Rietta
Rietta.com Security
You are reading The Rietta Blog, a publication about the web since 2005.

Lay Off the Marketing Plugins. Equifax Hit With Fake Flash Update.

Comments

The Equifax website borked again, this time to redirect to fake Flash update (arstechnica.com). This is the latest episode in the sad saga of insecurity at the embattled Atlanta-based credit reporting giant. Atlanta is known for a healthy information security ecosystem and the Georgia Institute of Technology and Kennesaw State University both have cybersecurity programs at the undergraduate and graduate level. If Equifax cared to hire security minded people to work in key areas they could.

Certainly more details of this attack will emerge but there is “a strong case that Equifax was working with a third-party ad network or analytics provider that’s responsible for the redirects.” My advice for any website operator is to lay off on the marketing plugins and JavaScript widgets that your SEO team loves so much. Focus on your core technology and remember that attacks on your technology supply chain can lead to significant security incidents for your company.

About Frank Rietta

Frank Rietta's photo

Frank Rietta is a web application security consultant, software developer, author, and speaker. He is a computer scientist with a Masters in Information Security from the College of Computing at the Georgia Institute of Technology. He teaches about security topics and is a contributor to the security chapter of the 7th edition of the "Fundamentals of Database Systems" textbook published by Addison-Wesley.

Comments