Comments on: Computer forensics tools maker hacked

An attacker penetrates systems at Guidance Software and accesses customer records, including credit card data.

[mkv22]

No wonder...

This is the server their web site is running. A windows machine,
yeah!
----------
http://www.guidancesoftware.com/
Microsoft-IIS/6.0
------------------

[bayol]

SELL CVV , FULLZ , TRACK1&2, DUMPS , LOGINS .......!!!!!! (verified seller)

PRICE LIST:
1 Sock 5 live = 5$/5sock live
1 US visa= 2$
1 US master 4$
1 discover cc $6
1 amex cc $5
1UK visa/master = 7$
1 uk cc amex =$10
uk cc bin+post code=$12
1UK CC WITH BIN =10$
1UK CVV with DOB = 15$
plantium 50$
gold 40$
classic 30$
1000USD
tracks1 and tracks2 (jp,it,usa,au,uk) with good balances.
dumps:100$
gold:120$
platinum:150$
business:200$ when buy more me reduce
Avaliable uk bank logins
Alliance & Leicester
Lloyds TSB Bank
Abbey Bank
Northern Bank
Jodrell Bank
Avaiable usa bank logins
BOA,
CHASE BANK,
WAMU
WELSFARGO
WACHOVIA
HSBC

1 Ca CVV = 5$/CVV
1 CA CVV(Amex,dis) = 7$/cvv
1 EU CVV = 15$/CVV
1 EU CVV(Amex,dis) = 20$/cvv
1 US CVV full info = 30$/CVV

Euro CVV=$15 (FR IT GER ESP BEL)

paypal verified=$50


nation wide bank login $500 (£68,000.00GBP)
halifax bank login $500 (£30,000.00GBP)
lyods bank login $500 (£122,070.000GBP)
I have Paypal verifi balance > 20.000$
sell 2000$

ONLY::: LR & WU :::ACCEPTED
contact : son.jeff29@yahoo.com
icq 456411298 or meet me online for deals.
msg;son.jeff29

[Stating]

How Many Others Store CVS?

So the question is really how many other merchants store the CVS#? How many store all the credit card details without purging them? I think in this case AMEX, VISA, and Mastercard need to send a message to merchants like Guidance by permanently yanking their online charge capability. One well publicized case like that will force all the other merchants to review their systems, which THEY SHOULD be doing anually anyway as part of the audit process.

[aabcdefghij987654321]

A better solution

A better solution would be to make sure you have included in the terms of the contract that they use to provide services in the first place the simple note that if you store the CVS numbers and they are stolen from you then you become responsible for the fraudulent charges.

That one simple change will give the companies who are storing CVS numbers all the incentive they need to clean house.

[jmanico]

Burn them at the stake

Guidance didn't just screw up, they screwed up royally. This is **not** just part of the business. They had no right storing credit card numbers, being such an at-risk target, let alone the cvs numbers. And they are a security company that is supposed to teach YOU best practices and sell you services and software? BURN THEM AT THE STAKE!

[RU_Trustified]

Core protection needed.

"intrusions can happen to anybody and nobody should be complacent about their security"

Unfortunately if you resort to status quo technology for your security, you are being complacent. The thing that is lacking is core layer protection, that will protect systems and data from intrusion. Forensic tools that investigate after the intrusion are still only reactive technology.

[bayol]

SELL CVV , FULLZ , TRACK1&2, DUMPS , LOGINS .......!!!!!! (verified seller)

PRICE LIST:
1 Sock 5 live = 5$/5sock live
1 US visa= 2$
1 US master 4$
1 discover cc $6
1 amex cc $5
1UK visa/master = 7$
1 uk cc amex =$10
uk cc bin+post code=$12
1UK CC WITH BIN =10$
1UK CVV with DOB = 15$
plantium 50$
gold 40$
classic 30$
1000USD
tracks1 and tracks2 (jp,it,usa,au,uk) with good balances.
dumps:100$
gold:120$
platinum:150$
business:200$ when buy more me reduce
Avaliable uk bank logins
Alliance & Leicester
Lloyds TSB Bank
Abbey Bank
Northern Bank
Jodrell Bank
Avaiable usa bank logins
BOA,
CHASE BANK,
WAMU
WELSFARGO
WACHOVIA
HSBC

