Doug Mentohl wrote:
Heartland Payment Systems was the victim of an unforseen malware attack
that cannot be blamed on employee oversight, a company spokesman told
SCMagazineUS.com on Thursday.
"An extremely sophisticated bug got into our system .. It absolutely was
in no way caused by anyone's lack of attention to [security] ..
http://www.scmagazineus.com/Heartland-breach-blamed-on-extremely-sophisticated-malware/article/126290/
What kind of security system is it that can't detect malware or requires
human attention in order to function ? And wasn't this 'sophisticated
bug' precisely targeted to extract credit card data from your system.
'David Bergert .. said the data was likely lifted as it crossed "private
lease lines," which are not required to be encrypted'
This is bullshit Dave, and you well know it :)
"But even if they were, cloaking these networks is difficult because of
encryption format issues"
This is technological nonsense Dave
"Instead, other controls, such as firewalls and network segmentation,
are recommended"
You cannot be serious, relying on a firewall instead of is one of the
dumbest things I ever heard ..
"Service providers are a lot different than merchants in how they handle
data," Bergert told SCMagazineUS.com on Thursday. "They're in the
business of processing credit card details. There's a point in time
where they need to send it in clear text to these other parties involved
in the payment system."
This is *total* hogwash Dave, end-to-end encryption of a channel is
trivially easy to do, at least if you knew what you were doing ..
|
|
