 So further in the saga of the aquifax hack, which is found on a really popular topic among security people and among Everyone who's affected which is about a hundred forty million people were trying to sort all this out The Apache foundation issued a media alert the Apache Sotra foundation Confirms data breach due to failure to install patches provided for Apache struts exploits now They're confirming which Foundability this was and that they didn't patch Now this is really where we can all sit back and be armchair Pundits who just say yeah, they should have done this and they should have done that But as someone who works in it will tell you Patching is a lot of work now We deal with just patching a lot of Windows servers and applications for our clients But you go a step further when you talk about a patching like the struts They have to test and validate all the code written on top of it. So it's a non trivial test Not like they just oh, let's just click an update like a Windows update like we're used to it's a lot more in-depth But that being said doesn't mean there's not ways to mitigate this So the patch is not necessarily smoking gun to say that the company has it a major failure that oh They didn't patch the questions is what other countermeasures that they have in place and where those bypassed as well For example, you can put things in front of your application called a web application firewall We use this an example. This would be like the word fence security. We use on wordpress It kind of so to speak and buy you some time if it's properly done properly configured where if there's an exploit for a web application The web application firewall will look for that pattern and go no, no I know this pattern of attack and this vector is to try to exploit something that isn't patching You can stop at the firewall. That is a method of threat mitigation so we really don't have the details on what really went down and I'm hoping there really is a full disclosure of what happened at the Equifax hack because there's a couple things that we really don't have a whole grasp on one is the countermeasures to a Flaw in struts was maybe the original breach point But what allowed them to lateral movement throughout the network to get all the other information that the people were able to Get once inside that's actually where it becomes interesting because once they get and breach the firewall Get through the first layer. There should be a series of layers and alerts going on that will Get you in touch with you know, what's going on? So they what did they do to mitigate how did it take them so long to find out that they were breached? Where there are other vulnerabilities exploited once they were inside for other unpatched things Until we really have these answers. We can't pass full judgment now I'm not saying I have some faith that Equifax did everything right and this was a freak accident Security's really really hard and I'm hoping they dedicated a lot of resources to it, but we're not sure but on that same topic This came up. So this was on the publicly a viewable side and if you put in and I tested again That's why I got a screenshots. It's now removed, but this is the 2012 Equifax Soc type 2 report now the Soc reports you generally have three levels of them Soc 1 2 and 3 you can Google get some of the details on these But their operational audits Performed and your type 1 is for internal use type 2 may be shared between vendors can be public And then your type 3 is like for believe like the shareholders now not an expert on that You can Google and get some of the information but what they are is Operational audit reports and we'll talk about that. So there is a copy and I'll leave a link below because if it's on the internet ones It's gonna always be on the internet and what it is It's got an assessment all the different systems provided by KPMG and like audits of them No, no of an exceptions accepted is some of the things it said because it would look at a control system They have and they would audit that control system and there's some details in here But we're gonna go jump right to page 54 by cell even links. You can read the whole thing So these are the kind of the Real problems with the systems they found so out of 2188 termination so they during the time this is 2012 so this is an older report and I didn't see any newer ones available But it could be that they fixed all these problems It could be that this is systemic of the company once again I'm kind of arm-chairing you here, but these are actual results for problems They found five from population of 282,188 terminations were identified with enabled accounts in ACRO Now each of these acronyms is a different system highlighted above to tell you what it does in there But this is kind of a problem when you talk about a company that terminated external contractors but did not terminate their accounts and this is often how Later a movement occurs inside the company is they needed to get past the firewall to get in But then they needed some type of credentials and if you have a disgruntled person that was fired And they're like well all you have to do is breach of fire while they probably didn't delete my credentials That could be another attack vector So this is a little speculative well a lot speculative But it's conceptual as to how it may have happened and this is kind of discerning discerning here to think that you're concerning to think that nine terminated users for a population of 21 2018 terminations were identified as enabled accounts of the PSOL and the CMS app Even one of them is all it takes to get this in there now There's only one interactive directory, but the fact that there's a disconnect here And hopefully this was all changed could mean they didn't have a full Federated access system that propagated through active directory and what that means is You can have systems so you put the active directory and everything else syncs up to it So you have a common system. So if I delete someone out of just active directory It goes and deletes them out of all the systems and the same thing, you know, it's credentials management So I don't have all the details in that but I'll leave this below and it does have some information here about You know the the flaws that they found in here So two users previously disabled were incorrectly Re-enabled since Ernie and this is on page 55 of this if you didn't want to read the whole thing You could just jump in there, but Nonetheless, these are some of the concerns This is interesting that they didn't patch We do but we don't know all the counter measures that they had set up in front And I'm really awaiting the details because understanding the details of how a large company got hacked is also helps us to understand The details of how smaller companies can also protect against it too because smaller companies are getting hacked at a much higher rate than Equifax this is not newsworthy enough To anyone to put on there when a when a small five-person office Didn't patch something and gets hacked They're barely a blip in the radar. You'll find some sysad men in a form going. Oh my gosh My system was hacked But you're not likely to find much more information that which is why I'm trying to work on compiling stories and talking about this because this is a real threat to the small businesses and It's just not making the news because well the media is looking for clicks And I tell you they're getting a lot of clicks off of this but it is a very serious problem with the Equifax So those are my thoughts on it of well, we're right with the Equifax now and you know Like I said, don't just armchair it and say vulnerabilities It's concerning and it's something we're gonna keep a watch on I'm gonna keep reading about this because it's well It's interesting read it probably directly affects be seeing as I have a credit score and probably Equifax has that so If you like to kind of hear like and subscribe and thanks for watching