Ethical Hacker Community Forums

Hackers strike again!


Full Story Below
http://news.yahoo.com/s/ap/20080805/ap_on_bi_ge/retailer_fraud_indictment (http://news.yahoo.com/s/ap/20080805/ap_on_bi_ge/retailer_fraud_indictment)

Damn those hackers!

And of course these businesses are in no way blamable for this having left their customers confidential details floating around on insecure networks...

It never ceases to amaze me about how sloppy companies can be with data. This was not an impressive hack from what I have been able to determine. In  some cases the wireless was totally open and not even protected with lousy wep! They just drove around business areas scanning for open access points networked with vulnerable computers! We need to be able to trust the security of our data and believe that those we  trust will make at least a small effort in protecting that.  I am not sure who is the worse criminal in this story.

Hasn't some sort of legislation been brought in since this happened specifying a minimum level of security for companies storing financial details? I'm sure I heard talk of that sort of thing. Still won't stop security breaches through general ineptitude, but should make things a little better.

There are a few things companies are supposed to be doing. Obviously there is the data protection act that mean companies should take due care to secure personal information. We also have PCI:DSS (Payment Card Industry : Data Security Standard) that specifically looks at ensuring a secure environment for the storage and processing of credit card data.

As we know there is no easy step when it comes to security, its good we have these requirements, but security is often seen as a like as opposed to a need.

Organisations are sadly very reactive when it comes to security, and will only spend when / if an issue occurs. Proactive security is the key, using a risk based approach to get the balance right.

Keeps us in a job anyway :D