[AusNOG] Security for CC details of new signups
McDonald Richards
macca at vocus.com.au
Tue Jul 6 10:03:54 EST 2010
I find BCP these days is to store the credit cards, cvv and expiry dates
together in /var/www/tmp/ - this way they can't be linked to a user account
and will help preserve privacy.
Macca
(disclaimer: please dont ever do this)
From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Steve Skeevens
Sent: Tuesday, 6 July 2010 10:01 AM
To: ausnog at ausnog.net
Subject: [AusNOG] Security for CC details of new signups
Hi List,
I've been doing some work on a client's network and I was wondering if their
method of storing credit card numbers of newly registering users was BCP or
not. Basically, what seems to be happening is the new user's details,
including CC, get stored in a world-readable file in /tmp. I'm worried that
this might be susceptible to being stolen and posted somewhere by a hacker.
Does this seem well-founded to you or am I just paranoid?
Regards,
Steve
More information about the AusNOG
mailing list