What to do about Equifax - DTNS WEEKLY TECH UPDATE 09/14/2017
PSSST! If you're in the Uk, check it out. We're doing a DTNS meetup and an episode of the show from London on October 9! Get all the details and sign up to attend here: http://bit.ly/dtnslondon 

HUGE Thanks to the original Brito Wil Harris for setting this up for us!


This is the weekly newsletter companion to Daily Tech News Show at http://dailytechnewsshow.com/ 

You can get this newsletter by backing DTNS for $5 a month or more at http://patreon.com/dtns 


CLOSER LOOK - Did you hear about that Equifax credit reporting agency breach? Oh, so you have a pulse and are breathing? Good. 

Just to recap, attackers breached the Equifax network and obtained names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers for 143 million US residents. They also accessed credit card numbers for approximately 209,000 people, and certain dispute documents with personal identifying information for approximately 182,000. Oh and limited info on a few UK and Canadian residents got caught up in it too. 


HOW DID THIS HAPPEN?

Funny story. So in March of this year Apache disclosed a zero-day vulnerability in its Apache Struts web application framework and issued a patch. 

Patching the vulnerability required downloading an updated version of Struts and then using it to rebuild all apps made with the previous version. Rebuilt apps would then need to be tested to make sure they don’t break key functions. So this could take some time and for a company as big as Equifax would be a complex task.

The Equifax intrusion began in mid-May of this year, so we can say with some certainty that the most charitable interpretation is that Equifax was still working on implementing the patch after two months.


WAIT WAS MY INFO IN THERE?

You could try going to http://www.equifaxsecurity2017.com and check, however some have reported getting different results when entering the same information, so the reliability of its info has been called into question.

AND there was a bit of confusion, as the original terms of service for the site indicated using the site meant you agreed to arbitration instead of a court case and waived your right to join a class action suit. Equifax has since changed the terms for its TrustedID product but the main Equifax site still has the waiver. They SWEAR they won't prevent you from suing them though.

But that's your only way to know for sure. If you don't trust the site or the terms, since the number of people in the breach makes up almost half the US population, you could just assume you're affected.


SO WHAT DO I DO ABOUT IT?

Equifax is offering a free year of credit monitoring through its TrustedID product for ALL residents of the US. If you trust them and believe they have properly changed their terms of service, you can sign up for that at the aforementioned http://www.equifaxsecurity2017.com.


I DON'T TRUST THEM, WHAT ELSE YOU GOT?

You could do what anyone who has been a victim of identity theft is advised to do, which is to put a freeze on your credit reports. This prevents creditors from viewing your credit file which will prevent anyone taking out a loan in your name. 

https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs 

- When you put the freeze in place they mail you a PIN. The PIN is necessary to lift the freeze.

- You need to put the freeze on at each of the major credit reporting agencies, Equifax, Experian, TransUnion and the smaller Innovis. Equifax is offering fee-free freezes and unfreezes until November 21. The others generally charge small fees.

https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp 

https://www.experian.com/freeze/center.html 

https://www.transunion.com/credit-freeze/place-credit-freeze 

https://www.innovis.com/personal/securityFreeze 

- If you need to get a new loan or credit card, you pay a small fee to lift the freeze temporarily then put it back in place. It can take up to three business days to lift a freeze.


I DON'T KNOW, THAT SOUNDS EXTREME? IS THERE ANY OTHER OPTION?

I know this is stressful but there's no need to shout. If you're convinced you're information wasn't accessed, but you just want a middle ground safety measure, you could put a fraud alert on your credit report. This requires creditors to verify your identity, usually by calling you to ask if you really requested a loan. 

- A fraud alert is free and lasts 90 days.

- Extended fraud alert is an option for those with an identity theft report (IdentityTheft.gov) It can last 7 years. 

- Active Duty military can get a fraud alert for one year.

You can find all this info and a lot more at the excellent article at The Verge by Ashley Carman

https://www.theverge.com/2017/9/8/16276194/credit-freeze-equifax-how-to-data-breach 


NEWS RECAP

Credit reporting firm Equifax announced Thursday that it discovered on July 29th that attackers accessed data for 143 million US customers. The data included addresses, credit card numbers, social security numbers, birth dates and some drivers license numbers. Equifax announced that attackers exploited a vulnerability in the Apache Struts web application framework in order to gain access to the network and eventually access 143 million US residents records. The vulnerability was patched by Apache March 6th this year. The Equifax intrusion began in mid-May of this year. https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug/ 

-- http://krebsonsecurity.com/2017/09/ayuda-help-equifax-has-my-data/ 

https://www.cnbc.com/2017/09/07/credit-reporting-firm-equifax-says-cybersecurity-incident-could-potentially-affect-143-million-us-consumers.html 

