[AusNOG] Security for CC details of new signups

craig at askings.com.au craig at askings.com.au
Tue Jul 6 10:04:56 EST 2010


Steve,

Have they been audited for PCI DSS compliance? If yes, then ignore it. Not
your problem when they get owned. If no, WTF are they storing CC details
for.

Craig.


> Hi List,
>
> I've been doing some work on a client's network and I was wondering if
> their
> method of storing credit card numbers of newly registering users was BCP
> or
> not.  Basically, what seems to be happening is the new user's details,
> including CC, get stored in a world-readable file in /tmp.  I'm worried
> that
> this might be susceptible to being stolen and posted somewhere by a
> hacker.
> Does this seem well-founded to you or am I just paranoid?
>
> Regards,
> Steve




More information about the AusNOG mailing list