-->
≡
Home
Woman
Sport
Business
Health
Privacy Policy
Contact Us
Contact Us
How the Massive Equifax Data Breach Happened
:
:
2017-09-23T22:11:37Z
Saturday, 23 Sep 2017 - 10:11 PM
SciShow is supported by Brilliant.org - a problem-solving website that teaches you how
to think like a scientist.
Another week, another news story about a massive data breach.
But this time, the company involved is one of the ones in charge of monitoring your credit.
And the hack appears to have involved some serious negligence on their part.
Equifax is one of three big American credit agencies, which calculate the credit scores
that determine how hard it is for you do things like get a loan.
You probably know by now that they were hacked, and criminals managed to access private data,
like social security numbers and birth dates, for 143 million consumers.
Including 209,000 people’s credit card information.
Credit agencies collect financial data on pretty much everyone in the U.S. with a credit
history.
Even if you’ve never paid for any of Equifax’s services directly, if you’re an adult in
the United States, you were probably affected.
And it turns out that the hackers got in by taking advantage of a vulnerability that Equifax
had plenty of opportunity to fix.
So oops, I guess.
The Equifax website is built on software called Apache Struts, a widely-used framework for
creating programs that help companies manage large amounts of data online.
In March, the Apache Foundation, which oversees Struts, announced the existence of a vulnerability
in the software code that they dubbed CVE-2017-5638.
And it was a bad one.
We’ve all filled out web forms a zillion times — to order products, register for
accounts, contact customer service, all sorts of things.
But because of a bug in the way that Struts handles data entered into these forms, hackers
could use them to send malicious code to the servers with the data on them — a type of
hack known as remote code execution.
Normally, programmers protect against this by having the server check what you’re submitting
to make sure it’s not computer code.
But with this vulnerability, hackers could trigger an error, then make the server run
the embedded commands while it was trying to figure out what the error was.
That’s a pretty serious bug, but the Apache Foundation released a fix for it at the same
time that they announced its existence.
The fix could take a while, because it’s not as simple as downloading a software update
for your phone.
It requires individually updating and rebuilding every app that runs on the Struts platform,
which could be dozens or hundreds for a single company.
But the breach of Equifax’s system using this vulnerability began in mid-May, two months
after the vulnerability came to light
Why hadn’t Equifax updated their system by then?
Nobody knows.
We may find out though since more than thirty lawsuits have already been filed, the FBI
and the FTC are investigating, and legislators are planning hearings, so there will be more
information in the coming months.
In the meantime, a couple of weeks ago Apache announced another Struts bug that makes it
vulnerable to remote code execution, along with a patch for it.
Here’s hoping Equifax implements this one a little more quickly.
If all this hacking news has got you down, you might be relieved to hear that our second
story isn’t about current events -- instead, it takes place 550 million years ago so not
likely to affect you personally
Back then, Earth’s oceans were inhabited by a creature so different from anything around
today that scientists have never been sure if it was an animal or something more like
a fungus or lichen -- until now.
In a paper published last week in the journal Proceedings of the Royal Society B, paleontologists
concluded that it was an animal.
And their findings are giving us some fresh insights into the origins of animals as a
whole.
Dickinsonia fossils were first described in 1947, but it was hard to tell exactly what
they were.
The mysterious organism looked like a flattened oval.
It was bilaterally symmetrical -- the same on both sides -- and made up of a series of
rib-like “units” arranged along a central axis.
Most Dickinsonia had a triangular shape at one end, which some think was the head.
The scientists who found it originally thought it was a jellyfish-like animal, but it’s
also been compared to worms, other simple animals, and things that aren’t animals
at all.
It was one of the first fossils described from the Ediacaran Period, 541 to 635 million
years ago.
It was a time when the world’s oceans held soft-bodied organisms so different from anything
known today that how to classify them has been a major paleontological mystery.
To figure out where this thing actually fits in the tree of life, the authors of the new
study compared juvenile and adult Dickinsonia fossils from South Australia.
They counted the specimens’ body units, measured their lengths, and plotted these
numbers against the age of each unit to see how they grew.
They found that Dickinsonia grew in two ways -- by adding new units, and by increasing
the size of existing ones.
Late in their life cycle, they switched mostly to the second, “inflation”-based way of
growing.
The team also found that Dickinsonia grew from the “head” end, instead of from the
other end where the body units were smallest, which is what everyone had assumed.
Comparing all this to what we know about how other organisms grow and develop tells us
that Dickinsonia was definitely an animal, and probably part of a group called the Placozoa.
And, based on the animals it was most similar to, it probably lived on the ocean bottom
and could move around, rather than being fixed in place like a sponge or coral.
For a long time, paleontologists interested in the origins of more complex and diverse
animals focused on the Cambrian Explosion, which happened around 541 million years ago,
millions of years after Dickinsonia’s heydey.
But if some of the weird, confusing Ediacaran organisms were actually animals in their own
right, this adds one more piece to the growing body of evidence that our animal relatives
go back further than we thought.
If the strange case of Dickinsonia got you wondering about other scientific mysteries,
Brilliant.org is a problem-solving website that teaches you how to think like a scientist.
Brilliant presents short, conceptual quizzes that supplement what you’ve seen on SciShow.
A great way to retain that information is by actively solving problems on Brilliant.
Each course guides you through easy and challenging problems with interactive graphics and questions.
One course, Physics of the Everyday, has a neat lesson about physics in nature , like
seasons and the greenhouse effect.
In one lesson, I was surprised to learn how simple it is to predict which way hurricanes
rotate.
If you think you already know, [leave a comment below and] check your reasoning on Brilliant.
. It was a fun refresher for concepts I thought I had already mastered.
4 million people are already using Brilliant, so join them in sharpening your STEM skills.
To support SciShow and learn more about Brilliant, go to brilliant.orgSciShow and sign up for
free.
This lock requires 250 steps to open it! - Schloss 250 The Fiery, Pitch-Black Egg-Planet Planet Earth II: Official Extended Trailer - BBC Earth We Built a 'Holodeck' for Animals! Satisfying Video that You Will Relax Watching Why Do We Get Nosebleeds? How to Stop Getting Zapped By Static 4 Things You're Not Allowed to Do in Space Equifax Just Equi-F'ed Everyone Where Are All the Dinosaur Brains?
Facebook
Twitter
Google Plus
SciShow
Latest Posts
