Equifax BLAMES OPEN SOURCE Apache Project

Equifax got BTFO :^)

File: 1504047081670.png (2MB, 1028x1500px) Image search: [Google]

2MB, 1028x1500px

>>62374861
The bug was almost a decade old. Equifax are scum to blame Apache!

>>62374861
why in the fuck would a deli place also sell tacos and burritos

>>62374861
From what I understand, anything from Apache falls under Apache's Software License, which explicitly states that it comes with no warranty or guarantee of it working pretty much, so essentially their claim that it's Apache's fault can't stand. Correct me if I'm wrong.

>person charge of security is a woman
>the breach is blamed on other people

POTTTERY

>>62376440
nope, solid reasoning there.

>>62377050
But even in light of that issue I'm entirely sure they're gonna get off scott-fucking-free, because business. Or at least get a bail-out scheme built for them.

>>62376477

Checked

Yet another devastating security flaw that didn't affect IIS. Is anyone else seeing a pattern here?

>that first comment on the Apache page

>>62377082
Honestly, it wouldn't matter even if the software was written entirely in house, there are no fucking consequences for shitting out private information, because there are no regulations regarding private information in the USA (save for the healthcare industry).

>>62377173

Even if there were regulations, large financial companies are basically immune to the law.

>>62377185
True, but only to an extent.
The penalties are simply too low for major fuckups.

>>62377173
Yeah, healthcare industry and whatever industry is responsible for voting machines have audits for any proprietary code circa 2013-2014(citation needed), anything else can just shit by without having to prove its actual ability. It's a shitty world.

>>62376389
Mexican food is superior to (((deli))) "cold cut" garbage.

>>62374861
>trusting software developed by unpaid hobbyists
They got what they deserved.

we need to deregulate in order to save the financial jew from extermination

>Hiring a CSO with a degree in music

>>62378009
ahahahahahahahahaha
thank you

https://www.apache.org/licenses/LICENSE-2.0
>Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.

They are free (as in freedom and as in free assrape) to complain and blame others are much as they want to.

>>62378009
This

They shouldnt be trusting shit like social security numbers with open source software

>>62378678
Agreed. This retard company has no right to complain about bugs in Apache's software. She was too cheap to shell out the money for something reliable like Windows Server, so she got what she deserved.

>>62375208
>>>62374861 (OP)
>The bug was almost a decade old.
And yet was only 'discovered' last month

No doubt this was yet another backdoor in Apache, stealthily allowing NSA access for the last ten years.

Yet another reason why open source cannot be trusted. Yes you can look at the code but with a project as big as Apache you have no way of actually auditing it yourself. Better to stick to closed source software where random NSA shills can't easily insert their own changes into the project

File: 1504439023045.png (338KB, 772x700px) Image search: [Google]

338KB, 772x700px

why wasnt the data encrypted?
you'd expect that sensitive information like this would be at least hashed or some shit

>>62378750
I'm wondering why they need to keep it at all. Once they verify who you are they could just create a username and password. If someone were to enter their ssn into a password box it would say they would need to include a large and small case letter or two to be stronger.

>>62374861
Blaming other for their failed Jew trick. LoL
What next? Sued apache?

>>62376477
> woman in charges of security
> security is among the most incompetent in history
My sides.

What is her name?

File: mad.jpg (15KB, 373x309px) Image search: [Google]

15KB, 373x309px

>>62374861

Chief Security Officer = music major

File: equifax.jpg (58KB, 789x1200px) Image search: [Google]

58KB, 789x1200px

>>62379792
susan m

>>62376477
>>62379792
>>62380962
>Music Composition
And you guys always say you need experience to get an IT job...

>>62380962
So... nepotism or diversity hire?

>THIS SOFTWARE COMES AS IS IN THE HOPES IT WILL BE USEFUL BUT WITH ABSOLUTELY NOT WARRANTY OR GUARANTEE OF FITNESS FOR A PARTICULAR PURPOSE

I hope they get fined for billions.

