Page 13 of 20 FirstFirst ... 310111213141516 ... LastLast
Results 301 to 325 of 495
  1. #301
    Join Date
    Jan 2007
    Location
    /dev/null
    Posts
    3,700
    Quote Originally Posted by JohnJ View Post
    Thousands of credit card numbers were leaked, and they shouldn't have been -- they were unencrpyted.
    Reminds me of LayeredTech getting their helpdesk hacked... I'd actually like to know how many companies encrypt all the customer data.
      0 Not allowed!

  2. #302
    Join Date
    Nov 2003
    Location
    Amidst several dimensions
    Posts
    4,324
    Quote Originally Posted by anon-e-mouse View Post
    Again, what exactly do you want from iNet? What's done can't be undone. So what do you want? A public lynching?
    maybe they want reparations
      0 Not allowed!

  3. #303
    Join Date
    Apr 2004
    Location
    UK
    Posts
    1,334
    Quote Originally Posted by unity100 View Post
    maybe they want reparations
    For exactly what losses?
      0 Not allowed!

  4. #304
    Join Date
    Aug 2000
    Location
    Sheffield, South Yorks
    Posts
    3,627
    Quote Originally Posted by Jamie Edwards View Post
    For exactly what losses?
    Most likely time lost in having to cancel cards and to update any services/providers that have those card details for billing - anyone with FuturePay agreements or PayPal subscriptions etc. They don't update themselves.

    What I can't understand is why after the first hack they didn't come clean and why on Earth they didn't either:

    1) Delete the card details from the servers and backups

    or

    2) Encrypt them with asymetric key encryption (think PGP/GnuPG).
    Karl Austin :: KDAWS.com
    The Agency Hosting Specialist :: 0800 5429 764
    Partner with us and free-up more time for income generating tasks
      0 Not allowed!

  5. #305
    Join Date
    Nov 2003
    Location
    Amidst several dimensions
    Posts
    4,324
    Quote Originally Posted by Jamie Edwards View Post
    For exactly what losses?
    Quote Originally Posted by KDAWebServices View Post
    Most likely time lost in having to cancel cards and to update any services/providers that have those card details for billing - anyone with FuturePay agreements or PayPal subscriptions etc. They don't update themselves.

    What I can't understand is why after the first hack they didn't come clean and why on Earth they didn't either:

    1) Delete the card details from the servers and backups

    or

    2) Encrypt them with asymetric key encryption (think PGP/GnuPG).
    and also dont forget that people may not be able to fight some of the charges they get fradulently. OR, they may be in payment period of the month/year, and due to the charges or chargebacks their cards that were going to be used in paying bills may be out of limit, or blocked. and they may experience serious problems.
      0 Not allowed!

  6. #306
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by bqinternet View Post
    Did the execs go home for the day during a disaster like this?
    Some people sleep. We're not all in the same time zone. I mentioned "office hours". I don't think we really expect anyone to stay awake 24/7. This is a new day, and we're getting back at it.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  7. #307
    Join Date
    May 2004
    Location
    Toronto, Canada
    Posts
    5,105
    Quote Originally Posted by HostLonestar-Randy View Post
    Dennis, you have admitted you work for iNET. You are the coordinator for the community. Your statements are as good as official statements from the company here (that is how pretty much any court would see it). You have already incriminated the company beyond repair should lawsuits happen. Troy has his name on the emails going out. Any sane CEO would prefer to do as much damage control as possible. The majority of users here will not bring a lawsuit. The chief executives have more important things to think about, like the future of iNET. How many people are going to trust WHT/iNET with their credit card information ever again?

    You guys have a much better chance of it if the Chief executives come right out and put a statement out about this. At least you guys will be able to appear to be taking it serisly. which is what is needed in order to attempt to save face.

    We all understand you were hacked. Most of us have been in the industry for at least a few years and understant that hacks are inevitable. We don't fault you for that.

    It's the fact that you guys were storing all the stuff you were storing when you shouldn't have been.

    All the proof needed to win a civil suit is in the file available for download and the statements made by you in this thread, which more than likely has already been obtained by anyonen looking to take legal action.

    I would really love to hear an answer ot Lhiannon's questions though
    I agree with pretty much all that you have written here but can I summerize it and ask a question?

    Basically you are saying that he has said way too much already and exposed his company to legal action.

    Now you are asking him to answer an even more loaded question before he gets advice from a lawyer?

    I am no lawyer but my advice is for him and INET NOT to answer that question no matter how much I personally would like to hear the answer. Isn't this the same advice we would give anyone else on the board? Once they bring the lawyers out stop talking.
    CloudNexus Technology Services
    Managed Services
      0 Not allowed!

