Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Firm installs security after data loss

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Firm installs security after data loss
Date: Fri, 24 Jun 2005 00:22:51 -0500 (CDT) 
http://www.theage.com.au/news/breaking/firm-installs-security-after-data-loss/2005/06/24/1119321882208.html

Tucson, Arizona
June 24, 2005 

The operations center for a credit card processing firm whose security
was breached by a hacker, exposing 40 million accounts to possible
fraud, has put new security software in place.

Marc Maiffret, a computer security specialist and co-founder of eEye
Digital Security of Aliso Viejo, California, said his firm installed
the security upgrade for Atlanta-based CardSystems Solutions'
operations center here on June 10.

On Friday, MasterCard International disclosed that 40 million credit
card accounts belonging to it and other companies were exposed to
possible fraud by a security breach at CardSystems Solutions'
operations centre here, the latest in a string of recent breaches at
financial institutions.

Maiffret told the Arizona Daily Star that the upgrade his firm sold
CardSystems Solutions was in place three days later. CardSystems may
have initiated other measures as well in response to the breach, he
added.

Calls to Maiffret and spokesmen for eEye Digital and CardSystems
Solutions were not returned immediately on Thursday.

CardSystems Solutions is among a large number of companies processing
financial transactions for credit card issuers that largely use
custom-made software applications not initially designed with security
components as their foremost need, Maiffret said.

In addition, such third-party companies frequently must contend with
budget constraints causing them to be stingy on computer security, he
said.

Those settings created favourable conditions for a skilled hacker to
manipulate his way through a computer program seeking vulnerabilities,
he added.

"There is really no standard for how all this financial information
gets pushed around, and all these companies push it around a little
differently," Maiffret told the Star.

"That means you also have all these little quirks and opportunities
for a hacker who has the time to find weaknesses."



_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Firm installs security after data loss, InfoSec News <=
Previous by Date:  [ISN] Virus puts N-plant data on Net, InfoSec News
Next by Date:  [ISN] OIC Members Should Cooperate To Ensure Cyber Security, InfoSec News
Previous by Thread:  [ISN] Virus puts N-plant data on Net, InfoSec News
Next by Thread:  [ISN] OIC Members Should Cooperate To Ensure Cyber Security, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]