Computer Security Software Company Hacked: Credit Card Info of 3,800 Exposed

[Kristijntje]

Security and law enforcement professionals are appalled that their personal information has been leaked by Guidance Software Inc., a security software and training company they say should have known better than to leave an unencrypted database exposed on the Internet.

"I was shocked that a company like Guidance would be this sloppy," said Peter Garza, CEO of EvidentData, a computer forensics and network security firm that counts itself among Guidance's customer base.

full article: http://www.eweek.com/article2/0,1895,1904780,00.asp

[regic]

2 words: DUMB ASSES!!!  :

[bargainbloodhound]

[quote author=regic link=topic=1873.msg6572#msg6572 date=1135442248]
2 words: DUMB ASSES!!!  :
[/quote]

I'll second that  :  You'd think that a company that advises others on computer security would have the basic common sense to check the data in their database when they install an ecommerce app and make sure that credit card numbers, passwords, etc. are being encrypted.  : :

Many ecommerce scripts (especially the cheaper ones or older ones) don't encrypt passwords or credit card info when it is stored.  The easiest way to check is to use phpmyadmin/pgmyadmin/webmin, etc and look at the actual data in your database--if you see unencrypted passwords, credit card info--dump the script/program and go buy something else  because the money you'll lose by buying a new script is far less than the amount you could lose if you're hacked.

This wasn't your typical breach—this was a crime that Guidance customers described as being of national security proportions. The database contained credit card numbers of some 3,800 people, including investigative professionals from the NSA, FBI and CIA, as well as heads of law enforcement worldwide.

Did I already say I seconded the idea that they were DUMB ASSES for being so careless?