Posted on 01/21/2009 3:09:52 PM PST by xcamel
Just before Thanksgiving, I had to close our Visa and open a new one - someone charged a trip to Iceland on our account. We’re disputing the charge, of course.
The system was hacked by European hackers. They penetrated 39 firewalls to get into the system. A total of 50 credit card processors were hacked and Heartland is the only one to announce publicly. They were able to acces names and credit card numbers, but not pins, social security #s or merchant bank info. Heartland has shared their info with the other processors to help stop future attacks. And yes, it was a windows based system. I am still pissed.................red
That's like getting mad at Goodyear because someone broke into your car. After spending 20 years+ as a System Administrator I've come to the conclusion that the only perfectly safe network is a isolated network. I know of people that have hacked into some of the so called 'impenetrable' networks in the world which you will never hear about. If they want to hack you they will.
I should clarify - I am not pissed it was a windows based system - I am pissed that it happened and that my business financial info and my customer's info was compromised.
Computers really are the root of all evil.
That I can agree with. I’ve had my CC # stolen more then once and wished I could find the turds that did it and beat the crap out of them.
Which makes me believe the theft was more wide-scale than that, since Politicians and Corporate Muckymucks always downplay such bad news.
At the basic, you can buy a simple network encryption solution to cover all traffic. The devices take most of the load. Going higher end for app server access, you can beef up a Catalyst 6500 switch with SSL modules so that it can handle 10,000 SSL negotiations per second and a quarter-million concurrent connections, and your app servers take on no SSL load.
seems reasonable but if the sniffer is on a server that does little good..
We still know way to little about what happened to know where or what should be done..
Bookmark.
Just saying encryption doesn’t have to be slow, but it costs a pretty penny to make it fast. Basically if these guys blame the lack of encryption for the success of the sniffer, they’re really blaming themselves for putting profit ahead of security.
“Heartland Pres., Baldwin said sending all data unencrypted over their internal network is necessary “to get the authorization out”. I think what he means is that internal encryption would delay authorization by a second or two, and besides, it would cost money.”
Either that, or Heartland does not want to spend the money for their system to be upgraded to use the ability to encrypt and decipher the data.
To me it sounds like an inside job and I would be surprised if it isn't.
One other thing. If VISA and MC made the merchant give ID for the card, allot of this would be stopped. But since the merchant doesn’t care because there is no consequence to them for taking the bogus card, they could care less.
Don’t worry, that $.025 went straight into your new president’s election campaign.
Now he can say, hey, that’s not right, we need more control over these things as only the government can do.
I love my country but fear my government.
ping
Maybe this is how Obama will pay for Porkulus Maximus. A stealth tax.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.