The black market economy of the cyber-world is always busy, especially in an age of massive data breaches like the ones that occurred at Heartland Payment Systems and Hannaford Brothers. According to research from Kaspersky Lab posted Aug. 17, U.S. credit cards are not worth as much as you might think. While analyzing malware, Kaspersky…
Category: Commentaries and Analyses
Risky use of real data in application development
Most organizations in the U.S. and U.K. put their sensitive customer and company data at risk during their application development and testing processes, according to a new study. Although nearly 80 percent of the firms surveyed in the Ponemon Institute report say they have been hit by at least one data breach in the past…
Gonzalez: The Al Capone Of Cyber Thieves?
Evan Schuman and Fred J. Aun have a well-written commentary on the recent indictment of Albert Gonzalez and two unnamed co-conspirators that highlights the questions left unanswered by the indictment, and the apparent contradictions between statements made. As one example, they write: For example, 7-Eleven is a new name in the breach circle, and the…
Audit of Dept of Energy reveals unaddressed problems
From Protection of the Department of Energy’s Unclassified Sensitive Electronic Information, DOE/IG-0818: The Department of Energy and its contractors store and process massive quantities of sensitive information to accomplish national security, energy, science, and environmental missions. Sensitive unclassified data, such as personally identifiable information (PII), official use only, and unclassified controlled nuclear information require special…
An open letter to Heartland CEO Robert Carr
Rich Mogull of Securosis joins Mike Rothman in taking Heartland Payment Systems CEO Bob Carr to task for his comments that seemed to shift responsibility for the breach to the assessors who told them they were PCI-compliant: […] PCI compliance means you are compliant at a point in time, not secure for an indefinite future….
Opinion: Heartland CEO Must Accept Responsibility
I just read Bill Brenner’s interview with Heartland Payment Systems’ CEO Bob Carr [Heartland CEO on Data breach: QSAs Let Us Down] and truthfully, my blood is boiling. Basically, he’s throwing his QSA under the bus for the massive data breach that happened under his watch. Basically, because the QSA didn’t find anything, therefore he…