Who watches the watchmen?
So, irony of ironies, the SEC is supposed to be starting an investigation of Equifax...
Who's going to investigate the SEC?
Re: Who watches the watchmen?
'Who's going to investigate the SEC?'
Not sure if the icon is appropriate or not.
Re: The KGB?
Belarus? They're the only country that still has a KGB as far as I know.
Re: The KGB?
I realised my mistake after editing time was up, I knew I'd get corrected.
Just one of the things I love about this place.
Have a pint.
Re: The KGB?
More likely the SVR (Sluzhba Vneshney Razvedki). The FSB are somewhere between the FBI and MI5 in that their remit is primarily domestic. The SVR are the Foreign Intelligence Service (successors to the First Chief Directorate) so an investigation in the USA would likely fall under their bailiwick.
I wonder how big the breach has to be before the US government places the country’s internet entirely under its benevolent protection? You know, like China?
Software vulnerability in the EDGAR system
"a software vulnerability in the test filing component of the Commission's EDGAR system"
Any technical details as to the nature of the breech, technically speaking?
"a recent .. review faulted the SEC for .. use of unsupported software among other failings."
What was the name of this 'unsupported software'?
July 2017: "the commission continued to use an outdated version of an operating system on its key financial systems although the operating system’s vendor stopped supporting this version of the software over a decade ago and no longer develops or releases patches for the software."
No need to guess then :)
Re: Software vulnerability in the EDGAR system
"Use of unsupported software" on any system should be the occasion for something between a formal reprimand and dismissal. If anything, it is more important on development and test systems to ensure that all software not only is supported but that support will be available until at least a half year into the scheduled deployment life, and ideally through the planned life of dependent software. Note that "support" might include support by in-house staff, for FOSS and in-house developed software.
"corporate filling system"
"corporate filling system" - my mind is boggling right now.
The rest of the US financial system
...is gamed in pretty much the same way. So what's so special here...??? An admission of guilt from a feeble regulator nobody outside of Wall Street really understands. Plus, by admitting liability as a Government agency, it excuses them totally from any accountability, never mind a hint of firing!
Like the War on Drugs, which was a multi-billion-dollar multi-decade roaring success. Lets raise a glass to American Exceptionalism... Exceptionally good at ripping off the less fortunate and getting away with it... Because lets face it, if you're not a millionaire in America, YOU'RE A TOTAL LOSER!
The description of the vulnerable system as "the test filing component" suggests the possibility that business filers may have submitted genuine reports to a test system. That would put a significant part of the onus on them if the test system was very clearly identified as such and carried prominent warnings that it should be used only for test data. The public announcement was silent on that.
The announcement also was not comforting in stating that "it is believed the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk." They have known about this for months and by now should know the answers rather than believing what makes things look least bad.