Sign In
Register
Help
For the record...I have little respect for First Data's security posture either...
Heartland has No Heart for Violated Customers
MultiQuote
#42
dragon69 
- Advanced Member
-
- Group: Members
- Posts: 361
- Joined: 03-February 07
- Location:SK. Canada
Posted 23 January 2009 - 03:37 PM
boston2boulder 1 point you missed was why did it take so long for your security to notice it ! is your security lacking ? as i think if you were running the better software and newer hardware then your security should be able to catch stuff like this sooner !
what is wrong with you're security that it took so long to finds something like ?
and i believe it was you're responsibility to protect you're customers !
good luck and take care
what is wrong with you're security that it took so long to finds something like ?
and i believe it was you're responsibility to protect you're customers !
good luck and take care
#43
richmullikin
- Newbie
-
- Group: Members
- Posts: 1
- Joined: 26-January 09
Posted 26 January 2009 - 12:06 PM
Voltage comments correctly that a technology solution based on Identity-Based Encryption (IBE) and Format-Preserving Encryption (FPE) definitely eliminates this type of threat. Someone snooping traffic between the Processor and an upstream clearer would have seen only encrypted data. This innovative encryption approach obviates the need to overhaul existing system formats, and IBE provides an elegant federated security model that matches the existing processing architecture. More details at http://superconducto...ata-breach.html
#44
boston2boulder
- Member
-
- Group: Members
- Posts: 25
- Joined: 21-January 09
Posted 26 January 2009 - 01:23 PM
Thank yo for a great posting (really) that helped me better understand the problem, and (what a concept!) provide solutions.
Two questions:
(1) Was this technology readily available during the HPS breach?
(2) Who is more secure, the HPS card users who now have a hacker who knows thier credit card number, but nothing else..., or you? Is that you listed on Linked In as a principal at Principal at
Mullikin Communications (Sole Proprietorship) in San Francisco. Interestingly, there is a person with the same name and exact background as you at Communication Strategy Group, One Hewitt Square, Suite 236, East Northport, NY 11731, 1-866-997-2424. If I wanted to take this joke on step further (one step too far) I could call them and see if the Rich Mullikin in San Francisco is really (as listed in thier team page) an account executive. If so, getting your telephone number might be sort of easy.
Once having that, I suppose I could create a g mail account with the name richmukkikin@gmail.com .It is available!!!!! (Once again, to not take this too far, I did not actually grab it...but I could.
So, since I work at the Starbucks across the street from you (how do you think I get so many numbers???) I get your credit card number, expiration, CVV and by asking for a driver's license...your address, date of birth and license number. Did I mention my photographic memory???
Well then, time to go shopping! I think some gold coins from EBay might be a good start! And a new computer. An widescreen (Superbowl and all) And ETC.
So, here we are Rich. On the internet...lecturing Heartland Payment Systems about advanced security solutions.
I am weeping from laughing so hard.
Wow.
What a world we live in.
Two questions:
(1) Was this technology readily available during the HPS breach?
(2) Who is more secure, the HPS card users who now have a hacker who knows thier credit card number, but nothing else..., or you? Is that you listed on Linked In as a principal at Principal at
Mullikin Communications (Sole Proprietorship) in San Francisco. Interestingly, there is a person with the same name and exact background as you at Communication Strategy Group, One Hewitt Square, Suite 236, East Northport, NY 11731, 1-866-997-2424. If I wanted to take this joke on step further (one step too far) I could call them and see if the Rich Mullikin in San Francisco is really (as listed in thier team page) an account executive. If so, getting your telephone number might be sort of easy.
Once having that, I suppose I could create a g mail account with the name richmukkikin@gmail.com .It is available!!!!! (Once again, to not take this too far, I did not actually grab it...but I could.
So, since I work at the Starbucks across the street from you (how do you think I get so many numbers???) I get your credit card number, expiration, CVV and by asking for a driver's license...your address, date of birth and license number. Did I mention my photographic memory???
Well then, time to go shopping! I think some gold coins from EBay might be a good start! And a new computer. An widescreen (Superbowl and all) And ETC.
So, here we are Rich. On the internet...lecturing Heartland Payment Systems about advanced security solutions.
I am weeping from laughing so hard.
Wow.
What a world we live in.