>>62381085
>>62380962

Clearly the hackers are misogynists and sexists for openly attacking that woman's work. We're must increase the hiring of women, POC and LGBTQQQRIPG to combat that dangerous behaviour!

>2017
>using struts
what a bunch of retards

>>62377195
>The penalties are simply too low for major fuckups.

Did you pay attention to the '08 crash? They got bail outs, free fucking money for fucking up. No one went to jail except for like Bernie Maddoff.

File: girls_suck.jpg (39KB, 587x310px) Image search: [Google]

39KB, 587x310px

>>62376477

>>62381085
nepotists actually care about the family business. this blow in is there to draw as much money as possible and blow onto greener pastures.

>>62378691
Open-sores isn't necessarily equivocal to hobbyists. There are plenty of serious, professional open-sores projects out there. And, conversely, there are plenty of hobbyist projects out there that are proprietary; i.e. Foobark2k, Sorcerer, etc...

>>62378678
I get what you mean. The value of free software isn't to protect from criticism, regardless of how baseless it is; it's to protect you from getting sued. Unfortunately, the latter doesn't protect your feelings, but it's far more valuable than the former.

>>62377135
>Is anyone else seeing a pattern here?
Yes, the pattern is: after Code Red, no one uses IIS anymore.

>Another java deserialization vuln
Anyone still using this zero day infested language and runtime is a fucking idiot. Further, anyone using Apache without an Nginx reverse proxy in front of it, isolated in a vm, with rate limiting to anything actually important, and a damn good IPS is similarly a fucking idiot.

>>62380962
she's a women living in a day and age where you don't have to have anything to get any job you ever want because equality

File: 1484535018675.jpg (110KB, 588x602px) Image search: [Google]

110KB, 588x602px

>>62380962

>>62381560
Fucking REKT

now let me see your asshole

>>62374861
>they used open sauce hardware and got a virus from the source code
https://www.youtube.com/watch?v=AiVnMazRIII

>>62376389
tacos are just sandwiches with thin bread.
subs are just tacos with thick bread.

File: 1493057457517.png (98KB, 758x601px) Image search: [Google]

98KB, 758x601px

>>62382163
>the city of you

>>62378717
Good shilling, Rajesh!

>>62377151
tips fedora ever so slightly

>security breach happens to company with male in charge
>everyone just shitposts about the company

>security breach happens to company with female in charge
>wow women at it again wouldnt have happened if they hired a man dumb women cant be trusted with anything

>>62381560
>indefinite integral equal to a number
retarded

>>62382749
She literally fired half of the fucking white males and then hired wymen and pajeets and then made the remaining white males fa-- er I mean opinions meaningless.. things suck as "you cant just turn off the fire wall" were blatantly disregarded because the firewall is what was stopping stuff from working.

>>62382775
Yes I believe that is the joke, congratulations.

>>62382851
thanks i just passed ap calculus so i have deep calculus knowledge

>>62374861
How long till trump begins to promote open source software?

>>62377135
IIS is actually pretty secure these days, MS really wants to distance themselves from the horrors of the past.

>>62374861
> STRUTS has been under attack by hackers since at least March
> it was breached sometime in May
Been there. People refuse to hear about maintenance then blame everybody around when shit is hacked.
Sadly a lot of people do not care about security. Just discovered the previous contractor on our project didn't set up iptables at all, leaving 2222 SSH port open to everybody. After log in, it's possible to enter Oracle DB without password on another VM. Credentials for the database are stored in clear text somewhere in /var. I don't even.

>>62374861
There is a difference between saying "it's all Apache's fault", or saying the issue was within Apache software.
Equifax did the latter.

Apache also doesn't snear back at Equifax.
They just explain the situation as they understand it so far.

Both companies are handling this very mature and just state the facts.

