On Sat, 18 Jun 2005, Major.Mikey wrote: > Well, I'm sure you all have heard by now that a company in > Tucson that handles credit card information had a > cyber-breakin. > > 1- What operating system does this company use? - The compromise vector sems to be a tailored Windows harvesting tool. Shame on them for using a consumer grade operating system for their workstation desktops handling restricted data. > I am having all my credit card numbers changed! What do all > of those who are wiser than me think about that? - I have been working in this part of the ISO (independent servicing organization) credit card capture and clearance business for several years. This scenario has been in my nightmares for the last 5 years. Clearly the company in question failed to meet its VISA CISP and related Associations obligations, and some heads should roll. The compromised business (CSI) may be part of the walking dead already, although they are a moderately big player. As a practical matter, there is no way for an lay user to know which ISO is handling their CC swipe data on behalf of the merchant. As such seeking a changed credit card number is like applying putting on bug repellant before going golfing. i.e., a harmless 'feel good' measure, but not one directly not addressing the true issues. Taking ownership of one's own infosec, as in following a sustained program of reviewing monthly card settlement statements is much more likely to catch the occasional fraud. - Russ Herrold --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss