Heartland Payment Systems - a payments processor that serves more than 250,000 US businesses - warned consumers Tuesday that their card data may have been compromised following a security breach of the company's payment system. The Princeton, New Jersey firm said forensic investigators discovered malicious software on its …
FTA: "Heartland is deeply committed to maintaining the security of cardholder data, and we will continue doing everything reasonably possible to achieve this objective."
Apparently, their definition of "everything reasonably possible" doesn't include anti-malware scans or software like Tripwire.
Someone should be asking themselves if this is any way to run a financial business.
//Paris -- because like Heartland's credit card info, she's available to all
Top notch sniffer
or just average dumb executive watching pr0n on work laptop.
I'd like to know passed the PR BS.
Kudos to Heartland Payment Systems
As a consultant in the payments industry, I keep updated as much as possible on such things. I have to give congratulations to Heartland Payment Systems, though likely rocked as the victims of a cyber-fraud attack, for maintaining a full-disclosure posture--congruent with the integrity the company has earned in the industry over the years.
How did they get past their defenses?
How did they get past their defenses? They were defending from Windows, that's how! It's unfortunate that so many businesses saddle their users (and those businesses' users) with inconvenience caused by trying to run a secure installation with an insecure operating system. I feel sorry for the end users having to change credit card numbers or bank accounts because of this, but it should serve as a lesson to other businesses -- if you want to be safe, get off Windows.
As great a fan I am of Linux (I got into trouble at work for passing out a free Kubuntu install CD with every Windows Vista computer I sold), the sad truth is that if Linux were as well-used as Windows, it would be as popular of a target; and while it's a lot more open (pun not intended) as far as allowing independent researchers to look for holes that need closing, there's no guarantee that Linux computers wouldn't suffer from a PBCAK for lack of updating.
"As great a fan I am of Linux...the sad truth is that if Linux were as well-used as Windows, it would be as popular of a target"
This, of course, is the standard Microshaft line and, like all such, it's crap. The *nixes are inherently more secure than Windwoes ever will be, not because they're unpopular, but because of their architecture. If you're not a paid Microshaft shill, you should understand that. You can rest easy - nothing is 100% secure, but don't fall for the FUD.
All your cards
are belong to us!
"(I got into trouble at work for passing out a free Kubuntu install CD with every Windows Vista computer I sold),"
And so you should!
After all, Gnome is clearly superior to KDE.
Rather juvenile - as soon as anyone posts anything vaguely non-anti-microsoft, the shill accusations start.
This OS wars shite is no more meangingful or sensible than arguing over the relative merits of Star Wars and Star Trek, and I'd be willing to bet a considerable sum that there's a considerable overlap between the overgrown little boys who fight the one war and the overgrown little boys who fight the other one.
Even if you had a good point, you stop people taking notice of what you have to say by name calling. I gave up name calling when I was a child.
The architecture point is valid
Not wanting to prolong or evoke further shots fired, I will confirm as correct the poster who stated that Linux is secure not via obscurity but by the way the file system is designed. Now, You can't fix stupid...if you send me a script and tell me that it's the winning lottery numbers for next week (and oh please do change the permissions to execute) and I do it, then all the protection in the world isn't going to help me. Here is where the difference in Linux and Windows comes into play. In Windows, most usually, whatever malware or virus/trojan/havoc is in the payload will deploy to the users address book, chat addresses, etc and go forth doing it's dirty work. In Linux, the damage stays local...the way it should be.
The only one harmed is the idiot who opened it.
Why do you think the Battle-Readiness Group for the US Army and most of Wall Street switched to Linux on server and desktop alike? When queried why the BRG wouldn't be renewing their licenses, the Procurement Officer stated it curtly.
"When your computer crashes, you are inconvenienced, when my computers crash, good men die.
That's why the BRG switched to Linux.