[Owasp-codereview] [Owasp-ireland] Potential of 4.2 million credit card details stolenvia cyber attack.

Brian Honan brian.honan at bhconsulting.ie
Tue Mar 25 07:02:14 EDT 2008

Hash: SHA1

Sorry I forgot to say in my last mail.
Who is to blame?  Well while everyone points the fingers at
Hannafords, the PCI assessors and VISA/Mastercard themselves - I
suggest we look at the criminals who conducted the breach.  After all
if someone breaks into my house, is that my fault? my alarm company's
fault? or that of the lock manufacturers? or is it the criminal who
committed the burglary?
Brian Honan
BH Consulting
Helping You Piece IT Together
T:  +353-1-4404065
M:  +353-868114066
E:  brian.honan at bhconsulting.ie
W:  http://www.bhconsulting.ie 
B:  http://www.bhconsulting.ie/blog

Supporting Global Security Week http://www.globalsecurityweek.com 

This message is for the named person's use only. If you received this
message in error, please immediately delete it and all copies and
notify the sender. You must not, directly or indirectly, use,
disclose, distribute, print, or copy any part of this message if you
are not the intended recipient. Any views expressed in this message
are those of the individual sender and not of BH Consulting.
BH Consulting is a registered trade name for BH IT Consulting
Limited, Company Registration Number: 393479 with registered offices
at Suite B011, The LINC Centre, Blanchardstown Road North, Dublin 15.


From: owasp-ireland-bounces at lists.owasp.org
[mailto:owasp-ireland-bounces at lists.owasp.org] On Behalf Of Eoin
Sent: 25 March 2008 10:26
To: owasp-ireland at lists.owasp.org; Owasp-codereview at lists.owasp.org;
owasp-testing at lists.owasp.org; owasp-leaders-bounces at lists.owasp.org
Subject: [Owasp-ireland] Potential of 4.2 million credit card details
stolenvia cyber attack.

Maybe a bit slow on this one but I'd thought I'd share it
A PCI compliant company was compromised and an estimate of 4.2
million cc numbers were obtained.
The issue arises that the company were PCI compliant and now the
blame game has ensued. The PCI assessors are being blamed, there is
mention of ambiguity regarding the PCI standard, where to apply some
of the technical controls etc..

- -- 
Eoin Keary OWASP - Ireland

Version: PGP 8.1


More information about the Owasp-codereview mailing list