“For the want of a nail the shoe was lost,
For the want of a shoe the horse was lost,
For the want of a horse the rider was lost,
For the want of a rider the battle was lost,
For the want of a battle the kingdom was lost,
And all for the want of a horseshoe-nail.”
For the want of a shoe the horse was lost,
For the want of a horse the rider was lost,
For the want of a rider the battle was lost,
For the want of a battle the kingdom was lost,
And all for the want of a horseshoe-nail.”
Benjamin Franklin.
This
weekend, follow up news to some of the week’s big stories and scandals.
Up
first Equifax, the growing scandal that will likely be with us for years and years. If
only Equifax had installed that patch, or hired a real security officer. Now
143 million victims are vulnerable for years and quite mad, to use some fine
old English understatement.
Will the CEO’s negligence end up costing Equifax
the firm?
“If debugging is the process of removing bugs, then programming
must be the process of putting them in.”
Anon.
09.14.17 01:27 pm
Equifax Officially Has No Excuse
Capping a week of incompetence, failures, and general shady behavior in responding to its massive data breach, Equifax has confirmed that attackers entered its system in mid-May through a web-application vulnerability that had a patch available in March. In other words, the credit-reporting giant had more than two months to take precautions that would have defended the personal data of 143 million people from being exposed. It didn't.As the security community processes the news and scrutinizes Equifax's cybersecurity posture, numerous doubts have surfaced about the organization's competence as a data steward. The company took six weeks to notify the public after finding out about the breach. Even then, the site that Equifax set up in response to address questions and offer free credit monitoring was itself riddled with vulnerabilities. And as security journalist Brian Krebs first reported, a web portal for handling credit-report disputes from customers in Argentina used the embarrassingly inadequate credentials of "admin/admin." Equifax took the platform down on Tuesday. But observers say the ongoing discoveries increasingly paint a picture of negligence—especially in Equifax's failure to protect itself against a known flaw with a ready fix.
A 'Relatively Easy' Hack
The vulnerability that attackers exploited to access Equifax's system was in the Apache Struts web-application software, a widely used enterprise platform. The Apache Software Foundation said in a statement on Saturday (when rumors swirled that the March Struts bug might be to blame) that, though it was sorry if attackers exploited a bug in its software to breach Equifax, it always recommends that users regularly patch and update their Apache Struts platforms. "Most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years," René Gielen, the vice president of Apache Struts, wrote.In this case, Equifax had ample opportunity to update.
"This vulnerability was disclosed back in March. There were clear and simple instructions of how to remedy the situation. The responsibility is then on companies to have procedures in place to follow such advice promptly," says Bas van Schaik, a product manager and researcher at Semmle, an analytics security firm. "The fact that Equifax was subsequently attacked in May means that Equifax did not follow that advice. Had they done so this breach would not have occurred."
----Equifax will suffer scrutiny and losses because of the breach, but the real victims are the individuals whose data was potentially compromised. And Equifax has particular responsibility to protect its consumer data, since much of it doesn't even come from customers who directly choose to do business with the firm, but surfaces instead from credit check requests for anyone living and working in the US. "I am concerned," Immunity's McGeorge says. "This is a thing that you use whether you realize it or not, because all commerce data goes through them. You do have a stake in this."
More
Equifax hired a music major as chief security officer and she has just retired
Published: Sept 15, 2017 8:04 p.m. ET
When Congress hauls in Equifax CEO Richard Smith to grill him, it can start
by asking why he put someone with degrees in music in charge of the company’s
data security.And then they might also ask him if anyone at the company has been involved in efforts to cover up Susan Mauldin’s lack of educational qualifications since the data breach became public.
It would be fascinating to hear Smith try to explain both of those extraordinary items.
If those events don’t put the final nails in his professional coffin, accountability in the U.S. is officially dead. And late Friday Equifax said both Mauldin and the company’s chief information officer have retired effective immediately.
