Microsoft Outlook Support

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Thursday, 23 December 2010

CitySights card hack could generate PCI DSS fallout

Posted on 10:43 by Unknown

CitySights card hack could generate PCI DSS fallout says Imperva

23rd January 2010 - Reports that the Web site of a New York-based tour firm has been hacked and around 110,000 bank card details lifted by hackers may have repercussions for the company on the PCI DSS front, says Imperva.

According to Amichai Shulman, chief technology officer with the data security specialist, the hack itself occurred via a SQL Injection attack. In such an attack, the hacker gains illegal access to information in the database. As media reports have shown, the hacker launched the attack on September 26 over a 3 week period obtaining over 100K credit card details including the account number, expiration date, CVV2, and other personal identifying information such as home and email addresses. Shulman’s team had investigated this attack, and what they found was an Indonesian hacker’s blog listing numerous websites vulnerable to attack, including the site of CitySights. Interestingly enough, the blog’s entry was dated September 9th – more than two weeks prior to the initial attack campaign.

While this case clearly illustrates the security misgivings the company suffered from, CitySights may also be in breach of the PCI DSS industry regulation. The PCI regulation, mandated by major credit-card processing companies such as Visa and Mastercard, defines the required security controls to be placed on the storage and processing of credit cards. The PCI regulation includes specific requirements in regards to the storage of unencrypted credit card data as well as prohibiting the storage of sensitive authentication data (CVV2) all together.

Since the hacker was able to gain access to this data, “may indicate that the firm’s data security practices are not aligned with PCI DSS requirements”, Shulman proceeds to say.

The tour company had offered a 50% discount voucher to its affected customers. Ironically enough, Shulman says, they posted the discount code online, making it in short available for anyone.

For more on the CitySights card database hack: http://bit.ly/fYK8Ro

For more on Imperva: www.imperva.com

Source: Eskenzi PR

This press release is presented without editing for your information only.

Full Disclosure Statement: The ICT REVIEW received no compensation for any component of this article.

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Open Source Software in Business & Government
    by Michael Smith (Veshengro) Lots of Open Source in use in mainland Europe, including EU member states, very little in the UK and less still...
  • DDoS-Attacks disable many shopping websites, including Amazon
    Just in time for last minute Christmas shopping major shopping sites disabled by Michael Smith (Veshengro) London, December 26, 2009: An...
  • Cyber-Ark Expands RSA Secured Partner Program Certification Status
    Cyber-Ark Privileged Identity Management Suite, Inter-Business Vault and Sensitive Document Vault Now Formally Interoperable with RSA enVisi...
  • Infosecurity Adviser applauds forensics lab training facilities at key UK university
    London, UK. May 2009: Infosecurity Adviser, Infosecurity Europe’s online community for the information security industry, has published a r...
  • Scientific company discusses simultaneously protecting applications and data
    Simultaneously protecting applications and data: The next evolution in security? September 2009 (Eskenzi PR) – In a recent Imperva podcast...
  • TUFIN TECHNOLOGIES WINS the PRESTIGIOUS 2010 Computing Security Award for ‘Best bench tested solution of the Year’
    Network Computing and Computing Security Magazine Editors Select Tufin’s SecureChange Workflow as the Top Product Reviewed in 2010 Londo...
  • Brocade Service Could Help Reduce Billions in Data Centre Operations Costs
    New Energy Efficiency Review provides holistic assessment and remedial strategies to help companies optimise efficiency and reduce costs Ene...
  • Tufin survey reveals the truth about fudging audits, IT cost cutting and buying equipment online
    Ramat Gan, Israel – May 27, 2009 – Tufin Technologies today announced the results of its “Reality Bytes” security survey. The survey parti...
  • Infosecurity Europe 2011 Hall of Fame nominations now open
    London UK, February  2011 – The time is ripe to elevate the greatest movers and shakers in the world of information security as nominations ...
  • ISACA’s EuroCACS Conference Demystifies the Cloud
    Event for IT Professionals Will Take Place 20-23 March, Manchester London, England, (8 th March 2011)— Global business and information ...

