Hacker Safe Compromised
At least, it was according to Ryan's new blog. Which seems a little embarrassing to their new owners, McAfee. Oops. According to the report, credit card numbers and CVCs may have been stolen -- which means that Scan Alert, just like most people, were probably storing CVCs along with CC#'s in an unencrypted format. Nice.
Update 2008-01-09: The compromised site in question here is Geeks.com, not Scan Alert. Mea culpa. I got confused by the reported headline, "Hacker Safe Site Compromised." This revelation makes the story far less exciting, since I'm sure the Scan Alert guys scope their protection to just web site stuff, not databases or lost drives or whatever. In fact, I'm sure Geeks.com had at least a couple other devices and applications, like firewalls and antivirus products, too, so the headline could have read "CheckPoint, Scan Alert, Symantec, Apache, and Sendmail site compromised." That said, here's the original letter. Geeks.com is still naughty for storing the CVC's.
Update 2008-01-09: The compromised site in question here is Geeks.com, not Scan Alert. Mea culpa. I got confused by the reported headline, "Hacker Safe Site Compromised." This revelation makes the story far less exciting, since I'm sure the Scan Alert guys scope their protection to just web site stuff, not databases or lost drives or whatever. In fact, I'm sure Geeks.com had at least a couple other devices and applications, like firewalls and antivirus products, too, so the headline could have read "CheckPoint, Scan Alert, Symantec, Apache, and Sendmail site compromised." That said, here's the original letter. Geeks.com is still naughty for storing the CVC's.
Labels: cvc, mcafee, scan alert
posted by todb at 7:58 AM
2 Comments:
ScanAlert's Reply:
The allegation that Geeks.com was hacked while it was certified HACKER SAFE is false and misleading, and does not match the facts provided by Geeks.com to its customers. So far, no one knows exactly what happened, or whether this breach occurred on the web site or somewhere else. There is no evidence that this web site was hacked while it was certified HACKER SAFE. In fact, all of the information that ScanAlert has gathered so far indicates that this breach did not happen while Geeks.com was certified HACKER SAFE.
It was most definitely done on the internet. I used to work in the Geeks.com office here in California. It's locked tight heavily, everything is monitored... is almost ridiculous..
Post a Comment
Links to this post:
Create a Link
<< Home