worse, run phishing attacks – from getting their hands on the domain.

Other aspects of Equifax’s overall incident response (analysed in depth in a post by security blogger Guise Bule here) have been less assured. For example, security experts at Sophos have criticised Equifax’s use of PINs – based on the date and time of when a request was made – to freeze consumer credit files. Crooks have a far better chance of determining these PINs and unfreezing credit files than if they were randomly generated. Worse yet, compromised server logs might be used to determine PINs. ®

Bootnote

*The Equifax endorsement came in a FireEye white paper entitled Less Secure Than You Think. Thanks to reader Ken L for forwarding a copy (a Google cache snapshot can be found, at least temporarily, here).

Send us news
16 Comments

North Korea pulled in $400m in cryptocurrency heists last year – report

Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

In brief Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader's coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 - although part of the reason might be that they are now so valuable people are taking more care with them.

Continue reading

Tesla Full Self-Driving videos prompt California's DMV to rethink policy on accidents

Plus: AI systems can identify different chess players by their moves and more

In brief California’s Department of Motor Vehicles said it’s “revisiting” its opinion of whether Tesla’s so-called Full Self-Driving feature needs more oversight after a series of videos demonstrate how the technology can be dangerous.

“Recent software updates, videos showing dangerous use of that technology, open investigations by the National Highway Traffic Safety Administration, and the opinions of other experts in this space,” have made the DMV think twice about Tesla, according to a letter sent to California’s Senator Lena Gonzalez (D-Long Beach), chair of the Senate’s transportation committee, and first reported by the LA Times.

Tesla isn’t required to report the number of crashes to California’s DMV unlike other self-driving car companies like Waymo or Cruise because it operates at lower levels of autonomy and requires human supervision. But that may change after videos like drivers having to take over to avoid accidentally swerving into pedestrians crossing the road or failing to detect a truck in the middle of the road continue circulating.

Continue reading

Alien life on Super-Earth can survive longer than us due to long-lasting protection from cosmic rays

Laser experiments show their magnetic fields shielding their surfaces from radiation last longer

Life on Super-Earths may have more time to develop and evolve, thanks to their long-lasting magnetic fields protecting them against harmful cosmic rays, according to new research published in Science.

Space is a hazardous environment. Streams of charged particles traveling at very close to the speed of light, ejected from stars and distant galaxies, bombard planets. The intense radiation can strip atmospheres and cause oceans on planetary surfaces to dry up over time, leaving them arid and incapable of supporting habitable life. Cosmic rays, however, are deflected away from Earth, however, since it’s shielded by its magnetic field.

Now, a team of researchers led by the Lawrence Livermore National Laboratory (LLNL) believe that Super-Earths - planets that are more massive than Earth but less than Neptune - may have magnetic fields too. Their defensive bubbles, in fact, are estimated to stay intact for longer than the one around Earth, meaning life on their surfaces will have more time to develop and survive.

Continue reading

And relax: no repeat car crash financials for SAP in 2021 as cloud services come good

Let's not mention on-premise licences....

ERP specialist SAP saw Q4 cloud revenue jump 28 per cent compared with the same period a year earlier to hit €2.61bn

In preliminary results, total revenue for calendar 2021 was up 6 per cent year-on-year to €7.98bn - a marked contrast to the car crash financials served up by SAP for 2020.

Customer migration to the vendor's latest in-memory ERP platform was sluggish prior to initiatives SAP put in place to convince customers to migrate. The prelims show those plans are working.

Continue reading

Google and Facebook's top execs allegedly approved dividing ad market among themselves

Latest iteration of Texas-led antitrust complaint against Google expands claims of bad behavior

The alleged 2017 deal between Google and Facebook to kill header bidding, a way for multiple ad exchanges to compete fairly in automated ad auctions, was negotiated by Facebook COO Sheryl Sandberg, and endorsed by both Facebook CEO Mark Zuckerberg (now with Meta) and Google CEO Sundar Pichai, according to an updated complaint filed in the Texas-led antitrust lawsuit against Google.

Texas, 14 other US states, and the Commonwealths of Kentucky and Puerto Rico accused Google of unlawfully monopolizing the online ad market and rigging ad auctions in a December, 2020, lawsuit. The plaintiffs subsequently filed an amendment complaint in October, 2021, that includes details previously redacted.

On Friday, Texas et al. filed a third amended complaint [PDF] that fills in more blanks and expands the allegations by 69 more pages.

Continue reading

US-China chip cold war? It's only helping the Middle Kingdom, silicon makers warn

It's blowback time again

China's cold war with the US on chips isn't slowing down the country's rapid growth in semiconductors, the Semiconductor Industry Association said this week.

