Read up on the latest ideas and technologies from companies that sell hardware, software and services. Why Security SaaS Makes Sense Today
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Social Networking Guide for IT Managers
Optimized Back-up and Recovery for VMWare for VMWare Infrastructure with EMC Avamar
Taking On Demand CRM Integration to the Next Level
Revolutionising Back-up and Recovery
Email Archiving 101—Customer Case Study
Solve Exchange Storage Problems Once and For All: A New Approach without Stubs or Links
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Security managers often describe their efforts to protect corporate data from being compromised as a full-fledged battle of wits against cybercrooks who are continually arming themselves with innovative tools and methods of attack.
And the security breaches disclosed last month by Hannaford Bros and Okemo Mountain Resort -- along with unconfirmed reports of dozens of similar network intrusions -- suggest that a new front may have opened up in the battle.
Furthermore, the recent incidents have prompted some to question whether the payment card industry's highly publicized data security standards are fully equipping companies to fend off attackers.
What's noteworthy about the Hannaford and Okemo breaches is that they both involved the theft of data in transit -- credit and debit card information that was being transmitted from point-of-sale systems to payment processors in order to authorize transactions.
In Hannaford's case, the US-based supermarket chain has said that malware planted on the servers at about 300 grocery stores in the Northeast and Florida intercepted up to 4.2 million credit and debit card numbers and periodically sent the data in batches to a system overseas.
Just two weeks after Hannaford disclosed its breach, Okemo reported that data from more than 46,000 payment card transactions may have been compromised during a 16-day system intrusion in February.
Some of the data that was stolen was from transactions that occurred two years ago. But data from purchases made by customers while the intrusion was taking place appears to have been stolen in real time during the authorization and card-verification process, according to a spokeswoman for the ski area.
"The information was being taken as the cards were being swiped," she said, adding that law enforcement officials have told Okemo's management that they are investigating about 50 such incidents in the Northeast alone.
If that is indeed the case, it indicates that malicious hackers are starting to focus on stealing card data while it's on the move, instead of trying to take information that's stored on systems.
Ironically, the push by attackers to get at data in transit is likely a direct response to retailers' efforts to implement the security controls mandated by the Payment Card Industry Data Security Standard, or PCI for short, said Gartner analyst Avivah Litan.
The PCI standard, which was created by the major credit card companies, prohibits retailers and other merchants from storing payment card data on their systems in most cases, and it requires them to encrypt the data that they are allowed to store. Litan said that as more companies comply with the standard, credit card thieves are being forced to turn their attention away from the databases that they previously had targeted.
And the apparent success of the intruders who broke into the systems at Hannaford and Okemo is bound to embolden other attackers to try the same kind of strategies, Litan warned.
Computerworld Member Login
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Multimedia Technology signs exclusive National distribution agreement with Freecom 2008-10-07 14:30:00+10
Open Text: Upheaval in the Financial Markets Sharpens the Focus on Information Governance and Enterprise 2008-10-07 13:19:00+10
Symantec State of Spam Report - October 2008 2008-10-07 11:58:00+10
AIIA to Reward Sustainability and Green IT Champions at the 2009 iAwards 2008-10-07 11:56:00+10
WD Unveils Affordable, High-Capacity Network Storage For Small Offices And Homes 2008-10-07 11:40:00+10
Solve Exchange Mailbox Storage Issues Once and for All
Join industry expert Bob Spurzem and Chuck Arconi of Fox Hollow to discover how to reduce Exchange total storage and keep it at a manageable level. Learn how Exchange storage growth can be contained without sacrificing security and accessibility.