  8. #308
    Join Date
    Sep 2006
    Location
    Cardiff - United Kingdom
    Posts
    1,569
    Quote Originally Posted by KDAWebServices View Post
    Most likely time lost in having to cancel cards and to update any services/providers that have those card details for billing - anyone with FuturePay agreements or PayPal subscriptions etc. They don't update themselves.

    What I can't understand is why after the first hack they didn't come clean and why on Earth they didn't either:

    1) Delete the card details from the servers and backups

    or

    2) Encrypt them with asymetric key encryption (think PGP/GnuPG).
    Oh yes, since a 5 minute phone call is worthy of legal compensation.

    Suing over something like this seems stupid and greedy - in my opinion.

    If the data was encrypted, the hacker was good. There'd still be a good chance that he'd find the encryption key and be able to unencrypt them.
      0 Not allowed!

  9. #309
    Join Date
    Apr 2004
    Location
    UK
    Posts
    1,334
    Quote Originally Posted by tristanperry View Post
    Oh yes, since a 5 minute phone call is worthy of legal compensation.

    Suing over something like this seems stupid and greedy - in my opinion.
    Exactly. I bet that no WHT member's time is worth more than what it would cost to pursue a lawsuit. The people talking about suing, lawsuits and reparations are only suggesting this out of principal, thinking way above their station, and are probably the ideal wouldn't-know-where-to-start-anyway candidate.
      0 Not allowed!

  10. #310
    Join Date
    Sep 2006
    Location
    Cardiff - United Kingdom
    Posts
    1,569
    Quote Originally Posted by Jamie Edwards View Post
    Exactly. I bet that no WHT member's time is worth more than what it would cost to pursue a lawsuit. The people talking about suing, lawsuits and reparations are only suggesting this out of principal, thinking way above their station, and are probably the ideal wouldn't-know-where-to-start-anyway candidate.
    Yep, exactly right As you say, those threatening to sue are probably the ones who haven't got a clue how to do that effectively.

    This has been a relatively big-deal and my details were on the list, but being immature and threatening to sue over "loss of time" (i.e. 5 minutes) is plain silly.
      0 Not allowed!

  11. #311
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by Coolraul View Post
    I agree with pretty much all that you have written here but can I summerize it and ask a question?

    Basically you are saying that he has said way too much already and exposed his company to legal action.

    Now you are asking him to answer an even more loaded question before he gets advice from a lawyer?

    I am no lawyer but my advice is for him and INET NOT to answer that question no matter how much I personally would like to hear the answer. Isn't this the same advice we would give anyone else on the board? Once they bring the lawyers out stop talking.
    Right. There's probably more we'd like to say, but only so much we can. Still, I'm going to have Troy address the community today with what we know.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  12. #312
    Join Date
    Jan 2006
    Location
    Athens, Greece
    Posts
    1,481
    This is crazy. It's OK to plug your card to buy advertisement to bring you customer,
    but why not think at the moment if it's safe? You assume it's safe but then
    if something happens you can not take responsibility.
    You know people where you put your ... and your signature is your responsibility. Same with your card.
    And for those who cry about the security, how do you keep your customers cards on your server?
      0 Not allowed!

  13. #313
    Join Date
    Jun 2003
    Location
    Calgary, Alberta
    Posts
    531
    I think a lawsuit in this situation is a waste of everyone's time, but I think iNet HAS to be held liable for the damage done - if that is the violation of the TOS of the Merchant Agreement and the fine of $500,000 per provider, then that is a $2,000,000 dollar fine and that would certainly be justice served.

    I think the way that iNet has handled this is inappropriate and I can understand why the Liaisons, Guides and Coordinator are doing their best to instate damage control, but the damage is done and a lot of members have lost trust in the way iNet does business.

    Without members, there is no community and without a community their is no revenue for iNet - hopefully this is a wake up call to the business practices of iNet.

    I am fortunate that I have another credit card to use until my canceled one arrives - but some people don't have that luxury.
    Jason (JC) Morris, Vice President - Technology
    TechWest Hosting - Enterprise Plesk & cPanel Hosting Since 2003!
    Shared & Reseller Hosting on Dell Quad Core 5420 Servers w/ RAID 10 in Multiple Datacenters!
    Ruby on Rails, FFMPEG, Fantastico, RVSiteBuilder, RVSkins, Nightly Off-site Backups, Clustered DNS!
      0 Not allowed!

  14. #314
    Join Date
    Mar 2008
    Location
    UK
    Posts
    1,135
    How do you know that his name is on the dump?
    Shamil Nunhuck, - Radon Systems Limited
    VPS + Dedicated Server Hosting and Management
    vBulletin / XenForo Hosting and Services
    Server / Website Consultation
      0 Not allowed!