The US sanctions on Chinese companies didn't have the intended effect of restricting China's semiconductor industry. In fact, the saber-rattling is only serving for China to get its act together on semiconductors, the industry body warned.

China's semiconductor industry sales totaled $39.8bn in 2020, a growth rate of 30.6 per cent from 2019, the SIA said. In 2015, China chip sales were just $13bn, or a 3.8 per cent market share.

Continue reading

Alibaba ponders its crystal ball to spy coming advances in AI and silicon photonics

Machine learning to propel us into glorious era of scientific discovery

Alibaba has published a report detailing a number of technology trends the China-based megacorp believes will make an impact across the economy and society at large over the next several years. This includes the use of AI in scientific research, adoption of silicon photonics, the integration of terrestrial, and satellite data networks among others.

The Top Ten Technology Trends report was produced by Alibaba's DAMO Academy, set up by the firm in 2017 as a blue-sky scientific and technological research outfit. DAMO hit the headlines recently with hints of a novel chip architecture that merges processing and memory.

Among the trends listed in the DAMO report, AI features more than once. In science, DAMO believes that AI-based approaches will make new scientific paradigms possible, thanks to the ability of machine learning to process massive amounts of multi-dimensional and multi-modal data, and solve complex scientific problems. The report states that AI will not only accelerate the speed of scientific research, but also help discover new laws of science, and is set to be used as a production tool in some basic sciences.

Continue reading

Lawmakers propose TLDR Act because no one reads Terms of Service agreements

The bill calls for concise, machine readable summaries of how websites and apps use client data

Almost no one bothers to read the Terms of Service agreements on websites so a group of US lawmakers on Thursday proposed a bill to require that commercial websites and mobile apps translate their legalese into summaries that can be more easily read by people and by machines.

The bill, titled the Terms-of-service Labeling, Design and Readability (TLDR) Act [PDF], was introduced by Lori Trahan (D-MA-03), Senator Bill Cassidy, (R-LA), and Senator Ben Ray Luján (D-NM), making it technically a bipartisan effort – something of a rarity at a time when the two major US political parties can't agree on basic facts like who was lawfully elected President in 2020.

"For far too long, blanket terms of service agreements have forced consumers to either ‘agree’ to all of a company’s conditions or lose access to a website or app entirely," said Congresswoman Trahan, a member of the House Subcommittee on Consumer Protection and Commerce, in a statement. "No negotiation, no alternative, and no real choice."

Continue reading

Russia starts playing by the rules: FSB busts 14 REvil ransomware suspects

Cybercrook gang has 'ceased to exist' says Putin's military service

Russia's internal security agency said today it had dismantled the REvil ransomware gang's networks and raided its operators' homes following arrests yesterday in Ukraine.

In a statement the FSB (Federal Security Service) said "based on the appeal of the US competent authorities" it had raided 25 addresses apparently belonging to "14 members of an organised criminal community."

That "community" is called REvil, said the Russian law enforcement agency. A translation of the FSB statement reveals that the 14 were charged under Article 187 of the Russian criminal code, which deals with "illegal turnover of means of payments."

Continue reading

Support specialist Rimini Street found in contempt of court for continued Oracle copyright infringements

It took two years for Big Red to find five breaches

A US court has found Oracle support specialist Rimini Street in contempt of court and ordered it to pay $630,000 in sanctions – peanuts for the $40bn-revenue Big Red software company.

In a dispute dragging on for more than a decade, the District Court of Nevada also imposed reasonable attorneys' fees and costs against Rimini, to be decided at a later date.

District Judge Larry Hicks found Rimini in contempt of court on only five of the 10 issues presented at the hearing. "The Court's finding of willfulness on the majority of these issues clearly supports the award," the ruling said.

Continue reading

Virgin Orbit's LauncherOne rocket deploys seven satellites with third successful mission

Paperwork needs sorting for a launch from the UK

Virgin Orbit has managed a third successful mission as the company deployed seven satellites into orbit from its LauncherOne rocket.

Describing itself as "the responsive launch and space solutions company," Virgin Orbit achieved two missions last year. Yesterday's launch was just a few days shy of the company's first successful mission on 17 January 2021. Its first effort, in 2020, ended in failure.

This week's launch included repeat business from the US Department of Defense and Polish company SatRevolution. The payload included experiments in space-based communications, debris detection, navigation, and propulsion. All in all, Virgin Orbit has managed to launch 26 satellites. Still, it's a far cry from the 109 of fellow small-sat upstart Rocket Lab and just a quarter of the payloads launched by SpaceX on its Transporter-3 mission, also on 13 January.

Continue reading