Slashdot Mirror

← Back to Stories (view on slashdot.org)

RealNames Customer Data Stolen

Posted by emmett on from the this-is-your-info-on-drugs dept.

Sc00ter writes "C|Net News reports 'RealNames, a company that substitutes complicated Web addresses with simple keywords, is warning its users that its customer database has been hacked, and that user credit card numbers and passwords may have been accessed.' Complete story here." Remember when NSI teamed up with Centraal, the creators of RealNames?

4 of 101 comments (clear)

  1. How to fix this problem by willey · · Score: 3

    The way to fix this problem, quite simply, is to never store the credit card numbers on a public server, or for that matter, any machine that is connected to the net. Before anyone whines that this is too hard to do, let me tell you -- I do things this way.

    There are a number of other bonehead things that many e-commerce sites to that are IMHO grossly negligent. The big ones:

    • home page is unnecessarily on a machine that has scripts or cgi enabled -- strip down Apache or use 'publicfile', a secure static content server
    • web server does double duty as FTP server, email server, name server, godknowswhatelse
    • failure to keep up with security patches

    Security: It's not that hard.


    Mark
    --

    Mark
  2. The perpetrator by Now15 · · Score: 3
    "The perpetrator was able to access customer records, credit card numbers and passwords. But Teare said there was no evidence that any credit card numbers have been used."

    "The perpetrator was able to access a stolen copy of Windows 2000 server. But Gates said there was no evidence that this criminal has actually installed it on his machine and fiddled around with the menu font"

    "The perpetrator stole a BMW from some old couple up in the hills. But Jones said there was no evidence the car had been used to do wheelies, or pick up chicks."

    "The perpetrator was able to get his hands on a very large amount of stolen hankerchiefs. But Smith said there was no evidence the hankerchiefs weren't sold at a ridiculously low price to a bargain basement store out in the suburbs."

    "The perpetrator was able to install Linux on his computer. But Linus said there was no evidence he has read slashdot."

    "The perpetrator was able to access customer records, credit card numbers and passwords. But Teare said there was no evidence that any credit card numbers have been used."

    --

    --

    Computers are useless: they can only give you answers. -- Pablo Picasso
  3. Re:Recent Security Attacks... by arivanov · · Score: 3
    Are all these attacks recently somehow related?

    Yes, they are related by the fact that:

    • Lots of companies have jumped on the Internet bandwagon without understanding what they deal with
    • Lots of companies who have been around for a while have grown to the point of "let's make exclusive agreements, long live marketing"
    As a result of both of these there is a lot of sites whose security is at best "relaxed". Worst of all some companies who used to deploy high quality equipment and personnel are dropping to inferior stuff due to the inability to maintain the quality in sight of quantity or even worse due to "exclusive marketing agreements". So the result is lots of dots (in guess which domain).
    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/
  4. Re:Recent Security Attacks... by voop · · Score: 3

    Are all these attacks recently somehow related?

    ....well, damm good question, I'll say yes. Not necessarilly because they're committed by the same group of people. But because they are DUE TO the same group of people. Yes, I am of course talking about the group of people, commonly known as "system administrators", "network administrators", the "IS-department" etc.

    Without casting blame on anyone, my general experience from all too many years as an independant consultant is, that most of the people in charge of managing security at various sites know next to nothing (if even that much) about what they are doing and what they are up against. I've seen horrifying examples from within the financial sector as well as the public health sector, which makes me everything but surprised when security is violated or sites taken down (sites being used in a more general term than "www-servers").

    It's probably not the network administrators who are to blame either - it's their managers and organization who are often clueless as to what is required and therefore hire the first the best guy who can spell "Windows NT" without making too many mistakes. Being a bit harsh - I know - but these days people are hired on "vendor certificates" (as in MCP and CNE) rather than generic skills - for example within networking or computers in general. Having completed a "vendor certification program", one surely must know the products one has been certified for. But that's (unfortunately) no guarantee that the person has the knowledge required to manage a network.

    As an example I've time and time again been surprised to see the amount of "MCP's" (and those "microsoft certified engineers" or what their title be), who had superiour skills when it came to managing their NT-boxes - but for whom solving even the simplest networking problems was impossible. Most people who've grown up with computers are very familiar with tools such as ping, traceroute, tcpdump and friends and know some of the working of the commonly used protocol stacks - and most of those new-born administrators are barely familiar enough with networks to know what an IP-address is.

    I know it is difficult to find people with good qualifications. I've been looking for some for clients for the past 2 years with little luck. Most applicants put up a blank face when presented with technical questions that goes beyond "point-and-klick". Yet they still get jobs in different companies....

    So yeah, I am not surprised....and yeah, those attacks are somehow related...

    Just my $0.02

    --
    -- "Life is a bitch - and she hates me..."