Language Selection

English French German Italian Portuguese Spanish

Apache Mounts Strong Defense, Equifax Retreats

Filed under
Security

One of the largest financial data breaches in U.S. history, it exposed names, addresses, Social Security Numbers, birth dates, driver's license numbers and other sensitive information belonging to 143 million U.S. consumers, as well as data belonging to an undisclosed number of UK and Canadian consumers.

The attackers also accessed credit card data for about 209,000 consumers and credit dispute information for about 182,000 consumers, Equifax said.

[...]

However, with respect to the possibility that it resulted from an exploitation of a vulnerability in the Apache Struts Web Framework, it was not clear which vulnerability could have been utilized, Gielen said.

One assumption connected the breach to CVE-2017-2805, one of several patches Apache announced on Sept. 4.

"However, the security breach was already detected in July, which means that the attackers either used an earlier announced vulnerabiity on an unpatched Equifax server or exploited a vulnerability not known at this point in time -- a so called Zero Day Exploit," Gielen noted.

The committee members have put enormous effort into "securing and hardening the software we produce," he added, and they fix problems that come to their attention.

There's a distinction between the existence of an unknown flaw in the wild for nine years and failing to address a known flaw for nine years, said Gielen, emphasizing that the committee just learned about this flaw.

The has not had any contact with anyone using the @equifax domain on any Apache list in more than two years, said Apache spokesperson Sally Khudairi.

"To be clear, whilst we haven't had contact with anyone using the @equifax domain -- official or otherwise -- that is not to say there isn't a chance that someone from their team may have done so using an alternate channel," she told LinuxInsider.

Read more

More in Tux Machines

Debian GNU/Linux 9 "Stretch" Receives L1 Terminal Fault Mitigations, Update Now

According to the security advisory published on Monday, the new kernel security update addresses both CVE-2018-3620 and CVE-2018-3646 vulnerabilities, which are known as L1 Terminal Fault (L1TF) or Foreshadow. These vulnerabilities had an impact on normal systems, as well as virtualized operating systems, allowing a local attacker to expose sensitive information from the host OS or other guests. "Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults. This flaw could allow an attacker controlling an unprivileged process to read memory from arbitrary (non-user controlled) addresses," reads today's security advisory. Read more

Rugged, sandwich-style Sitara SBC has optimized Linux stack

Forlinx’s sandwich-style, industrial temp “OK5718-C” SBC runs Linux on a “FET5718-C” module with a Cortex-A15 based TI AM5718 SoC. Other features include SATA, HDMI, MIPI-CSI, USB 3.0, CAN, and mini-PCIe. Forlinx Embedded Technology, the Chinese company behind Linux-friendly SBCs such as the TI Sitara AM3354 based OK335xS-II and The Forlinx i.MX6 SBC, has posted details on a new OK5718-C SBC. Like the OK335xS-II, it’s a Sitara based board, in this case tapping TI’s single-core, Cortex-A15 based Sitara AM5718. Like the i.MX6 SBC, it’s a sandwich-style offering, with the separately available FET5718-C module hosting the up to 1.5GHz AM5718. Read more

RISC-V and NVIDIA

  • Open-Source RISC-V-Based SoC Platform Enlists Deep Learning Accelerator
    SiFive introduces what it’s calling the first open-source RISC-V-based SoC platform for edge inference applications based on NVIDIA's Deep Learning Accelerator (NVDLA) technology. A demo shown at the Hot Chips conference consists of NVDLA running on an FPGA connected via ChipLink to SiFive's HiFive Unleashed board powered by the Freedom U540, the first Linux-capable RISC-V processor. The complete SiFive implementation is suited for intelligence at the edge, where high-performance with improved power and area profiles are crucial. SiFive's silicon design capabilities and innovative business model enables a simplified path to building custom silicon on the RISC-V architecture with NVDLA.
  • SiFive Announces First Open-Source RISC-V-Based SoC Platform With NVIDIA Deep Learning Accelerator Technology
    SiFive, the leading provider of commercial RISC-V processor IP, today announced the first open-source RISC-V-based SoC platform for edge inference applications based on NVIDIA's Deep Learning Accelerator (NVDLA) technology. The demo will be shown this week at the Hot Chips conference and consists of NVDLA running on an FPGA connected via ChipLink to SiFive's HiFive Unleashed board powered by the Freedom U540, the world's first Linux-capable RISC-V processor. The complete SiFive implementation is well suited for intelligence at the edge, where high-performance with improved power and area profiles are crucial. SiFive's silicon design capabilities and innovative business model enables a simplified path to building custom silicon on the RISC-V architecture with NVDLA.
  • SiFive Announces Open-Source RISC-V-Based SoC Platform with Nvidia Deep Learning Accelerator Technology
    SiFive, a leading provider of commercial RISC-V processor IP, today announced the first open-source RISC-V-based SoC platform for edge inference applications based on NVIDIA’s Deep Learning Accelerator (NVDLA) technology. The demo will be shown this week at the Hot Chips conference and consists of NVDLA running on an FPGA connected via ChipLink to SiFive’s HiFive Unleashed board powered by the Freedom U540, the world’s first Linux-capable RISC-V processor. The complete SiFive implementation is well suited for intelligence at the edge, where high-performance with improved power and area profiles are crucial. SiFive’s silicon design capabilities and innovative business model enables a simplified path to building custom silicon on the RISC-V architecture with NVDLA.
  • NVIDIA Unveils The GeForce RTX 20 Series, Linux Benchmarks Should Be Coming
    NVIDIA CEO Jensen Huang has just announced the GeForce RTX 2080 series from his keynote ahead of Gamescom 2018 this week in Cologne, Germany.
  • NVIDIA have officially announced the GeForce RTX 2000 series of GPUs, launching September
    The GPU race continues on once again, as NVIDIA have now officially announced the GeForce RTX 2000 series of GPUs and they're launching in September. This new series will be based on their Turing architecture and their RTX platform. These new RT Cores will "enable real-time ray tracing of objects and environments with physically accurate shadows, reflections, refractions and global illumination." which sounds rather fun.

today's leftovers