|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
Websites were not compromised
It may be a bit ironic, but the customers that shopped on the e-commerce sites were not at risk or compromised. Due to superior controls on the various e-commerce sites and the limited number of entry points into the network via the internet, it appears that no e-commerce customer accounts were compromised.
It's unfortunate that this true fact has been overshadowed by the sensational headlines. The internet security teams on many of these companies are separate from the retail divisions and thus should be commended for their diligent efforts to protect customers.
It's unfortunate that many of the controls used to protect e-commerce have not translated over to retail sales (i.e. IDS, Application Testing, encryption design & technology, Multi-Tiered Architecture, Annual Penetration Test, Vulnerability Scans at layer 3, 4 and 7; sound information security policies, and qualified security personnel with the relevant experience and certifications.
Please save me the sales calls, trying to sell me technology that will not patch management ignorance. Many of the security professionals do the best they can, even though they are often put in reporting lines that do not give them the proper level of political power or required exposure. It might even be said that some security professionals, wrote internal memos to management warning of the EXACT breach that occurred and management sat on that information saying it wasn't cost effective to address.
I've already said enough, hopefully the truth will come out one day... Don't blame the information security professionals, blame management, and don't believe all the press releases you read - read between the lines. Websites are attacked thousands of times a week and are able to handle the bombardment. The retail stores were the weak links, and now attention needs to be focused in the weakest link.
If there is one good outcome of this, it will bring the proper attention to the role of the "qualified" information security profession and that paranoia is sometimes real.
Best of luck to all.