Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ISN] Credit Data Firm Might Close

from [InfoSec News] Network Security [Permanent Link]
Subject: Re: [ISN] Credit Data Firm Might Close
Date: Mon, 25 Jul 2005 03:21:54 -0500 (CDT) 
Forwarded from: security curmudgeon <jericho@attrition.org>

Everyone grab their violins..

: 
http://www.washingtonpost.com/wp-dyn/content/article/2005/07/21/AR2005072102465.html
: 
: By Jonathan Krim
: Washington Post Staff Writer
: July 22, 2005
: 
: The head of a payment processing firm that was infiltrated by computer 
: hackers, exposing as many as 40 million credit card holders to possible 
: fraud, told Congress yesterday that his company is "facing imminent 
: extinction" because of its disclosure of the breach and industry's 
: reaction to it.
: 
: "As a result of coming forward, we are being driven out of business,"  
: John M. Perry, chief executive of CardSystems Solutions Inc., told a 
: House Financial Services Committee subcommittee considering 
: data-protection legislation. He said that if his firm is forced to shut 
: down, other financial companies will think twice about disclosing such 
: attacks.

Hi Mr. Perry. I'm California law. I *require* you to come forward over
such a breach. You don't have a choice, you were not being altruistic,
you were not being overly ethical. You were following the laws.

: Perry called the decisions by Visa and American Express draconian and 
: said that unless Visa reconsiders, CardSystems would close and put 115 
: people out of work. 

: While Perry said his company is doing everything it can to ensure that 
: such a breach never occurs again, Visa said it could not overlook that 
: CardSystems knowingly violated contractual requirements for how long 
: credit card data were supposed to be stored and how they were secured.

CardSystems signed a contract with Visa saying that data would meet
certain technical security specifications, and that it would adhere to
a policy regarding data retention. This compromise shows that *both*
failed, and Visa is not happy with CardSystems breaking said contract.
This is business 101 folks. I feel bad about most of the employees
that will lose their jobs, but CardSystems failed them and they are
paying the price. As a Visa and AmEx card holder, I am quite happy.

: Neither Perry nor representatives of the major credit card companies 
: could explain at the hearing why an audit of CardSystems in 2003 did not 
: address its computer vulnerabilities or its practice of retaining some 
: data for research purposes.

Hope it leaks out which security firm did this audit!



_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ISN] Inside Windows IT Security UPDATE -- July 22, 2005, InfoSec News
Next by Date:  [ISN] UK police chiefs seek powers to attack terror web sites, InfoSec News
Previous by Thread:  [ISN] Credit Data Firm Might Close, InfoSec News
Next by Thread:  Re: [ISN] Credit Data Firm Might Close, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]