|Home » Industry Watch » The Technological » Hall of Monkeys
Heartland Payment Systems
The highest standards, the most trusted transactions.
HEAD heartlandpaymentsystems.com / HTTP/1.0\r\nUser-Agent:Spike/2.0\r\n
HTTP/1.1 200 OK
Date: Thu, 20 Aug 2009 10:38:37 GMT
Cache-Control: public, max-age=11
Expires: Thu, 20 Aug 2009 10:38:48 GMT
Last-Modified: Thu, 20 Aug 2009 10:37:48 GMT
Content-Type: text/html; charset=utf-8
That's a good start. Let's be cruel here. It might be difficult but let's try anyway.
Heartland Payment Systems lost 130 million credit cards in North America. Read that again. 130 million. Try to factor what percent of the total population is affected. It's staggering.
Now not to assess blame prematurely but what does the above HEAD output tell us? It tells us these people are congenitally stupid. They're running a web server that's notorious for its unforgivable (and according to Gartner irreparable) security flaws, some of which remain as zero day exploits - meaning even Microsoft can't figure out where they are.
Now no one can know that 'ASP.NET' caused the breach. Not with the amount of information Heartland are going to reveal. But one can conclude two things unequivocally as in all similar cases.
- An intelligent corporation would be aware of the dangers with using Microsoft web software. An intelligent corporation would run Apache Stronghold over Linux on their web interface and (preferably) stick to non-Windows boxen in-house.
The fact they don't do this indicates they're both clueless and (very likely) lack the skill set amongst their techies to use anything but Windows. Microsoft software never increased security. That's for sure.
- No matter how the black hats get through the perimeter - and shit can and does happen on all systems - once they're through the perimeter and inside a Windows network there's nothing stopping them anymore. Nothing.
Windows has no internal security.
And yet these bozos forged ahead, handling 'OPM' and ultimately losing it. For 130 million accounts.
Insult to Injury
Heartland are classic bozos. Check this press release from Monday.
There you go. It's not a new breach. Repeat: it's not a new breach. So the 130 million cards they already screwed up - that's not happening again. At least for now. Everybody chill out. Thank you, Heartland.
The Highest Standards | The Most Trusted Transactions
Heartland's corporate tag line is 'The Highest Standards | The Most Trusted Transactions'. How can they get away with that considering what's happened?
What Heartland and all the Microsoft sycophants will try to do in this case as in all similar cases is deflect and divert your attention from the half-arsed amateurish security they have to the utter evilness of the hackers. In this case one 28 year old Albert Gonzales of Miami, billed by the DOJ as an international hacker, and two unidentified Russian hackers known only as 'HACKER 1' and 'HACKER 2'. Probably because DOJ keyboards can't do cyrillic and they can't pronounce the names anyway.
And they dare call this the work of 'global cyber criminals'? What about the criminal negligence of 'global cyber bozos'?
But ask yourself this. Postulate you buy a shiny new really expensive totally sexy sports car where the manufacturer gives you no indication their security system is flawed. And your baby gets stolen. And now you're raving mad and you are going for the thief. When suddenly someone points out the security in your stolen vehicle was worth shit and the manufacturer knew it.
Who are you more mad at now?
Bobby Carr, Chairman and CEO, Heartland Payment Systems: welcome to the Hall of Monkeys. After you do the washing up you're going to be taken to the computer workshop where you'll learn how things function outside the Redmond duck pond.