#46
boston2boulder
- Member
-
- Group: Members
- Posts: 25
- Joined: 21-January 09
Posted 26 January 2009 - 02:28 PM
I am really starting to get tech minds. You are so lost in bits and bytes you miss the point and overlook facts. You have no evidence that more than card numbers were lost. You choose to assume HPS is lying in thier press releases (which would be moronic, since being caught in a lie is always worse than the problem. Call Bill Clinton if you doubt this.)
RUSecure obviously is the expert on this. I guess. I mean, I do not know who he works for, or who is clients are / were. I do not know if he recommends Microsoft back office solutions, which are consistently hacked (see news today, talk about no security! If you want personal / corporate data, go to the source! The very computers they use!)
My point? Rich comes off as a security expert, and I already know way too much. You may not like to hear it, but it is true. Using your real name on a blog is...wait, you are the security expert...
a) The best possible ID security
b) Questionable ID security
c) Not real ID security
d) Just plain stupid for a "security expert.
Sooooooooooooooooooooooo, since you have all the answers, answer this. Who do you work for? Ever been hacked (that you know of, which is sort of the rub, eh?)
RUSecure obviously is the expert on this. I guess. I mean, I do not know who he works for, or who is clients are / were. I do not know if he recommends Microsoft back office solutions, which are consistently hacked (see news today, talk about no security! If you want personal / corporate data, go to the source! The very computers they use!)
My point? Rich comes off as a security expert, and I already know way too much. You may not like to hear it, but it is true. Using your real name on a blog is...wait, you are the security expert...
a) The best possible ID security
b) Questionable ID security
c) Not real ID security
d) Just plain stupid for a "security expert.
Sooooooooooooooooooooooo, since you have all the answers, answer this. Who do you work for? Ever been hacked (that you know of, which is sort of the rub, eh?)
#47
dragon69
- Advanced Member
-
- Group: Members
- Posts: 361
- Joined: 03-February 07
- Location:SK. Canada
Posted 26 January 2009 - 02:36 PM
boston2boulder are you treathening to hack him . . that is illegal in my country!!! even stalking is illegal weather it is in person or on the internet!!
your comment could be used against you if he does get hacked even if it is not from you
becareful what you type
good luck and take care
your comment could be used against you if he does get hacked even if it is not from you
becareful what you type
good luck and take care
#48
boston2boulder
- Member
-
- Group: Members
- Posts: 25
- Joined: 21-January 09
Posted 26 January 2009 - 02:40 PM
MAC Attack?
Finally. A MAC virus that steals personal information. I was wondering when they would catch up to Microsoft. Oh, by the way....those "secure" Mac Point of Sale computers at your local health club.
Toast...
(Following pasted article may be full of code and go on forever like Word pasted text, since the geniuses at PC World can not write code to fix this. Apologies if it comes out a mess...)
Following on the heels of last week's announcement
of a trojan horse being installed as part of some pirated copies of
iWork '09 for the Mac being distributed on peer-to-peer file sharing
services comes another announcement that a trojan has also been identified in pirated versions of Adobe Photoshop CS4 for the Mac.
No word yet on whether the new Photoshop trojan was created by the same
people who created the iWork trojan that was used to launch DDoS
attacks.
It is important to note that these trojans do not attempt to infect
other computers, rather they stay resident on the local machine. Since
the trojans run as root, it is possible that once it has been installed
it could be used to affect other applications. Since these trojans
also have a phone home component it could (not confirmed) be used for
information theft as well.
Trojans being distributed via applications shared through peer-to-peer
file sharing services are nothing new in the PC world, but have
recently been garnering more attention for Macs as Apple's computers
have been gaining market share.
The Mac fallacy of invulnerability is being challenged more frequently
now. It looks like Apple has finally gained enough penetration into
the computer market that cyber criminals are targeting them and their
users with more regularity. This is a trend that will certainly
continue especially if you consider the number of Mac users who have
resisted purchasing security software in the past.
Finally. A MAC virus that steals personal information. I was wondering when they would catch up to Microsoft. Oh, by the way....those "secure" Mac Point of Sale computers at your local health club.
Toast...
(Following pasted article may be full of code and go on forever like Word pasted text, since the geniuses at PC World can not write code to fix this. Apologies if it comes out a mess...)
Following on the heels of last week's announcement
of a trojan horse being installed as part of some pirated copies of
iWork '09 for the Mac being distributed on peer-to-peer file sharing
services comes another announcement that a trojan has also been identified in pirated versions of Adobe Photoshop CS4 for the Mac.
No word yet on whether the new Photoshop trojan was created by the same
people who created the iWork trojan that was used to launch DDoS
attacks.
It is important to note that these trojans do not attempt to infect
other computers, rather they stay resident on the local machine. Since
the trojans run as root, it is possible that once it has been installed
it could be used to affect other applications. Since these trojans
also have a phone home component it could (not confirmed) be used for
information theft as well.
Trojans being distributed via applications shared through peer-to-peer
file sharing services are nothing new in the PC world, but have
recently been garnering more attention for Macs as Apple's computers
have been gaining market share.
The Mac fallacy of invulnerability is being challenged more frequently
now. It looks like Apple has finally gained enough penetration into
the computer market that cyber criminals are targeting them and their
users with more regularity. This is a trend that will certainly
continue especially if you consider the number of Mac users who have
resisted purchasing security software in the past.
#49
boston2boulder
- Member
-
- Group: Members
- Posts: 25
- Joined: 21-January 09
Posted 26 January 2009 - 02:52 PM
Dragon69...
Why so touchy? Rich is a security expert with all the latest technology. If he is not safe, who is?
Do you beleive he is less safe becuse he of his own free will publically posts his identity?
By the way, you said in "(your) county." I am curious, what country do you live in that limits free speach?
Why so touchy? Rich is a security expert with all the latest technology. If he is not safe, who is?
Do you beleive he is less safe becuse he of his own free will publically posts his identity?
By the way, you said in "(your) county." I am curious, what country do you live in that limits free speach?
#50
dragon69
- Advanced Member
-
- Group: Members
- Posts: 361
- Joined: 03-February 07
- Location:SK. Canada
Posted 26 January 2009 - 03:24 PM
my country has free speech but threats are not counted under free speech
remember the notifications from pc world sends a record with every notification so anyone can keep track of these comments
good luck and take care
remember the notifications from pc world sends a record with every notification so anyone can keep track of these comments
good luck and take care
#51
boston2boulder
- Member
-
- Group: Members
- Posts: 25
- Joined: 21-January 09
Posted 26 January 2009 - 03:47 PM
Dear Dragon69
Thank you for underlining my point. You have no idea what you are talking about, yet still wade in with your opinions.
There is a chance you have trouble with English since we still do not know your counrty. (Why can't you people answer easy questions?)
I have not threatened anyone, except those paranoid voices in your head.
Goodbye. Thanks for the entertainment.
You all make me laugh. Really.
Now I know why they call you nerds.
Thank you for underlining my point. You have no idea what you are talking about, yet still wade in with your opinions.
There is a chance you have trouble with English since we still do not know your counrty. (Why can't you people answer easy questions?)
I have not threatened anyone, except those paranoid voices in your head.
Goodbye. Thanks for the entertainment.
You all make me laugh. Really.
Now I know why they call you nerds.
#52
denijane
- Newbie
-
- Group: Members
- Posts: 1
- Joined: 27-January 09
Posted 27 January 2009 - 12:38 PM
I checked out the website mentioned in this press release, www.2008breach.com. In the FAQ section of that site, cardholders wanting to know if their accounts have been misued are again advised to carefully examine monthly card statements and immediately report suspicious activity to the issuing bank. (Sound advice, to be sure, but cardholders should be doing that as a matter of course.)
The FAQ section also gives contact info: 866.399.6228 or email [2008breach@e-hps.com]. I will be contacting them to find out if my accounts have been affected.
The FAQ section also gives contact info: 866.399.6228 or email [2008breach@e-hps.com]. I will be contacting them to find out if my accounts have been affected.
#53
lpk48
- Newbie
-
- Group: Members
- Posts: 5
- Joined: 12-April 07
Posted 27 January 2009 - 02:01 PM
OK so if credit card theives test the waters by posting a charge of a dollar or less, why not flag those items? After all, does anyone charge or debit in such small amounts? Seems pretty simplistic to me. It must be common for them to check the account like that because I have read many reports stating that.
#54
nx1701
- Member
-
- Group: Members
- Posts: 41
- Joined: 04-August 07
Posted 27 January 2009 - 02:07 PM
I very rarely carry cash, and there have been several times I've used my debit card to make a purchase of even less than a $1.00! I realize that carrying and using cash may be safer than using a debit card, if someone were to get your card info, but I have NEVER had a problem operating in this manner since I got my 1st debit card way back in 1994 (and I've made MANY online purchases using my debit card during that time)!
