Sign in / up

back to article Don't let hackers know Mandiant founder checks his email on an iPad. Oh.

Mandiant boss Kevin Mandia says he has cut back on email and only uses an iPad to check his inbox as he fends off counterattacks from hackers. In 2013, the company published a landmark report on the so-called APT1 espionage crew: the detailed dossier claimed Shanghai-based People's Liberation Army Unit 61398 had hacked and …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. g e
    Coat

    Security resaons

    Cos if it's the NSA doing it then it's the National SECURITY Agency therefore not economic by deniability/definition/whim/etc

    Mine's the one with the Noam Chomsky book in the pocket.

    0 0
  2. frank ly

    Just wondering ...

    "Data grabbed from the limo biz included names and addresses and credit numbers in a plain-text archive, ..."

    I thought that they weren't allowed to store credit card numbers, never mind in plain text?

    0 0
    1. regadpellagru
      Reply Icon

      Re: Just wondering ...

      "I thought that they weren't allowed to store credit card numbers, never mind in plain text?"

      Why would they not ? Any regulation ? Not.

      So, of course, everyone is doing it, and of course in clear because it's easy. Don't be fooled by the fact you see stars and no number in the portal, it's just a front-end illusion, it's all clear in the DB behind). I've seen only few exceptions around my decade long of online purchase, for services that connect to real banks instead.

      Just to name a few:

      - Amazon is storing your CC numbers

      - Steam as well

      - Paypal as well

      - 98 % of the french local online purchase sites

      That's why you must NEVER put in your real CC number, and rely on special secure payment like E-visa.

      0 0
      1. Oninoshiko
        Reply Icon

        Re: Just wondering ...

        Actually there is a regulation: it's called PCI DSS.

        Violation of it can result in increased transaction fees or (more likely) a suspension of your merchant account. (https://www.pcicomplianceguide.org/pci-faqs-2/#11)

        PCI DSS Does require that merchants not store the full CC number unencrypted. (https://www.pcicomplianceguide.org/pci-myths/#myth9)

        That said, just because it's the rules, doesn't mean it's followed.

        1 0
        1. The Mole
          Reply Icon

          Re: Just wondering ...

          For all we know the compromised server was storing the credit card numbers on an encrypted hard drive or encrypted database store. However if the data was extracted whilst the system was running this provides little protection against getting the unencypted view of that data. Afterall if the application needs access to the credit card numbers to function then encryption is only a minor hurdle - if the app has the key can decrypt them then so can attackers.

          1 0
  3. Anonymous Coward
    Anonymous Coward

    No, US hacking won't appear to come from the US. Duh.

    Mandiant "hadn't seen" any cyber-espionage activity that traced back to the United States

    Well, duh, they probably proxy via China - not only does that hide their activities, they can also blame them for being evil hackers and all.

    0 0
    1. Captain DaFt
      Reply Icon

      Re: No, US hacking won't appear to come from the US. Duh.

      Mandiant "hadn't seen" any cyber-espionage activity that traced back to the United States

      More like, he's seen no activity because they just ask for it and he has no recourse but to hand it over and keep mum.

      0 0
This topic is closed for new posts.