[ISN] Firm installs security after data loss

InfoSec News isn at c4i.org
Fri Jun 24 01:22:51 EDT 2005


http://www.theage.com.au/news/breaking/firm-installs-security-after-data-loss/2005/06/24/1119321882208.html

Tucson, Arizona
June 24, 2005 

The operations center for a credit card processing firm whose security
was breached by a hacker, exposing 40 million accounts to possible
fraud, has put new security software in place.

Marc Maiffret, a computer security specialist and co-founder of eEye
Digital Security of Aliso Viejo, California, said his firm installed
the security upgrade for Atlanta-based CardSystems Solutions'
operations center here on June 10.

On Friday, MasterCard International disclosed that 40 million credit
card accounts belonging to it and other companies were exposed to
possible fraud by a security breach at CardSystems Solutions'
operations centre here, the latest in a string of recent breaches at
financial institutions.

Maiffret told the Arizona Daily Star that the upgrade his firm sold
CardSystems Solutions was in place three days later. CardSystems may
have initiated other measures as well in response to the breach, he
added.

Calls to Maiffret and spokesmen for eEye Digital and CardSystems
Solutions were not returned immediately on Thursday.

CardSystems Solutions is among a large number of companies processing
financial transactions for credit card issuers that largely use
custom-made software applications not initially designed with security
components as their foremost need, Maiffret said.

In addition, such third-party companies frequently must contend with
budget constraints causing them to be stingy on computer security, he
said.

Those settings created favourable conditions for a skilled hacker to
manipulate his way through a computer program seeking vulnerabilities,
he added.

"There is really no standard for how all this financial information
gets pushed around, and all these companies push it around a little
differently," Maiffret told the Star.

"That means you also have all these little quirks and opportunities
for a hacker who has the time to find weaknesses."





More information about the ISN mailing list