The number, scale and sophistication of data breaches fueled by hackers last year is rekindling the debate over the efficacy of the credit card industry’s security standards for safeguarding customer data.
All merchants that handle credit and debit card data are required to show that they have met the payment card industry data security standards (PCI DSS), a set of technical and operational requirements designed to safeguard cardholder information from theft or unauthorized access.
Yet, some of the most notable data breach incidents last year targeted companies that had recently been certified as compliant with those standards, raising the question of whether the standards go far enough, or if entities that experienced a breach are falling out of compliance with the practices that led to their certification…
Verizon’s breach report, available here (PDF), describes another advanced technique used to steal card data, called “memory scraping,” which involves dumping sensitive data that is stored in a computer’s memory before or after it can be encrypted.
“Criminals have re-engineered their processes and developed new tools–such as memory-scraping malware–to steal this valuable commodity,” the report reads. “This has led to the successful execution of complex attack strategies previously thought to be only theoretically possible. As a result, our 2008 caseload is reflective of these trends and includes more targeted, cutting edge, complex, and clever cybercrime attacks than seen in previous years.”
SANTA ANA, California (Reuters) – A computer hacker testified on Wednesday that a News Corp unit hired him to develop pirating software, but denied using it to penetrate the security system of a rival satellite television service.
Unknown miscreants had a good time two weekends ago when they posted hundreds of flashing animated images onto discussion boards hosted by the Landover, Md.-based Epilepsy Foundation. Flashing lights or bold moving patterns can trigger often violent seizures among 3 percent of the estimated 50 million epileptics worldwide.”I was on the phone when it happened, and I couldn’t move and couldn’t speak,” RyAnne Fultz, who has epilepsy, told Wired News about her reaction to viewing one of the images on March 23.
WASHINGTON (CNN) — Hackers compromised dozens of Department of Homeland Security computers, moving sensitive information to Chinese-language Web sites, congressional investigators said Monday.
WASHINGTON (AFP) — Several nations and groups are trying to break into the US military’s computer system, the Pentagon said Tuesday after reports China’s military had successfully hacked into the network.