Equifax “Chief Security Officer” Susan Mauldin has a bachelor’s degree and a master of fine arts degree in music composition from the University of Georgia. Her LinkedIn professional profile lists no education related to technology or security.
This is the person who was in charge of keeping your personal and financial data safe — and whose apparent failings have put 143 million of us at risk from identity theft and fraud. It was revealed this week that the massive data breach came due to a software vulnerability that was known about, and should have been patched, months earlier.
I emailed Equifax’s EFX, -3.81% multiple media relations people but have not heard back.
I was tipped off to this by a contact on Twitter. There has been very little coverage so far of Susan Mauldin’s background and training. Given the ongoing disaster of the hack and Equifax’s handling of the affair, the media spotlight has so far been elsewhere.
Reporting by a few tech-savvy blogs has found that as soon as the Equifax data breach became public, someone began to scrub the internet of information about Mauldin.
Her LinkedIn page was made private and her last name replaced with “M.” Two videos of interviews with Mauldin have been removed from YouTube. A podcast of an interview has also been taken down.
Unhappily for the scrubbers, the internet archives some material and a transcript of one interview has survived.
More
Up next hurricane news. Germany’s Munich Re takes a big hit.
In Florida one week on, almost two million, are still without electric power.
September is not a pleasant month in Florida, without electric power, and
Florida are only still about in the middle of hurricane season.
"In Hertford, Hereford, and Hampshire, hurricanes
hardly ever happen"
My Fair
Lady.
Insurance giant sounds alarm on Harvey and Irma
by Charles Riley @CRrileyCNNSeptember 14, 2017: 5:59 AM ET
Hurricanes Harvey and Irma have finally hit the insurance industry.
Germany's Munich Re, which protects insurance companies
against risks, has warned shareholders that losses from the storms will likely
result in a third quarter loss and could cause it to miss its 2017 profit
target of €2 billion ($2.4 billion) to €2.4 billion ($2.9 billion).
Harvey made landfall in late August, bringing catastrophic
floods to the area around Houston. Irma followed a short time later, battering
islands in the Caribbean before slamming into the Florida coast as a Category 4
storm.
"These
two events are expected to result in high insured losses, which the market and
Munich Re are unable to quantify at the moment," the company said in a
statement.
----Worried investors sent insurance stocks plunging in early September. But they rebounded when it became clear that Irma had not delivered a knockout blow to Florida, leading to initial damage estimates that were lower than feared.
Related: Irma and Harvey together will be as expensive as Hurricane Katrina
AIR Worldwide, a catastrophe analysis firm, predicts insured losses from Hurricane Irma will range from $20 billion to $40 billion.
Munich Re said it would be able to weather the storm.
"The business and risk strategy of Munich Re ensures that even after such severe natural catastrophes the Group has a sufficiently solid capital base to still be able to offer full reinsurance capacity to its clients," the company said.
The German company is one of the world's leading reinsurance groups alongside Swiss Re (SSREF) and Berkshire Hathaway. (BRKA)
Billions in Damage, 70 Dead in Irma's Wake; 'There’s Not a Single Living Person On the Island of Barbuda'
Sep 15 2017 06:45 PM EDT weather.com
Millions of people throughout the Caribbean, Florida and the southeastern
United States are trying to piece their lives back together after a nearly
two-week onslaught of destruction, death and terror from Hurricane Irma.On the Caribbean island of Barbuda, "the damage is complete," Ronald Sanders, Antigua and Barbuda’s ambassador to the U.S., told USA Today.
"For the first time in 300 years, there’s not a single living person on the island of Barbuda — a civilization that has existed on that island for over 300 years has now been extinguished."
President Donald Trump traveled to South Florida Thursday to survey the damage left behind by Hurricane Irma.
The president, who visited Naples and Fort Myers accompanied by wife Melania Trump, was quick to praise the rapid response of the recovery effort in the wake of the storm.
"I think we’re doing a good job in Florida," Trump said at an airport hangar in Naples, where he was joined by Vice President Mike Pence, Florida Gov. Rick Scott and other leaders. "We have been very, very fast and we had to be."
