in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

More Heartland Payment Systems Details Revealed

A quick update to yesterday's post on Heartland Payment Systems commentary.  According to StorefrontBacktalk, someone has been leaking out details regarding the data breach.

The Nilson Report, apparently a "respected payment systems newsletter," has named Cybertrust and Neohapsis as the forensic experts brought in to analyze the situation. 

Also, The Nilson Report was able to give details on the sniffer that was stealing the credit card numbers.  Yesterday I had noted that the sniffer was inactive when found; however, with guesstimates of the sniffer being installed as far back as May 2008, the finding was of little comfort: seven months between installation and detection is a heck of a time range.

According to StorefrontBacktalk sources, the sniffer was active between May 14, 2008 and August 19, 2008.  It is estimated that five percent of the cards also included names.

Three Months of Data, 100 Million Transactions Per Month

When news of the Heartland Payment Systems data breach first hit the wires, I had criticized the general media for sensationalizing the issue.  After all, they were equating 100 million transactions per month to one hundred accounts affected.  I noted that my own credit card (one account) is responsible for at least 30 transactions per month, give or take.

At the time, I had assumed that the breach had lasted for a short time, maybe a month.  Now that my assumptions have to be revised due to the extra two months...I still think that the damages in this case won't trump the TJX case.  Remember, the TJX case ultimately affected 90-plus million credit cards.

In order to become a bigger breach than TJX, one would have to assume that Heartland, with 300 million transactions, saw the average credit card used four times or less per month across their payment network.  That just sounds too low.

One Definite Conclusion

If I'm assured of anything from this latest case, it's that data that moves across networks can never be secure unless the information is encrypted to begin with.  For example, a file that has been encrypted using file encryption from AlertBoot is well protected when sent via e-mail, put up in a P2P folder, made accessible in a corporate LAN system, etc., because the encryption is in place already.

Information on credit cards, though, is not protected.  To begin with, the information on the magnetic stripes is not encrypted which explains why skimmers work.  Plus, the card numbers, dates of expiration, and names are available for anyone to see, on the face of the card.  Heck, who needs a skimmer when you could just take a picture with your camera?

Related Articles:
http://www.storefrontbacktalk.com/securityfraud/more-heartland-details-leak-out-and-some-may-be-trying-to-leak-back-in/

 
<Previous Next>

Hard Drive Encryption Software Not Used, Baked Ham Customers Beefed

Data Encryption Not Used At Kaiser Permanente? Employee Data Breached

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.