- Get a grip or you don't get the job
- Desktops of the future here today
- Researcher hides IE attack on Web
- Cisco third quarter 2008 channel stuffing
- Sci-Fi's goofiest gadgets and technology
Rss FeedRss Feed
Crackin' the Kraken bot. Listen now!
Wireless dangers at airports. Listen now!
Edison analysts put the management software of an HP EVA system through a series of typical day-to-day storage management tasks. The same tasks were also evaluated on similar systems from NetApp and EMC. This study demonstrates how the superior user interface and virtualization offered by the HP EVA storage system can provide organizations with the benefits of higher administrative efficiency combined with the potential ability to utilize less expensive human resources.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Watch this webcast to learn in six modules how to more cost effectively consolidate your Windows servers with virtualization. This unique program allows you to pick and choose which of the six modules you would like to view or watch the entire webcast at once. Topics covered: Performance, Use Cases, Enterprise-level Support, Managing Windows Workloads, Setup and Configuration and The Future. Find out how you can simplify server consolidation within your organization today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
If Microsoft does nothing to fix the problem in a timely manner, that is wrong and makes for poor business...- Anonymous
Hannaford Brothers Cos, which earlier this month disclosed a data breach involving credit cards at its supermarket stores, this week shared more information with Massachusetts regulators about the ongoing investigation into the incident.
In a letter to Massachusetts Attorney General Martha Coakley and Gov. Deval Patrick’s Office of Consumer Affairs, Hannaford’s general counsel Emily Dickinson shared details that Hannaford is uncovering in its investigation.
The letter stated that malware loaded onto Hannaford servers allowed attackers to intercept card data stored on the magnetic stripe of payment cards as customer’s used them at the check-out counter, according to information Hannaford provided to the Massachusetts Attorney General. That information, taken in transit from the point of sale, included card number and expiration date but not the customer’s name. The attack resulted in card data being transferred overseas and has resulted in 2,000 known cases of fraud.
“It’s an evolving situation,” said Carol Eleazer, vice president of marketing at Hannaford, noting that the computer forensics reports have not yet been completed on the data-breach incident.
Hannaford’s security investigators, whom she wasn’t at liberty to name, are calling the attack “sophisticated.” She said the U.S. Secret Service is also involved in finding out how the data breach occurred.
The attack was successful in spite of the fact that Hannaford is compliant with the Payment Card Industry rules for proving adherence to the PCI data security standards by undergoing an elaborate — and usually expensive — examination and certification required by card associations, including Visa and MasterCard.
PCI also has requirements for periodic vulnerability scans. Hannaford says it received PCI certification last year and was recertified on February 27.
Not surprisingly, the Hannaford data-breach case has already elicited a few customer lawsuits.
Some analysts regard the ongoing Hannaford case as raising important and unanswered questions about PCI and its purpose.
If the attackers in the Hannaford case initially captured data from the point-of-sale device to a server in the store, they
may have known that data isn’t required under PCI to be encrypted at that point, notes Avivah Litan, vice president at Gartner
and an expert in computer network security used in retailing.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
PCI Law and the "reasonable person"By slnewton on April 1, 2008, 2:17 pmThe delay between identification of an problem issuance of regulations is the province of the "reasonable person" standard. Regardless of the specific regulation,...
Reply | Read entire comment
PCI lawBy BenjaminWright on March 31, 2008, 11:10 amEllen: Legally speaking, we can't expect the PCI to keep pace with the criminals. Therefore the legal system (Federal Trade Commission) is wrong to punish merchants...
Reply | Read entire comment
View all comments