More than 80 percent of Floridians have gotten their power restored after Hurricane Irma roared through the state. State emergency managers reported Friday that just under 2 million homes and businesses still don't have electricity, down from 6.7 million at the height of the storm.
More
Tropical Storm Lee likely to form far from Florida
September 15 2017
A newly formed tropical depression is likely to develop into Tropical Storm Lee,
but it is not expected to be a threat, forecasters said Friday.Known as Tropical Depression 14, it is one of two weather systems that have emerged off the coast of Africa and are being monitored by the National Hurricane Center. Both are thousands of miles from South Florida.
“The most likely outcome is that TD 14 will become a tropical storm … but fail to intensify much further,” said Jeff Masters, co-founder and director of meteorology for the web site Weather Underground.
All this as Tropical Storm Jose once again morphed into a hurricane and continues to circle in the Atlantic.
As of an 11 p.m. advisory, Hurricane Jose had sustained winds of 80 mph and was moving toward North Carolina at 9 mph.
A high-pressure system building northeast of the hurricane will steer it to the northwest and then north over the weekend, putting Jose a few hundred miles east of North Carolina’s Outer Banks on Monday and then close to the coast of southeast Massachusetts on Wednesday, Masters said.
These developments are a reminder that as Florida tries to rebound from Irma, hurricane season is not over.
More
In Quantitative
Tightening news, the Old Lady of Threadneedle Street hints at a November
interest rate hike. A massive multi-decade debt bubble approaches its pin.
UK interest rates stay at 0.25% but Bank of England hints rise is looming
Pounds jumps 1% as governor says Bank is ‘beginning to shift’ on when to raise rates, with a rise possible ‘in coming months’ to stem inflation
Thursday 14 September 2017 18.59 BST
The Bank of England has raised the prospect of an interest rate rise as early as November, in an attempt to relieve the squeeze on living standards from surging prices and sluggish wage growth.
On Thursday, Threadneedle Street left interest rates at their record low of 0.25% amid fears over Brexit, but dropped a heavy hint that the first increase in the cost of borrowing for a decade may come sooner than expected if the economy continues to strengthen.
Financial markets now suggest there is a 42% chance of a rate increase in November, up from just 18% a week ago. The odds on a December rise are now 54%.
The squeeze on households and a strengthening economy mean “some withdrawal of monetary stimulus was likely to be appropriate over the coming months”, the Bank said. It added that a majority of the interest rate setting committee agreed with that assessment, and the governor, Mark Carney, later confirmed that he shared the majority view.
The pound jumped more than 1% against the dollar and the euro as the financial markets digested the impact of the comments. Such strong hints on likely rate changes are not usual.
More
In energy news, wind and solar have gone mainstream, and are
the future of most electric energy production in the rest of the 21st
century.
GE Unveils a Bigger, Better Onshore Turbine Aimed at European Customers
It’s a rare 4-megawatt onshore machine. But it probably won’t be rare for long.General Electric’s latest turbine release reaffirms the wind industry’s leading trend: the bigger the turbine, the better.
On Tuesday the company unveiled its 4.8-megawatt turbine, with a rotor diameter of 158 meters, the length of a Boeing 747. The turbine will be among the largest on the market, but likely not for long.
“This is a much larger turbine than what’s typically out there,” said Aaron Barr, a senior consultant with MAKE Consulting. “This new class of 4-megawatt turbines has really just hit the market over the last year-and-a-half, and they’re so new that very few of them have been prototyped to date, but every turbine manufacturer is rushing toward this space.”
The play by GE could make the manufacturer more competitive in the European market, where limited and expensive space for wind farms means bigger turbines are advantageous.
As shown in the chart below from MAKE's global trends report, the European market’s average turbine is expected to climb past 3 megawatts by 2024.
“The European market is quickly racing toward this 4-megawatt installment,” said Barr. “This move to introduce the new larger turbine size is clearly aimed at trying to increase their market share in the European market.”
