[AusNOG] Security for CC details of new signups

[Thomason, Simon]

https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Cheers,

Simon T

From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Steve Skeevens
Sent: Tuesday, 6 July 2010 10:01 AM
To: ausnog at ausnog.net
Subject: [AusNOG] Security for CC details of new signups

Hi List,

I've been doing some work on a client's network and I was wondering if their method of storing credit card numbers of newly registering users was BCP or not.  Basically, what seems to be happening is the new user's details, including CC, get stored in a world-readable file in /tmp.  I'm worried that this might be susceptible to being stolen and posted somewhere by a hacker.  Does this seem well-founded to you or am I just paranoid?

Regards,
Steve

Join us at MotorFest on 11 July 2010 at Eagle Farm Racecourse. Visit www.racq.com/motorfest for more information

Please Note: If you are not the intended recipient, please delete this email as its use is prohibited. RACQ does not warrant or represent that this email is free from viruses or defects. If you do not wish to receive any further commercial electronic messages from RACQ please e-mail unsubscribe at racq.com.au or contact RACQ on 13 19 05.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100706/f53fc7e8/attachment.html>