Penetration Testing mailing list archives
Fwd: Heartland Gets Religion on Security
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 18 Jun 2009 07:02:54 -0400
From the folks at Attrition and the DataLossDB.
---------- Forwarded message ---------- From: security curmudgeon <jericho () attrition org> Date: Jun 18, 2009 5:30 AM Subject: Heartland Gets Religion on Security To: dataloss-discuss () datalossdb org, dataloss () datalossdb org http://blogs.wsj.com/digits/2009/06/17/heartland-gets-religion-on-security/ By Ben Worthen Digits The Wall Street Journal June 17, 2009 Heartland Payment Systems CEO Bob Carr is an unlikely spokesman for tech security. But that's what he's emerging as. The credit-card processor suffered one of the largest data breaches ever disclosed last year. But rather than taking the time-honored approach of staying quiet and hoping that the negative publicity goes away, Carr is talking openly about what went wrong, the problems with the industry's security standards, and a new product his company developed to help merchants protect customer data. Heartland is the middleman in card purchases. When customers swipe their cards at stores, the data on them are transmitted to processors like Heartland, which passes them on to the banks that issued the cards. The company announced in January that a hacker had managed to gain access to this card information for the 100 million transactions it handles each month. Aside from the scale, the breach stood out from the hundreds of others reported each year because Heartland had recently passed a security audit. Carr says that one lesson he's learned from the breach is that the industry's security standard, called Payment Card Industry or PCI, doesn't go far enough. It's the "lowest common denominator," he says, adding that the audit didn't detect the vulnerability that led to the hack even though it had existed for years. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Fwd: Heartland Gets Religion on Security Jeffrey Walton (Jun 18)
- Re: Heartland Gets Religion on Security rajat swarup (Jun 20)
- Re: Heartland Gets Religion on Security Jeffrey Walton (Jun 20)
- Re: Heartland Gets Religion on Security security curmudgeon (Jun 20)
- Re: Heartland Gets Religion on Security Jeffrey Walton (Jun 20)
- Re: Heartland Gets Religion on Security rajat swarup (Jun 20)