There are more of them to attack, so it makes a lot of sense. Additionally, more smaller vendors are coming online and storing things centrally.
And the bad guys are motivated... http://home.asbzone.com/ASB/archive/2011/04/29/reactive-security-feel-the-pain-in-2011.aspx *ASB *(Professional Bio <http://about.me/Andrew.S.Baker/bio>) *Harnessing the Advantages of Technology for the SMB market... * On Thu, Apr 28, 2011 at 7:51 AM, Ziots, Edward <[email protected]> wrote: > And if you read the Verizon Data Breach report for 2011, it defintely > suggests that the criminal organizations are going after those smaller, > softer targets to get the CC information, which means that > retail/hospitality are going to continue to be targets, along with big > banks. > > > > Z > > > > Edward E. Ziots > > CISSP, Network +, Security + > > Network Engineer > > Lifespan Organization > > Email:[email protected] > > Cell:401-639-3505 > > > > *From:* Alan Davies [mailto:[email protected]] > *Sent:* Thursday, April 28, 2011 4:46 AM > > *To:* NT System Admin Issues > *Subject:* RE: Massive Databreach of Sony Playstation Database, > > > > Why for them and not for Amazon, eBay, etc.? In fact, the small retailers > are higher risk as they're so far down the PCI chain that the banks don't > even care if they're compliant. For that matter, why trust restaurants and > petrol stations - more fraud there than online. The pre-pay card isn't a > bad idea, but it is a knee jerk reaction and beyond Sony without any basis > that I can see. > > > > The worst thing here for me is the password compromise - were they not > stored encrypted .. or poorly encrypted/encoded? Credit cards can be > changed in an instant and most card providers will cover any fraud like > this. It just doesn't worry me and I always check my bills. The fact that > almost 80 million names, email addresses and passwords are out there could > mean fraud on an untold scale due to password re-use. > > > > > > > > a > > > ------------------------------ > > *From:* Stefan Jafs [mailto:[email protected]] > *Sent:* 27 April 2011 15:21 > *To:* NT System Admin Issues > *Subject:* Re: Massive Databreach of Sony Playstation Database, > > I'm not but I'm checking my cc's online daily for suspicious charges. > > Anyhow going forward I'll be using pre-paid cards for iTunes, XBOX and Sony > Playstation, no more cc info to any of them. > > > > SJ > > On Wed, Apr 27, 2011 at 10:10 AM, Erik Goldoff <[email protected]> wrote: > > **YOU** don’t have it stored, but are you confident that **THEY** didn’t > have it in some database somewhere anyway ??? > > > > *Erik Goldoff* > > *IT Consultant* > > *Systems, Networks, & Security * > > ' Security is an ongoing process, not a one time event ! ' > > *From:* Stefan Jafs [mailto:[email protected]] > *Sent:* Wednesday, April 27, 2011 9:30 AM > > > *To:* NT System Admin Issues > *Subject:* Re: Massive Databreach of Sony Playstation Database, > > > > My son uses the PSN he has had withdrawal symptoms since last Thursday > can't play COD! Anyhow I don’t have my CC info stored, delete the info after > each transaction but I may change my CC anyhow just to be safe. I’m also > disappointed with how long it took Sony to own up to their troubles and > openly agree that they had been hacked. > > SJ > > On Wed, Apr 27, 2011 at 9:24 AM, James Rankin <[email protected]> > wrote: > > I think these sort of things will power a drive towards more centralised > identity management in general. At the moment, it is nothing but a risk to > store a username and password and possibly financial data on hundreds of > different websites with differing levels of security. Even for the > intelligent, managing these vast arrays of logins and data presents a > challenge which can often only be managed by third-party software. > > I wouldn't be surprised to see the likes of Google and Facebook trying to > move in on this - using your login for Google, for example, to log on to > myriad different websites, therefore only worrying about whether Google get > hacked or not. Although I also see a move towards more federated ways of > accessing different systems coming out from the likes of Citrix and VMWare > as well, I think things like OpenCloud and Project Horizon also have started > to encompass some form of identity management. > > > > On 27 April 2011 14:19, Ziots, Edward <[email protected]> wrote: > > More food for thought, I am sure that other devices ( WII, Xbox, etc > etc) could also be exploitable, it underlies a bigger problem with database > security in general. > > If you have provided information from your playstations to Sony to download > content, you might want to be watching your CC Card information and other > accounts very carefully, since your information is probably in the > possession of unauthorized parties atm. > > > http://www.ibtimes.com/articles/138557/20110427/sony-playstation-suffers > -massive-data-breach-criticized.htm<http://www.ibtimes.com/articles/138557/20110427/sony-playstation-suffers%0A-massive-data-breach-criticized.htm> > > Sincerely, > EZ > > Edward E. Ziots > CISSP, Network +, Security + > Network Engineer > Lifespan Organization > Email:[email protected] > Cell:401-639-3505 > > > unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into > the machine wrong figures, will the right answers come out?' I am not able > rightly to apprehend the kind of confusion of ideas that could provoke such > a question." > > *IMPORTANT: This email is intended for the use of the individual > addressee(s) named above and may contain information that is confidential, > privileged or unsuitable for overly sensitive persons with low self-esteem, > no sense of humour or irrational religious beliefs. If you are not the > intended recipient, any dissemination, distribution or copying of this email > is not authorised (either explicitly or implicitly) and constitutes an > irritating social faux pas. > > Unless the word absquatulation has been used in its correct context > somewhere other than in this warning, it does not have any legal or no > grammatical use and may be ignored. No animals were harmed in the > transmission of this email, although the kelpie next door is living on > borrowed time, let me tell you. Those of you with an overwhelming fear of > the unknown will be gratified to learn that there is no hidden message > revealed by reading this warning backwards, so just ignore that Alert Notice > from Microsoft. > > However, by pouring a complete circle of salt around yourself and your > computer you can ensure that no harm befalls you and your pets. If you have > received this email in error, please add some nutmeg and egg whites, whisk > and place in a warm oven for 40 minutes.* > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > > -- > Stefan Jafs > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > > -- > Stefan Jafs > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ************************************************************************************ > > WARNING: > > The information in this email and any attachments is confidential and may > be legally privileged. > > > > If you are not the named addressee, you must not use, copy or disclose this > email (including any attachments) or the information in it save to the named > addressee nor take any action in reliance on it. If you receive this email > or any attachments in error, please notify the sender immediately and then > delete the same and any copies. > > > > "CLS Services Ltd × Registered in England No 4132704 × Registered Office: > Exchange Tower × One Harbour Exchange Square × London E14 9GE" > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
