And if you read the Verizon Data Breach report for 2011, it defintely suggests that the criminal organizations are going after those smaller, softer targets to get the CC information, which means that retail/hospitality are going to continue to be targets, along with big banks.
Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Alan Davies [mailto:[email protected]] Sent: Thursday, April 28, 2011 4:46 AM To: NT System Admin Issues Subject: RE: Massive Databreach of Sony Playstation Database, Why for them and not for Amazon, eBay, etc.? In fact, the small retailers are higher risk as they're so far down the PCI chain that the banks don't even care if they're compliant. For that matter, why trust restaurants and petrol stations - more fraud there than online. The pre-pay card isn't a bad idea, but it is a knee jerk reaction and beyond Sony without any basis that I can see. The worst thing here for me is the password compromise - were they not stored encrypted .. or poorly encrypted/encoded? Credit cards can be changed in an instant and most card providers will cover any fraud like this. It just doesn't worry me and I always check my bills. The fact that almost 80 million names, email addresses and passwords are out there could mean fraud on an untold scale due to password re-use. a ________________________________ From: Stefan Jafs [mailto:[email protected]] Sent: 27 April 2011 15:21 To: NT System Admin Issues Subject: Re: Massive Databreach of Sony Playstation Database, I'm not but I'm checking my cc's online daily for suspicious charges. Anyhow going forward I'll be using pre-paid cards for iTunes, XBOX and Sony Playstation, no more cc info to any of them. SJ On Wed, Apr 27, 2011 at 10:10 AM, Erik Goldoff <[email protected]> wrote: *YOU* don't have it stored, but are you confident that *THEY* didn't have it in some database somewhere anyway ??? Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' From: Stefan Jafs [mailto:[email protected]] Sent: Wednesday, April 27, 2011 9:30 AM To: NT System Admin Issues Subject: Re: Massive Databreach of Sony Playstation Database, My son uses the PSN he has had withdrawal symptoms since last Thursday can't play COD! Anyhow I don't have my CC info stored, delete the info after each transaction but I may change my CC anyhow just to be safe. I'm also disappointed with how long it took Sony to own up to their troubles and openly agree that they had been hacked. SJ On Wed, Apr 27, 2011 at 9:24 AM, James Rankin <[email protected]> wrote: I think these sort of things will power a drive towards more centralised identity management in general. At the moment, it is nothing but a risk to store a username and password and possibly financial data on hundreds of different websites with differing levels of security. Even for the intelligent, managing these vast arrays of logins and data presents a challenge which can often only be managed by third-party software. I wouldn't be surprised to see the likes of Google and Facebook trying to move in on this - using your login for Google, for example, to log on to myriad different websites, therefore only worrying about whether Google get hacked or not. Although I also see a move towards more federated ways of accessing different systems coming out from the likes of Citrix and VMWare as well, I think things like OpenCloud and Project Horizon also have started to encompass some form of identity management. On 27 April 2011 14:19, Ziots, Edward <[email protected]> wrote: More food for thought, I am sure that other devices ( WII, Xbox, etc etc) could also be exploitable, it underlies a bigger problem with database security in general. If you have provided information from your playstations to Sony to download content, you might want to be watching your CC Card information and other accounts very carefully, since your information is probably in the possession of unauthorized parties atm. http://www.ibtimes.com/articles/138557/20110427/sony-playstation-suffers -massive-data-breach-criticized.htm <http://www.ibtimes.com/articles/138557/20110427/sony-playstation-suffers%0A-massive-data-breach-criticized.htm> Sincerely, EZ Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] <mailto:email%[email protected]> Cell:401-639-3505 unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ************************************************************************************ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
