Archive for October 2, 2017

Equifax Pwned By The Chinese: Bloomberg

Posted in Commentary with tags on October 2, 2017 by itnerd

The epic pwnage of Equifax may have been the work of Chinese intelligence says Bloomberg:

Nike Zheng, a Chinese cybersecurity researcher from a bustling industrial center near Shanghai, probably knew little about Equifax or the value of the data pulsing through its servers when he exposed a flaw in popular backend software for web applications called Apache Struts. Information he provided to Apache, which published it along with a fix on March 6, showed how the flaw could be used to steal data from any company using the software.

 

The average American had no reason to notice Apache’s post but it caught the attention of the global hacking community. Within 24 hours, the information was posted to FreeBuf.com, a Chinese security website, and showed up the same day in Metasploit, a popular free hacking tool. On March 10, hackers scanning the internet for computer systems vulnerable to the attack got a hit on an Equifax server in Atlanta, according to people familiar with the investigation.

Before long, hackers had penetrated Equifax. They may not have immediately grasped the value of their discovery, but, as the attack escalated over the following months, that first group—known as an entry crew—handed off to a more sophisticated team of hackers. They homed in on a bounty of staggering scale: the financial data—Social Security numbers, birth dates, addresses and more—of at least 143 million Americans. By the time they were done, the attackers had accessed dozens of sensitive databases and created more than 30 separate entry points into Equifax’s computer systems. The hackers were finally discovered on July 29, but were so deeply embedded that the company was forced to take a consumer complaint portal offline for 11 days while the security team found and closed the backdoors the intruders had set up.

The handoff to more sophisticated hackers is among the evidence that led some investigators inside Equifax to suspect a nation-state was behind the hack. Many of the tools used were Chinese, and these people say the Equifax breach has the hallmarks of similar intrusions in recent years at giant health insurer Anthem Inc. and the U.S. Office of Personnel Management; both were ultimately attributed to hackers working for Chinese intelligence.

Now there’s no smoking gun as such, but this story does paint a picture that the responsible party were the Chinese. There’s one more thing. It seems that part of the reason this went undetected for so long is due to fact that a dispute between Equifax and Mandiant got in the way. The latter was brought-in to help deal with a different security problem, just as the attack was getting underway. Equifax accused Mandiant of using the classic consulting sales trick of using the A-team to sell its services and sending in the B-team after the contract was signed. So Equifax ignored what Mandiant said and the pwnage continued.

You can be sure that this will come up when various congressional committees quiz Ex-CEO Richard Smith this week.

Advertisements

Review: 2018 Mazda CX-3 GT AWD – Part 1

Posted in Products with tags on October 2, 2017 by itnerd

I often get press releases from car companies that tout all the cool improvements that they made to a car be it new, or be it refreshed. But when I got the press release that related to the 2018 Mazda CX-3 which I first reviewed a couple of years ago, I was intrigued. Why? Here’s what they’ve improved on what was already a pretty compelling sub-compact crossover.

  • Smart City Brake Support is now standard across CX-3 range
  • Newly available features include a full-colour Active Driving Display, power driver’s seat with memory settings and heated steering wheel
  • Complementing Mazda’s predictive i-ACTIV all-wheel drive is standard, exclusive G-Vectoring Control, aiding in steering, handling, stability and confidence
  • The chassis and steering have been thoroughly revised for better handling, greater comfort and improved sound suppression

There may be four bullet points here. But these are significant bullet points. First, the fact that Smart City Brake Support which is capable of stopping the CX-3 in case you don’t react quickly enough is standard means that more people will get that safety tech. That in turn hopefully means less accidents and injuries on the roads. Second, they’ve clearly made efforts to refine the driving experience in a number of ways. Third, they’ve made efforts to refine driver and passenger comfort and convenience.

The question is, does Mazda deliver on all these points? To find out, I decided to get the CX-3 in GT trim to see if I could feel the difference:

This slideshow requires JavaScript.

The Kodo Design that wowed me when I first reviewed it two years ago is still present. And it still looks good from any angle. But from the outside, it doesn’t look like if there are any significant changes. That’s not a bad thing as this is such a good vehicle, I wouldn’t want to mess with it if I were the guy who designed it.

I’ll be posting a multi-part review that will cover the following sections:

  • Engine, transmission, handling, fuel economy, and driving comfort
  • Interior
  • Technology in the vehicle
  • Wrap up

The first thing I will look at is the engine, transmission, handling, fuel economy, and driving comfort as there are significant changes on that front. Tune in tomorrow to see if those changes make the CX-3 a better vehicle.