What Can We Learn from Equifax Hack?
According to details released by Equifax, their massive breach was caused by failing to apply a security patch for open source software to a critical system. The patch was released in March 2017 and the hackers got access sometime in mid-may. The problem was detected by Equifax at the end of July and revealed to the public in September. During that time, hackers had access to 143 Million customer accounts (100K+ Canadians) including full personal details, social insurance numbers, and basically anything they need to steal your identity.
One of the big problems with Open Source software is that everyone knows all the secrets. You know that if a patch is released, that a good person discovered the problem and got to work on a solution. That is great. The problem is that we have no idea how long the bad people were aware of the exploit. Some bad people like to brag about their success and discoveries and the good guys know where to hang out to hear this bragging. But not everyone brags. Some just find the hole and exploit it for as long as possible. Also, hackers love to share to create more chaos so we can be sure that hackers shared their techniques and suddenly you have hundreds or thousands of people testing systems around the world knowing that not all system administrators are going to be on the ball.
This sort of thing happens every day. The majority of web sites are setup using open source software and rely on dozens of different plugins to add features. This massive community creates a fragile web of trust that is only as good as the weakest link. Site owners have to hope that their developers are monitoring and applying patches and updates to server software, web software, and plug-ins. It takes time, effort and diligence.
If Equifax can fail, so can you.
The advantage of SiteCM and CommerceCM is that we control our infrastructure including servers and all software. We don’t give out source code for people with questionable intentions to pour over and we don’t let people run code on our servers. All of our drop-in controls are created and managed in house following strict protocols. Servers are updated regularly and we have systems in place to monitor, report, and block suspicious activity. We track thousands of automated probes a day from hackers who have programmed bots to rattle the doors of web sites across the internet hoping to find one that is unlocked. Usually they are vandals who want to deface your site and brag to their friends. Sometimes they want to hijack your site to promote businesses of questionable quality such as unregulated pharmacies. Sometimes they just want to sit quietly and see what happens or turn your site or server in to a slave to execute a denial of service attack. In any case, we stop them before they start so that you don’t have to waste your reputation, time, and money rebuilding.
If you want peace of mind and want to avoid being the next brand name splashed in the headlines for all of the wrong reasons, we’d be happy to help.
Tags: equifax, security, hack