According to MAKE, GE ranked second in the world for onshore wind in 2016, with 12.7 percent market share. But GE held only 8 percent of market share in Europe, coming in sixth place. Barr said about 80 to 90 percent of GE’s current onshore installs are in the 2-megawatt class. With this innovation, the company could change that.
The announcement comes on the first day of the HUSUM Wind conference in Hamburg, where MAKE expects other platform announcements from competitors like Nordex and Intercon. All are hoping for a larger slice of the blossoming wind market in Europe.
----As turbines get bigger and blades get longer, turbines can produce more energy at lower costs. An August report from MAKE showed turbine sizes steadily climbing globally.
In 2010, 40 percent of onshore turbines were 2 megawatts or more. In 2016, that figure reached 90 percent.
More
Low UK Offshore Wind Prices Rattle Incumbents: ‘People Are Trying to Put Their Jaws Back in Place’
The wind industry puts nuclear and gas on the defensive.U.K. nuclear and gas generators have been put on alert after offshore wind showed it could beat them on price this week.
“Today’s results mean that both onshore and offshore wind are cheaper than gas and nuclear,” said Hugh McNeal, chief executive of the U.K. renewable energy trade association RenewableUK, following the outcome of competitive auctions, which yielded record-low prices.
Two offshore wind projects, Hornsea 2 and Moray, emerged with a price of just £57.50 (USD $76.34) per megawatt-hour, while a third, Triton Knoll, came in at £74.75 ($99.22).
The prices, down by as much as 51 percent compared to the average in the U.K.’s last subsidy round in 2015, were cheaper than the levelized cost of gas, based on figures from the U.K. Department of Business, Energy and Industrial Strategy (BEIS), RenewableUK said in a statement.
They also undercut the cost of new nuclear power, which in the U.K. is pegged at £92.50 ($122.75) per megawatt-hour under a "contracts for difference" agreement for Hinkley Point C, a 3.2-gigawatt nuclear project planned for the southwest of the country.
“The cost to the U.K. taxpayer of subsidizing offshore [wind farms] has plummeted by more than 50 percent and is now well below the price the government has guaranteed to the developers of the contentious Hinkley Point nuclear power plant in Somerset,” wrote the Financial Times.
More
Mosaic Will Sell $300 Million Worth of Solar Loans to Goldman Sachs
Solar loan provider Mosaic reached an agreement with Goldman Sachs in which the bank will buy $300 million in loans over time.This deal will clear up space on Mosaic's balance sheet to finance more loans, and signals a prestigious bank's willingness to buy and own solar loans for itself.
Mosaic this week also finalized a partnership with Wave Solar to give Mosaic's dealer partners a pre-negotiated discount on the lead-generation platform. That service tracks and analyzes interactions with customers, potentially giving long-tail installers more resources to pursue their sales.
Banks have the lowest cost of funds, making them an ideal partner for loan sales, said Amir Friedman, vice president of bank partnerships. However, that money comes with stringent requirements in terms of compliance and information security.
"To be a lender to a bank, the bar is very high," Friedman said. "We were able to meet all of [Goldman Sachs'] vendor requirements and get them satisfied and purchasing from Mosaic."
That rounds out Mosaic's tool belt for ways to finance loans.
----Mosaic issued a $139 million asset-backed securitization in February comprising 6,000 projects, which was oversubscribed, indicating market demand for such securities.
In the newly announced deal, Goldman Sachs will purchase the loans with its own balance sheet, Friedman noted.
"These are assets that they really want to hold and are comfortable holding," he said. "Once banks see we were able to get a bank comfortable with our compliance, other banks are taking interest."
For Mosaic, the bank deal could serve as a differentiator that other competitors don't have. The company ranked first for solar loan provider market share in 2016, followed by GreenSky Credit and Enerbank, according to GTM Research's April U.S. Residential Solar Update.
More
"Windows
Vista: It's like upgrading from Bill Clinton to George W. Bush."
Anon.
No comments:
Post a Comment