BreachExchange mailing list archives
fringe: RBS Wordpay Hacked - can anyone confirm data loss?
From: security curmudgeon <jericho () attrition org>
Date: Sat, 12 Sep 2009 17:35:04 +0000 (UTC)
[And so we start the he said / she said game. Why does this feel like after months of pressure, RBS may admit "could have been compromised" or alters the wording significantly away from "nothing bad happened"? Second link has screenshots of the attack.] http://www.theregister.co.uk/2009/09/11/rbs_worldpay_security_snafu/ RBS WorldPay downplays database hack reports 'No access to either merchant or cardholder accounts' By John Leyden Updated RBS WorldPay and a hacker are at loggerheads over the seriousness of a supposed breach on websites run by the payment processing firm. Security shortcomings - since blocked - on RBS WorldPay website exposed confidential information, including admin passwords and the contact details of partners, according to blog posts by Romanian hacker Unu. The grey-hat hacker previously exposed similar problems on the websites of the UK parliament and HSBC France, among many others. As before he published screenshots to back up his latest claims. [..] http://unu1234567.baywords.com/2009/09/10/rbs-wordpay-hacked-full-database-acces/ RBS WordPay hacked, full database acces I DID AN UPDATE RBS WordPay is a business operated by The Royal Bank of Scotland Group.RBS WorldPay processes millions of payments every day, for every type of business: securely and quickly. Online, face-to-face and over the phone, our customers can accept every major card as well as bank transfers, direct debits and a wide range of local cards. Online payments.Accept credit and debit card payments over the internet. worldpay says on its page. Quickly? Maybe. Securely? Not really. A vulnerable parameter allows full access to databases on server. She have many databases. I made 2 print screens to see almost everything: [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- fringe: RBS Wordpay Hacked - can anyone confirm data loss? security curmudgeon (Sep 12)