Sunday, September 10, 2017

Struts Framework Problem led to Equifax Data Breach

Hackers gained access to millions of credit report holders' information via a known Java Struts vulnerability.

The credit reporting agency Equifax announced on Sept. 7 that hackers stole records containing personal information on up to 143 million American consumers. The hackers behind the attack, the company said, “exploited a U.S. website application vulnerability to gain access to certain files.” That vulnerability, according to a report on the data breach by William Baird & Co., was in a popular open-source software package called Apache Struts, which is a programming framework for building web applications in Java. Two vulnerabilities in Struts have been discovered so far in 2017.

The breach details can be found here...


Thursday, September 7, 2017

Some Legislative Movement on Autonomous Vehicles

Congress might be making progress on self-driving cars: a bill put forth addresses manufacturers seeking to test robot cars have to demonstrate self-driving cars are at least as safe as existing vehicles. States could still set rules on registration, licensing, liability, insurance, and safety, but not performance standards.

The U.S. House ... unanimously approved a sweeping proposal to speed the deployment of self-driving cars without human controls by putting federal regulators in the driver’s seat and barring states from blocking autonomous vehicles.

The House measure, the first significant federal legislation aimed at speeding self-driving cars to market, would allow automakers to obtain exemptions to deploy up to 25,000 vehicles without meeting existing auto safety standards in the first year. The cap would rise over three years to 100,000 vehicles annually.