Hacker News new | past | comments | ask | show | jobs | submit login

To give nuance to the clickbait:

"The vulnerability in Struts was just recently discovered by security researchers, who announced it earlier this week on Sept. 4. According to the researchers, the bug has existed since 2008."




There is now a correction at the beginning of the article:

> Correction: An earlier version of this article said the vulnerability exploited by the hackers who broke into Equifax was the one disclosed on Sep. 4. It’s possible that the vulnerability that was targeted was one disclosed in March. We will update this post when we’ve confirmed which vulnerability it was.


Equifax discovered the hack on July 29, more than a month before this vulnerability was discovered.


A month before this vulnerability was discovered by these specific security researchers.


A month before it was _disclosed_ by these researchers.

Given the magnitude of this hack, it is entirely possible they embargoed it for a while.


No, the vulnerability was reported to the Struts project on July 17.

https://lgtm.com/blog/apache_struts_CVE-2017-9805


I meant a month before it was reported.


So little to no chance then that those executives who sold stock the other day didn't know about it then.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: