Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Equifax Software Manager Charged with Insider Trading
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
7/2/2018 | 5:05:20 PM
Re: CIO
@blackjack: To say nothing of the fact that there is no such thing as 100% secure -- unless you have 0% accessibility.

Moreover, to open CIOs and their ilk up to criminal charges for this kind of thing would mean that they would command mega-salaries in excess of their CEOs -- so as to compensate for the risk.
REISEN1955
0%
100%
REISEN1955,
User Rank: Ninja
7/2/2018 | 10:31:58 AM
Re: Best Practice?
I cannot help but think that many Equifax employees will have great new careers at Wells Fargo. LOL
BradleyRoss
50%
50%
BradleyRoss,
User Rank: Moderator
6/30/2018 | 2:26:14 PM
Re: Best Practice?
I think that the problem is that there is no defined best practice with regard to securing the data.  The comment that I heard from someone at the FBI was that if they published a best practice or good practice document, people might hold them to it and use the document to avoid legal penalty.  I was somewhat incredulout about this answer since it meant that lack of a "good practices" document made it almost impossible to bring a legal charge against the firm.

Insider trading is a different matter in the law more clearly specifies what constitutes a breach of the law.  It is therefore much easier to bring criminal charges and obtain a guilty verdict.
blackjack0021
50%
50%
blackjack0021,
User Rank: Apprentice
6/30/2018 | 1:16:24 AM
Re: CIO
Come on, reality check. If we charged every CIO who oversaw a network that wasn't 100% secure, and/or patched.... you'd be charging EVERY CIO. Drop down to 90% secure/patched and you'd only have to charge 90% of CIO's, etc. Veracode publicly said they saw 90% of their customers STILL had systems with the same Apache Struts app unpatched six months after Equifax. Not making excuses for them, but being outraged doesnt change reality.... every company has similar issues, and everyone's data was already stolen.
blackjack0021
50%
50%
blackjack0021,
User Rank: Apprentice
6/30/2018 | 1:08:11 AM
Re: Best Practice?
First, he didn't sell stock he already owned to avoid the decrease in value. He purposefully purchased PUT options. Meaning he placed a bet the stock would drop, and when it did he cashed in. Second, google insider trading wiki. Best practice doesn't mean anything here, there are specific laws that say what you are NOT ALLOWED to do. And yes, you could be stuck knowing your stock is about to become worthless, and you can't legally sell it before the news breaks, or warn others to do so.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:49:49 PM
CIO
Equifax's former chief information officer, Jun Ying, earlier this year pleaded not guilty to charges of insider trading related to the data breach Charges on insider trading? How about not securing the network as it should be, so no charge on that!
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:48:04 PM
Re: Best Practice?
This is a cynical representation of it of course but seriously I can't fathom being in that position and would like someone who is better versed legally to shed some light on the matter. I would say this would depend on circumstances of the case, each case would be different, mainly around intention.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:46:42 PM
Re: Best Practice?
Can someone explain to me what is best practice in these scenarios? I think this is a good question. I am not sure if thee is a best practice in this case.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:45:09 PM
Re: Not Surprising
I would be surprised however if it was to be the last person charged in light of the Equifax breach. I would agree. But these are mistakes after the mistakes, not root course of the problem they are in.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:44:16 PM
Fallout
Fallout from the epic Equifax data breach just keeps coming For me it it is better to focus on why these type of massive attacks happenin the first place and the focus on what people did wrong once it happened. We have no clue what went wrong.
Page 1 / 2   >   >>


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
New Attack Campaigns Suggest Emotet Threat Is Far From Over
Jai Vijayan, Contributing Writer,  1/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3622
PUBLISHED: 2020-01-22
A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.
CVE-2020-5221
PUBLISHED: 2020-01-22
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in versio...
CVE-2019-19834
PUBLISHED: 2020-01-22
Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.
CVE-2019-19836
PUBLISHED: 2020-01-22
AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.
CVE-2019-19843
PUBLISHED: 2020-01-22
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.