Hacker Safe Compromised
At least, it was according to Ryan's new blog. Which seems a little embarrassing to their new owners, McAfee. Oops. According to the report, credit card numbers and CVCs may have been stolen -- which means that Scan Alert, just like most people, were probably storing CVCs along with CC#'s in an unencrypted format. Nice.
Update 2008-01-09: The compromised site in question here is Geeks.com, not Scan Alert. Mea culpa. I got confused by the reported headline, "Hacker Safe Site Compromised." This revelation makes the story far less exciting, since I'm sure the Scan Alert guys scope their protection to just web site stuff, not databases or lost drives or whatever. In fact, I'm sure Geeks.com had at least a couple other devices and applications, like firewalls and antivirus products, too, so the headline could have read "CheckPoint, Scan Alert, Symantec, Apache, and Sendmail site compromised." That said, here's the original letter. Geeks.com is still naughty for storing the CVC's.
Update 2008-01-09: The compromised site in question here is Geeks.com, not Scan Alert. Mea culpa. I got confused by the reported headline, "Hacker Safe Site Compromised." This revelation makes the story far less exciting, since I'm sure the Scan Alert guys scope their protection to just web site stuff, not databases or lost drives or whatever. In fact, I'm sure Geeks.com had at least a couple other devices and applications, like firewalls and antivirus products, too, so the headline could have read "CheckPoint, Scan Alert, Symantec, Apache, and Sendmail site compromised." That said, here's the original letter. Geeks.com is still naughty for storing the CVC's.
Labels: cvc, mcafee, scan alert
posted by todb at 7:58 AM
2 comments
links to this post
