On Jan 23, 5:35 am, Doug Mentohl <doug_ment...@xxxxxxxxxxxxx> wrote:
> Doug Mentohl wrote:
>
> Heartland Payment Systems was the victim of an unforseen malware attack
> that cannot be blamed on employee oversight, a company spokesman told
> SCMagazineUS.com on Thursday.
>
> "An extremely sophisticated bug got into our system .. It absolutely was
> in no way caused by anyone's lack of attention to [security] ..
>
> http://www.scmagazineus.com/Heartland-breach-blamed-on-extremely-soph...
>
> What kind of security system is it that can't detect malware or requires
> human attention in order to function ? And wasn't this 'sophisticated
> bug' precisely targeted to extract credit card data from your system.
>
> 'David Bergert .. said the data was likely lifted as it crossed "private
> lease lines," which are not required to be encrypted'
>
> This is bullshit Dave, and you well know it :)
>
> "But even if they were, cloaking these networks is difficult because of
> encryption format issues"
>
> This is technological nonsense Dave
>
> "Instead, other controls, such as firewalls and network segmentation,
> are recommended"
>
> You cannot be serious, relying on a firewall instead of is one of the
> dumbest things I ever heard ..
>
> "Service providers are a lot different than merchants in how they handle
> data," Bergert told SCMagazineUS.com on Thursday. "They're in the
> business of processing credit card details. There's a point in time
> where they need to send it in clear text to these other parties involved
> in the payment system."
>
> This is *total* hogwash Dave, end-to-end encryption of a channel is
> trivially easy to do, at least if you knew what you were doing ..
I looked up Heartland to try to find out more info on the breakin
incident. There are reports of how Heartland lied to people and
stiffed them for bills they owed them. Looks to me like a company
that cared about nothing except their profits. So no surprise if they
shortchanged security---why pay for some decent IT, as long as the
cash is flowing in? About what you'd expect from the credit card
industry.
|
|