Equifax

Being in the industry, I understand how difficult it is to secure an organization, so I have some sympathy for Equifax. As an ex-NSA colleague noted (paraphrasing), “A defender has to protect everything, an attacker only has to find one hole.” That said, their business is PII, so there is a higher standard there.

In the end my concern is less that the hack happened, than the difficulty in navigating their site and ultimately receiving the credit protection. First of all, the initial page they are telling “customers” isn’t intuitive:

https://www.equifaxsecurity2017.com

It is mostly PR material. You ultimately need to go to the “POTENTIAL IMPACT” button on the bottom:

https://www.equifaxsecurity2017.com/potential-impact

Then when you do sign up, they tell you you’ll have to wait for roughly a week then sign up at a different URL. You had better write down the URL because they say, “you will not receive additional reminders”. The URL, if you made the mistake of not writing it down is:

https://faq.trustedidpremier.com

Then “click through the link to continue through the enrollment process”. What link that is, god knows.

In fact if you click the above “faq.trustedidpremier.com” today, it goes back to, well, “www.equifaxsecurity2017.com”, which I assume then you are supposed to click the “ENROLL” button on the bottom???:

https://www.equifaxsecurity2017.com/enroll

Just mildly confusing.

VMware virtual or not?