Apple announced three new phones Tuesday with wireless charging. The 4.7-inch iPhone 8 starts at $699 and the 5.5-inch iPhone 8 Plus at $799 for preorder September 15th shipping September 22nd. The 5.8-inch iPhone X has wireless charging and replaces fingerprint authentication with facial recognition, called Face ID. The iPhone X starts at $999 for preorder October 27th, shipping November 3rd. Apple also announced iOS 11 is coming to all compatible devices on September 19th. https://www.theverge.com/circuitbreaker/2017/9/12/16277764/apple-iphone-8-announced-features-price-release-date

-- https://www.theverge.com/2017/9/12/16288806/apple-iphone-x-price-release-date-features-announced

Apple also announced the Apple Watch Series 3 with improved WiFi and Bluetooth connectivity starting at $329. A version with built-in cellular data over LTE or UMTS that can share a phone number with an iPhone starts at $399. And Apple announced the Apple TV 4K which supports HDR10 and DolbyVision HDR at $179 for 32GB of storage and $199 for 64GB. All studios except Disney will make 4K movies available at the same price as HD and upgrade previously purchased movies at no cost. Preorders for the new Watches and Apple TV start September 15th for shipping September 22nd.

https://www.theverge.com/2017/9/12/16270442/new-apple-watch-lte-announced-price-release-date-features

-- https://www.theverge.com/circuitbreaker/2017/9/12/16277592/4k-apple-tv-announced-price-release-date-features

-- https://www.wsj.com/articles/disney-is-lone-holdout-from-apples-plan-to-sell-4k-movies-for-20-1505243389  

Google has announced an event for October 4th, expected to be new Pixel phones. Videos, a website and billboards announcing the event show people typing “why can’t my phone” into Google search with various endings to the sentence. Meanwhile Droid Life’s Kellen Barranger noted that an FCC filing indicates LG will make the Pixel 2 XL. HTC is expected to be making the Pixel 2. http://www.androidpolice.com/2017/09/14/october-4th-new-pixel-day-confirmed-google-video-billboard/ 

-- http://www.droid-life.com/2017/09/13/lg-made-google-pixel-xl-2-hits-fcc/ 

Google announced that support for its Windows and macOS Google Drive apps will end December 11th and the app will shut down altogether March 12, 2018. Google has two replacement apps. Backup and Sync which replaces Google Drive and Google Photos Uploader. And for enterprise users there’s Drive File Streamer. https://www.theverge.com/2017/9/7/16267624/google-drive-desktop-app-shutdown 

Xiaomi announced the Mi Mix 2 with a 6-inch display 18:9 screen resolution and almost no bezel. It has a Snapdragon 835 processor and 6 GB of RAM. Options start at 64 GB  up to 256 GB. The cheapest is 3299 RMB (US$506). The most expensive is a special edition with 8GB of RAM and 128 GB storage for 4699 RMB (US$720). Xiaomi also launched the 5.5-inch Mi Note 3 with a Snapdragon 660 processor and 6GB of RAM ranging from 2499 RMB (US$383)  up to 2999 RMB (US$460).  The models will launch in China first following in all existing markets where Xiaomi phones are sold. https://techcrunch.com/2017/09/11/xiaomi-mi-mix-2-mi-note-3/ 

Xiaomi also launched a new laptop, the Mi Notebook Pro. It has a 15.6-inch 1920 x 1080 display Intel quad-core i7 processor, 16 GB of RAM and up to 1 TB Solid state storage with Nvidia’s GeForce MX150 graphics card. It runs Windows 10 Home. It also has a fingerprint reader in the trackpad, a 3-in-1 card reader, two USB-C ports, two regular USB ports and an HDMI port. It will sell for 6399 Chinese yuan (US$980). https://www.theverge.com/circuitbreaker/2017/9/11/16286358/xiaomi-mi-notebook-pro-features-specs-pricing 

Nintendo announced that it will resume production of the NES Classic console for shipping in summer 2018. Nintendo also announced it will extend shipments of the SNES Classic console into 2018, which were originally scheduled to end sometime this year. https://kotaku.com/nintendo-bringing-back-the-nes-classic-in-2018-1803771394 

Microsoft continues to make changes in the Windows 10 Fall/Autumn Creators Update coming October 17th. Previously apps could get access to things like camera, microphone, calendar and contacts by default, only requiring notification to the user, who had to go into settings to change the privacy settings. Now third-party apps will be required to get explicit permission for access to all sensitive functions. Windows 10 Enterprise users will get a new setting that limits diagnostic data collection. https://arstechnica.com/gadgets/2017/09/windows-10-fall-creators-update-shaking-up-privacy-settings-some-more/ 

The Ken has sources that say and has discoverd government filings that indicate  Google plans to roll out a mobile payment service in India as early as Monday. The Ken claims the service will be called Google Tez, a word for fast, and support the government’s Unified Payments Interface. https://the-ken.com/google-payment-india/ 



Become a patron to

3,166
Unlock 3,166 exclusive posts
Be part of the community
Get exclusive merch
Listen anywhere
Daily Tech News Show is offering
an exclusive sticker
Recent Posts