Categories

  • ASUS
  • AVG Link Scanner
  • BeCrypt
  • book review
  • Brocade
  • Codenomicon
  • Columbian USB stick loss
  • computer recycling
  • Conficker worm
  • Credant Technologies
  • cyber crime
  • Cyber-Ark
  • Cyber-Ark®
  • Data Center
  • data encryption
  • DeviceLock
  • Digital Pathways
  • diskGenie
  • Eclypt
  • Eee PC
  • Eee PC Seashell 1008HA
  • F5 Networks
  • Facebook
  • Finjan
  • Finjan Inc.
  • Finjan MCRC
  • Firewall Management
  • Fortify
  • Fortify 360
  • Fortify Software
  • Fortify® Software
  • gadgets
  • Google
  • Google Chrome
  • green computing
  • green IT
  • IBM
  • Infosec
  • Infosec Europe 2009
  • Infosecurity Adviser
  • Infosecurity Europe
  • Infosecurity Europe 2009
  • Internet privacy
  • iStorage
  • iStorage diskGenie
  • iStorage Ltd.
  • Juniper Networks
  • Lakeland
  • Lapdesk
  • LLC
  • Logitech
  • malware
  • ManageEngine
  • McAfee International Ltd
  • MI6
  • MI6 data loss
  • Microsoft
  • MiFi™ 2352
  • Mio
  • Mobile Broadband
  • MS Office
  • National Cybersecurity Advisor
  • Navman
  • Navman Spirit
  • Netac
  • Novatel
  • Novatel Wireless Intelligent Mobile Hotspot 2352
  • OneClick IntelliPanel Desktop
  • online social media
  • open source
  • OpenOffice.org
  • Optenet
  • Origin Data Locker
  • Origin Storage
  • PNDs
  • product review
  • Red
  • SaaS
  • Sat Nav
  • saving energy
  • Security
  • Shavlik Technologies
  • SIS
  • spam
  • Stonewood Group
  • Storage Area Networks
  • Storage Expo
  • Storage Expo 2009
  • Sun Microsystems
  • Swine Flu
  • Syphan Technologies
  • Throwing Sheep in the Boardroom
  • Tufin Technologies
  • Twitter
  • U256
  • Unisys Security Index
  • USB drives
  • Vektor
  • VisionRacer
  • VisionRacer VR3
  • VMware
  • Weast
  • Web Apps Security
  • WebFilter PC Solution
  • WebSpy
  • XSS-driven attacks

Blog Archive

  • ►  2012 (1)
    • ►  January (1)
  • ►  2011 (67)
    • ►  December (1)
    • ►  April (1)
    • ►  March (14)
    • ►  February (30)
    • ►  January (21)
  • ▼  2010 (192)
    • ▼  December (20)
      • Beware of Malicious Twitter trends
      • PRIVILEGE GUARD NAMED "BEST SECURITY PRODUCT 2010"
      • Infosecurity Europe organisers say lack of awarene...
      • CitySights card hack could generate PCI DSS fallout
      • Working to Prevent Being the Next WikiLeak? Don’t ...
      • As 4m Brits travel this Christmas, thousands of Mo...
      • Imperva research: Insiders are most often responsi...
      • Report shows UK Government and IT security experts...
      • After this years’ security Tsunami – tips on how t...
      • ISACA leader warns companies to prepare for a Fran...
      • Organisations warned to review security as WikiLea...
      • Just in Time for the Holidays – Zeus Targets Major...
      • Bank of Cyprus UK secures its customers with Trust...
      • Imperva Unveils Comprehensive Strategy to Enhance ...
      • New ISACA Guide Shares Strategies for Minimizing V...
      • 460 Chinese Hackers show why IT security is so cri...
      • Seeweb selects Scality to provide faster public cl...
      • The Golden Hour of Phishing Attacks
      • NHS Choices response to Facebook security issue is...
      • USB Consumerism Out Of Control as 21% use 10 or more
    • ►  November (22)
    • ►  October (19)
    • ►  September (5)
    • ►  August (8)
    • ►  July (5)
    • ►  June (22)
    • ►  May (13)
    • ►  April (11)
    • ►  March (13)
    • ►  February (27)
    • ►  January (27)
  • ►  2009 (240)
    • ►  December (25)
    • ►  November (9)
    • ►  October (21)
    • ►  September (19)
    • ►  August (30)
    • ►  July (35)
    • ►  June (30)
    • ►  May (21)
    • ►  April (42)
    • ►  March (8)
Powered by Blogger.

About Me

Unknown
View my complete profile