[funsec] PIN Scandal "Worst Hack Ever;" Citibank Only The Start
Rob, grandpa of Ryan, Trevor, Devon & Hannah
rMslade at shaw.ca
Sat Mar 11 14:01:18 CST 2006
From: "Thomas C. Greene" <thomas.greene at theregister.co.uk>
Date sent: Sat, 11 Mar 2006 11:41:48 -0500
> The scandalous part is the fact that the identity of the outfit that caused this
> problem (OfficeMax suspected) is being withheld from the public.
But this is far from being news. In security, we are constantly faced with the
holdover from "security by obscurity" in combination with the "don't admit
problems" mentality from the corporates.
Trying to getting a read on this situation is frustrating, yes. There seem to be a
huge number of stories around debit cards, PINs, and ATMs right at the moment.
Given the coincidental timing, one might suspect that they are all aspects of a) a
major breach, or b) some new technology, but we won't know for sure for some
time while everyone is trying to keep quiet about it.
> Whoever it was
> is being protected from the loss of customer confidence that they so richly
It is rather ironic that Citibank is involved in the major story: Citibank was the
outift that a) got hit, b) did pretty much everything right and kept the damage
under control, c) decided to announce it, and use the fact that they had dealt with
it properly as a selling point, and d) got hammered in the market. I suppose you
can't blame them for being less than forthcoming this time around.
====================== (quote inserted randomly by Pegasus Mailer)
rslade at vcn.bc.ca slade at victoria.tc.ca rslade at sun.soci.niu.edu
The truth shall make ye fret - Terry Pratchett
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
More information about the funsec