Wednesday, August 19, 2009

Hacker charges also an indictment onPCI, expert says

Just posted to SearchSecurity ...

"The federal indictment this week of three men for their roles in the largest data security breach in U.S. history also serves as an indictment of sorts against the fraud conducted by PCI – placing the burden of security costs onto retailers and card processors when what is really needed is the payment card industry investing in a secure business process.

A federal grand jury has indicted Albert Gonzalez of Miami and two yet unnamed Russian hackers for their alleged roles in the Heartland Payment Systems Inc. and Hannaford Brothers Co. thefts of 130 million credit and debit card data, plus the 40 million credit cards grabbed from TJX.
SQL Injection still a major problem:
SQL Injection troubles firms, errors lead to breaches: Security experts see the secure software development lifecycle improving, but legacy applications and Web server flaws continue to offer a rich treasure trove for attackers.

Three indicted for Hannaford, Heartland data breaches: A grand jury has charged three men for their role in stealing more than 130 million credit and debit cards from Heartland Payment Systems and several other companies.The indictment makes for good reading, with references to SQL injection, distributed data collection servers, QA against major AV products and temporary messaging accounts to elude detection..."

No comments:

Post a Comment