1 Ca CVV = 5$/CVV
1 CA CVV(Amex,dis) = 7$/cvv
1 EU CVV = 15$/CVV
1 EU CVV(Amex,dis) = 20$/cvv
1 US CVV full info = 30$/CVV

Euro CVV=$15 (FR IT GER ESP BEL)

paypal verified=$50


nation wide bank login $500 (£68,000.00GBP)
halifax bank login $500 (£30,000.00GBP)
lyods bank login $500 (£122,070.000GBP)
I have Paypal verifi balance > 20.000$
sell 2000$

ONLY::: LR & WU :::ACCEPTED
contact : son.jeff29@yahoo.com
icq 456411298 or meet me online for deals.
msg;son.jeff29

[jtpickering]

Wait for it....

Several items to watch: 1) The credit card association's response, and 2) the effect on Guidance's reputation.

Each credit card company has operating regulations that clearly prohibit storing the CVN (CVV2, CVC2, et. al.). In addition, PCI DSS has re-iterated this prohibition and attached fines to those who do not comply. PCI DSS is a single data security standard endorsed by Visa, MasterCard, American Express, and others.

Guidance will be fined (up to $500,000 per incident and $50,000 per month until PCI DSS issues are remediated). If Guidance was certified as compliant, the firm that did the work may be fined or prohibited from doing that work in the future. Guidance may be prohibited from accepting credit cards as a form of payment.

Guidance will also suffer from a loss of reputation. I would be reluctant to do business with a firm containing so many lawyers and security professionals who do not understand the basics of credit card data security.

It will be interesting to see the consequences for the leaders of this company. It seems that several of these individuals has some culpability in the series of decisions (or lack thereof) that led to this incident.

[wbenton]

They've done everything the wrong way!

Placing such information on web accessible servers is problem #1.

Problem #2 is that they themselves are a forensics tool maker and thus their tool should have alerted them of the hack as soon as it took place... not after a customer complains and they look at their logs to confirm as much. Maybe they don't check their own logs?!?!

Problem #3 is that they didn't immediately notify their customers of the breech of their customer's data.

Walt

[bayol]

SELL CVV , FULLZ , TRACK1&2, DUMPS , LOGINS .......!!!!!! (verified seller)

PRICE LIST:
1 Sock 5 live = 5$/5sock live
1 US visa= 2$
1 US master 4$
1 discover cc $6
1 amex cc $5
1UK visa/master = 7$
1 uk cc amex =$10
uk cc bin+post code=$12
1UK CC WITH BIN =10$
1UK CVV with DOB = 15$
plantium 50$
gold 40$
classic 30$
1000USD
tracks1 and tracks2 (jp,it,usa,au,uk) with good balances.
dumps:100$
gold:120$
platinum:150$
business:200$ when buy more me reduce
Avaliable uk bank logins
Alliance & Leicester
Lloyds TSB Bank
Abbey Bank
Northern Bank
Jodrell Bank
Avaiable usa bank logins
BOA,
CHASE BANK,
WAMU
WELSFARGO
WACHOVIA
HSBC

1 Ca CVV = 5$/CVV
1 CA CVV(Amex,dis) = 7$/cvv
1 EU CVV = 15$/CVV
1 EU CVV(Amex,dis) = 20$/cvv
1 US CVV full info = 30$/CVV

Euro CVV=$15 (FR IT GER ESP BEL)

paypal verified=$50


nation wide bank login $500 (£68,000.00GBP)
halifax bank login $500 (£30,000.00GBP)
lyods bank login $500 (£122,070.000GBP)
I have Paypal verifi balance > 20.000$
sell 2000$

ONLY::: LR & WU :::ACCEPTED
contact : son.jeff29@yahoo.com
icq 456411298 or meet me online for deals.
msg;son.jeff29