>>62382956
shoo, shoo indians
no shilling here please go

>>62383028
>didn't set up iptables at all, leaving 2222 SSH port open to everybody.

I do the same because I don't have a static IP.
My office actually uses 4G because wired internet is too shit.

Should be fine as long as the passwords are adequate and you never re-use them or hand them out, no?

>>62374861
They could use their own propriety software if they had enough money, Fucking money-thirsty jerks.

>>62383144
Are you retarded? Sitting duck until your info gets stolen and/or posted.

>>62383144
It's a website.
> passwords
I didn't check if fail2ban is installed but I believe it's possible to bruteforce it if somebody would target that website specifically.
Anyway, they have a 10 years old CMS which probably has more holes in it than a Swiss cheese.

>>62383134
>implying shilling enterprise software to NEETs on /g/ who just pirate everything anyway is a productive use of time or money

File: linuxuser.png (125KB, 480x853px) Image search: [Google]

125KB, 480x853px

>>62378009
Also IE6 made by paid "developers".

>>62383233
>until your info gets stolen and/or posted.

I'm not worried about my SSH passwords getting stolen/leaked.
I keep them very safe because I realize how important that is.

My question is if there is some other way I'm vulnerable by having SSH open to all IP's.

File: wpid-wss-active-share1.png (57KB, 627x346px) Image search: [Google]

57KB, 627x346px

>>62382712
Everyone can pick their poison.

File: file.png (92KB, 840x503px) Image search: [Google]

92KB, 840x503px

>>62383339
that site is a real clusterfuck of conflicting information

>>62382779
is there a source on this? I hope this is true

>>62383331
If I SSH in your server, download some exploit or malware, your IP is the one that gets logged for executing shit.

Depending on the restrictions of the SSH user, obtaining root access might be needed before that. But since you're in the machine, LPE shouldn't be that hard. When one is root, your keys/passwords aint protected anymore and you can start to change your passwords.

Play stupid games, win stupid prizes.

>>62383237
>I believe it's possible to bruteforce it if somebody would target that website specifically.

Brute forcing over the internet is a meme.
You'll be lucky to get a few attempts per second.
A million attempts per day would be very generous.

Even a very weak all lower case 6 letter password would take a year to brute force at that speed.
Any sensible password would be pretty much impossible.

>>62383354
Not really, MS webserver software runs on 51% of all sites, ~10% of "active" sites (however that's defined) and the Windows Server operating system runs on 26.8% of web facing servers, which can run things other than IIS or may not even run a webserver at all.

>>62382705
This hurts my soul that you would disparage both an excellent taco, and an excellent sub.

>>62383383
>If I were a leet haxxor with +100 stealth and +200 luck I could hack your shit.

But you aren't.

>>62383414
>MS webserver software runs on 51% of all sites
Barely believable especially when most sites defended by cloudflare and similar crap.

>>62383454
Disregarding if I am, it matters that some people are. And they can connect on your site.

As I said: a sitting duck. Some ducks never get shot, but that doesn't make them anything other than lucky.

In your case its even worse, since your blatantly ignoring the issue, even though you know it is there.

Enjoy getting fucked over sometime by someone.

>>62383466
Yes, don't most sites run on some Plesk/WHM/whatever server with thousands of sites served by a single server?

Isn't that how normies host their sites?

>>62383531
You are clearly clueless about how SSH works.

You need a username and password to get in.

>>62383581
Or a key.

>>62383365
She lead an illegal purge of fucking white males and replaced them with diverse alternatives, that is true.
http://www.eastbaytimes.com/2016/10/06/yahoo-ceo-marissa-mayer-led-illegal-purge-of-male-employees-lawsuit-charges/
google other results.

I was memeing when I said they turned the firewall off. (they probably actually did though)

>>62383531
>the absolute state of this board
Son are you even over 14? Was your first OS windows vista?

>>62383442
They are all great, but list the ingredients of all of it using only nouns and no adjectives.. "bread, lettuce, cheese, meat"