[AusNOG] Security for CC details of new signups
Terry Manderson
terry at terrym.net
Tue Jul 6 10:07:52 EST 2010
indeed...
for more info on PCI see https://www.pcisecuritystandards.org/index.shtml
Cheers
Terry
On 06/07/2010, at 10:04 AM, craig at askings.com.au wrote:
> Steve,
>
> Have they been audited for PCI DSS compliance? If yes, then ignore it. Not
> your problem when they get owned. If no, WTF are they storing CC details
> for.
>
> Craig.
>
>
>> Hi List,
>>
>> I've been doing some work on a client's network and I was wondering if
>> their
>> method of storing credit card numbers of newly registering users was BCP
>> or
>> not. Basically, what seems to be happening is the new user's details,
>> including CC, get stored in a world-readable file in /tmp. I'm worried
>> that
>> this might be susceptible to being stolen and posted somewhere by a
>> hacker.
>> Does this seem well-founded to you or am I just paranoid?
>>
>> Regards,
>> Steve
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list