NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Attrition Dataloss> 2009-09

[Dataloss] fringe: RBS Wordpay Hacked - can anyone confirm data loss?

From: security curmudgeon (jerichoattrition.org)
Date: Sat Sep 12 2009 - 12:35:04 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[And so we start the he said / she said game. Why does this feel like
  after months of pressure, RBS may admit "could have been compromised" or
  alters the wording significantly away from "nothing bad happened"?
  Second link has screenshots of the attack.]

http://www.theregister.co.uk/2009/09/11/rbs_worldpay_security_snafu/

RBS WorldPay downplays database hack reports
'No access to either merchant or cardholder accounts'
By John Leyden

Updated RBS WorldPay and a hacker are at loggerheads over the seriousness
of a supposed breach on websites run by the payment processing firm.

Security shortcomings - since blocked - on RBS WorldPay website exposed
confidential information, including admin passwords and the contact
details of partners, according to blog posts by Romanian hacker Unu.

The grey-hat hacker previously exposed similar problems on the websites of
the UK parliament and HSBC France, among many others. As before he
published screenshots to back up his latest claims.

[..]

http://unu1234567.baywords.com/2009/09/10/rbs-wordpay-hacked-full-database-acces/

RBS WordPay hacked, full database acces

I DID AN UPDATE
RBS WordPay is a business operated by The Royal Bank of Scotland Group.RBS
WorldPay processes millions of payments every day, for every type of
business: securely and quickly. Online, face-to-face and over the phone,
our customers can accept every major card as well as bank transfers,
direct debits and a wide range of local cards. Online payments.Accept
credit and debit card payments over the internet. worldpay says on its
page. Quickly? Maybe. Securely? Not really. A vulnerable parameter allows
full access to databases on server. She have many databases. I made 2
print screens to see almost everything:

[..]
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]