Archives For Credit Card

In today’s WSJ investigators reveal some of the tactics used to compromise and bring down sites in last year’s conflict with Georgia.  They used stolen U.S. credit cards to fund these activities along with modified Microsoft applications to carry out the technical side of this attack!  Here are a few quotes – I’ve liked the entire story below.

  • Identity theft, social networking, and modifying commercial software are all common means of attack, but combining them elevates the attack method to a new level, said Amit Yoran, a former cybersecurity chief at the Department of Homeland Security.
  • The cyberattacks in August 2008 significantly disrupted Georgia’s communications capabilities, disabling 20 Web sites for more than a week. Among the sites taken down last year were those of the Georgian president and defense minister, as well as the National Bank of Georgia
  • “U.S. corporations and U.S. citizens need to understand that they can become pawns in a global cyberwar,”
  • Mr. Bumgarner traced the attacks back to 10 Web sites registered in Russia and Turkey. Nine of the sites were registered using identification and credit-card information stolen from Americans;

 

http://online.wsj.com/article/SB125046431841935299.html?mod=igoogle_wsj_gadgv1&

Advertisements

This week the PCI council has posted updates to implementing PCI compliance.  As a solution provider you should be aware of the 12 areas for PCI DSS compliance and the council’s recommended approach.  As you review this remember that Heartland was compliant, yet vulnerable.  PCI compliance does not mean a company is secure.  In fact you’ll notice that the end-node security requirements don’t necessarily stop computers from being part of P2P networks (note: we’re not saying it would be in compliance, but taking these steps won’t prevent it).  As a sales person selling high-tech solutions, you should know the 12 points if you call on anyone taking credit cards.  The first PDF link on the PCI council site explains the 12 steps, the excel sheet then elaborates on the recommended process.

https://www.pcisecuritystandards.org/education/prioritized.shtml