NETWORK WORLD NEWSLETTER: GIBBS & BRADNER
08/02/05
Dear networking.world@gmail.com,
In this issue:
* Net Insider columnist Scott Bradner says if he still had a
MasterCard he'd cancel and shred it
* Links related to Gibbs & Bradner
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Avocent
Network World Executive Guide: Security Evolves. Automation,
specialized 'ops centers' and more.
For network security professionals, keeping a safe distance
ahead of the worst the bad guys have to offer is a never-ending
race. This guide is designed to help with a collection of news,
analysis and product test reviews for practical how-to advice on
subjects ranging from patch management and spyware to promises
and risks of automated security services.
http://www.fattail.com/redir/redirect.asp?CID=109181
_______________________________________________________________
Each week, Network World columnists give you a larger
perspective, and help you make sense of the rapid changes in
networking by picking through the hype to find what really
matters to you and your enterprise. Network World would like to
offer you the leading source of dependable, accurate, timely
information you can rely on to make the best decisions - A FREE
SUBSCRIPTION to Network World Magazine - SUBSCRIBE TODAY AT:
http://www.fattail.com/redir/redirect.asp?CID=109074
_______________________________________________________________
Today's focus: Time to dump that MasterCard?
By Scott Bradner
Half of the shoes have dropped on CardSystems, but it's unclear
whether the others will. They should, and this company should be
shut out of the credit card-processing business.
Since I last wrote about CardSystems Solutions
<http://www.networkworld.com/columnists/2005/062705bradner.html>,
Visa has announced that the company would be barred from
processing Visa card payments as of the end of October. American
Express followed suit. But MasterCard seems to have decided to
forgive and forget and let CardSystems keep processing
MasterCards as long as it fixes its security soon.
In other words, MasterCard decided that business as usual was
just fine. Discover has not yet made up its mind about what it's
going to do.
The representatives of the credit card companies and the CEO of
CardSystems also testified at a congressional subcommittee
hearing on "Credit Card Data Processing: How Secure Is It?"
<http://www.networkworld.com/nlgibrad4261>. But nothing much new
seems to have come out of the hearing.
The prepared statement of CardSystems CEO John Perry
<http://financialservices.house.gov/media/pdf/072105jmp.pdf>
gives the chronology and details of the security breach, and
implies that the company will have to close if Visa follows
though on its decision to terminate CardSystems' authority to
process Visa cards.
Perry also stated it is clear that records of at least 239,000
unique credit cards were downloaded, records that had been
stored in direct violation of Visa and MasterCard security
standards. Visa makes it clear (six times) in a two-page FAQ
<http://www.networkworld.com/nlgibrad4262> posted on its site
that card holders are not responsible for fraud resulting from
these stolen card records, but mail order and Internet merchants
could be.
Individual card holders can be significantly inconvenienced when
their cards get stolen, because they may have to argue that they
did not make specific purchases and get new cards. As you might
expect, a class action lawsuit has been filed
<http://creditcardsmagazine.com/managearticle.asp?C=90&A=8788>.
I no longer have a MasterCard (my bank switched me to Visa
earlier this year), but if I did, I would cancel and shred it. A
lot of people believe that credit card companies have little
real incentive to fix security problems because they are
insulated from the suffering of the merchants and credit card
holders. Visa and AmEx have shown that, at least sometimes, this
may be a false assumption. But MasterCard has reinforced the
common wisdom.
CardSystems is a company that, by its own admission,
purposefully and with full understanding violated MasterCard's
rules and put tens of millions of credit card users at risk. If
this does not get MasterCard to act, I hate to imagine what
would.
CardSystems' Perry expressed surprise at Visa's actions. It
seems he would rather face the kind of penalty that the
Securities and Exchange Commission normally settles for, an
agreement to not be bad in the future. I'm also surprised at
Visa's actions - pleasantly so.
Disclaimer: You can't not be surprised at what happens at
Harvard - it's so large and diverse. But the university has not
expressed an opinion about shredding MasterCards, so the above
is my own.
The top 5: Today's most-read stories
1. Cisco vulnerability posted to Internet
<http://www.networkworld.com/nlgibrad4263>
2. Router flaw sparks battle
<http://www.networkworld.com/news/2005/080105-blackhat.html>
3. Researcher at center of Cisco router-exploit controversy
speaks out <http://www.networkworld.com/nlgibrad4265>
4. Black Hat event highlights RFID and VoIP security threats
<http://www.networkworld.com/news/2005/080105-blackhat-side.html>
5. Cisco nixes conference session on hacking IOS router code
<http://www.networkworld.com/nlgibrad4266>
_______________________________________________________________
To contact: Scott Bradner
Bradner is a consultant with Harvard University's University
Information Systems. He can be reached at <mailto:sob@sobco.com>
_______________________________________________________________
This newsletter is sponsored by Avocent
Network World Executive Guide: Security Evolves. Automation,
specialized 'ops centers' and more.
For network security professionals, keeping a safe distance
ahead of the worst the bad guys have to offer is a never-ending
race. This guide is designed to help with a collection of news,
analysis and product test reviews for practical how-to advice on
subjects ranging from patch management and spyware to promises
and risks of automated security services.
http://www.fattail.com/redir/redirect.asp?CID=109180
_______________________________________________________________
ARCHIVE LINKS
Gibbs archive:
http://www.networkworld.com/columnists/gibbs.html
Bradner archive:
http://www.networkworld.com/columnists/bradner.html
_______________________________________________________________
FEATURED READER RESOURCE
SIX TIPS FOR GETTING WHAT YOU DESERVE
Before you go in for your next annual review or promotion
interview, you would be wise to consider these tips for ensuring
you've got the right stuff to move ahead. Network executives
offer advice to help you gun for that next promotion and fatten
up your paycheck. Click here:
<http://www.networkworld.com/you/2005/072505-salary-side2.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at <http://www.subscribenw.com/nl2>
International subscribers click here:
<http://nww1.com/go/circ_promo.html>
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: networking.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment