Attacks/Breaches
4/3/2012
12:38 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Global Payments Breach: Big Authentication Lessons

Weaknesses in knowledge-based authentication and mag-stripe are highlighted in security experts' examination of the breach that affected credit card customers.

Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
In spite of a Monday morning media conference call, details about the Global Payments breach that broke late last Friday remain sparse this week, but that hasn't stopped the security community from speculating about the potential lessons we might learn from this latest mega breach. Though the conjecture covers numerous angles, the thematic elements tend to converge on authentication: both at the administrator account level where many of these breaches occur, and at the card-holder level when transactions are processed.

According to a conference call early on Monday, Paul Garcia, Global Payments CEO and chairman, reported that early forensics reports from his company show the breach affected Track 2 data from approximately 1.5 million cardholders. He also claims only a small number of Global Payments servers were affected by the breach.

Beyond these few explanations, though, the details from the call were incredibly light and Global Payments did not field media questions following the call.

"He said none of their merchant systems were compromised. Well, then what was compromised?" asked Avivah Litan, VP and distinguished analyst for Gartner Research, venting her frustrations about the lack of details from Garcia. "Why do you tell us what didn't happen? Tell us what did happen."

According to Litan, her confidential sources tell her "a Central American gang broke into the company's system by answering the application's knowledge-based authentication questions correctly." At the same time, other sources told her that over the past few days that a yet-to-be-disclosed breach at a big New York-area taxi cab company could have had connections to the Global Payments breach. She also pointed to reports from Brian Krebs of KrebsOnSecurity.com, who first broke the story and who today mentioned that the company that hosts Global Payments website recently switched to Amazon EC2 and also that he'd been contacted by a hacker who claimed Global Payments end-to-end encryption was circumvented by an inside source.

Read the rest of this article on Dark Reading.

As businesses rely increasingly on tablets for the productivity benefits they provide, IT must address the security challenges the devices present. Find out more in our Security Pro's Guide To Tablet PCs report. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web