  15. #315
    Join Date
    Sep 2006
    Location
    Cardiff - United Kingdom
    Posts
    1,569
    Quote Originally Posted by ct2k7 View Post
    How do you know that his name is on the dump?
    Some people have the list and can see his name on it
      0 Not allowed!

  16. #316
    Join Date
    Feb 2006
    Location
    San Francisco, California
    Posts
    469
    Quote Originally Posted by tristanperry View Post
    Oh yes, since a 5 minute phone call is worthy of legal compensation.

    Suing over something like this seems stupid and greedy - in my opinion.
    But that's the American way!!!
      0 Not allowed!

  17. #317
    Join Date
    Mar 2008
    Posts
    1,717
    I too hate the lawsuit talk: it helps no one, and in fact only serves to reinforce the stereotype of "silly americans and their lawyers" (regardless of the nationality of those mentioning lawsuit).

    I can pretty well guarantee that iNet will be in some way held liable for this mess, they don't need to answer the tough questions to be in the sticky situation because the same folks who drafted the PCI DSS aren't stupid. I'm curious as to who did the scan, because I'm pretty sure they won't be in that business any more, but I don't think we need 80 pages of demands for that information.

    Quote Originally Posted by Steve_Arm View Post
    And for those who cry about the security, how do you keep your customers cards on your server?
    In a single sentence? "Not with the bloody CVVs!"

    Your post is a completely inaccurate summary of the situation. Yes, even if the card numbers were encrypted, someone still could have stolen them because they had root on the entire machine; much like the password hash situation.

    However, the manner in which they were stored is a clear violation of the PCI DSS - this has been said time and time again and doesn't need to be said again (in my opinion) unless someone such as yourself comes along and says that everything's okay.

    Everything's not okay, why do we need to edge towards a triple-digit thread to come to this conclusion? I don't personally feel the need to grab my pitchfork and join the mob, because I'm confident the card companies will do that task for us. If they don't, then it's obvious that PCI DSS is a colossal waste of time and should just be abandoned, but either way no amount of ranting on iNet's own forum is going to change what's happened and what will happen as a result.

    I'm not out for the blood of this forum, but I'm not going to pretend that everything is A-OK either... I'm just an interested third party who will watch from the sidelines to see where this goes. If you were affected and are out for blood, it's obvious that ranting in this thread isn't going to help. Lhiannon et al: those questions can't be answered by iNet - you should be directing them to your card company, so that they can direct them to iNet.

    Overall, I've probably got enough minor appendages to count the number of productive posts in this thread. I fear that this post isn't among them, but do we really need to hear over and over again "you're not supposed to store CVVs" or "this isn't a big deal"?
    I used to run the oldest commercial Mumble host.
      0 Not allowed!

  18. #318
    Join Date
    Aug 2002
    Location
    London, UK
    Posts
    9,039
    Quote Originally Posted by Steve_Arm View Post
    how do you keep your customers cards on your server?
    In a compliant encrypted way, and without storing the CV2 value?
    Matt Wallis
    United Communications Limited
    High Performance Shared & Reseller | Managed VPS Cloud | Managed Dedicated
    UK www.unitedhosting.co.uk | US www.unitedhosting.com | Since 1998.
      0 Not allowed!

  19. #319
    Join Date
    May 2003
    Location
    California, USA, Earth
    Posts
    1,098
    I'm sure iNET will be held liable by the credit card companies. Unless you've suffered significant financial loss I see no reason to sue, credit cards can be replaced. Let's not take this as an opportunity to benefit.

    With that said, I'm extremely disappointed that my credit card number was stolen, but more than that - The fact that it was stored in plain text, and that my CVV number was stored at all is completely unacceptable.

    It's going to be a long time before I have confidence in iNET again, if ever.. I really don't see myself handing over any financial data again. This has turned out to be more than inconvenient.
    Blesta - The Billing Platform for Hosting Providers
    Client Management, Billing, & Support Software
    Trial - Demo | 714-923-7325 | Twitter @blesta
      0 Not allowed!

  20. #320
    Join Date
    Mar 2009
    Location
    Texas
    Posts
    942
    Quote Originally Posted by SoftWareRevue View Post
    Right. There's probably more we'd like to say, but only so much we can. Still, I'm going to have Troy address the community today with what we know.
    Thanks Dennis. I hope you understand what I was saying. I am not personally attacking you in any way At least not trying to.

    I would in no way shape or form want you to incriminate yourself, but, the damage in that department has been done. It's obvious from the tables it isn't encrypted, that right there is enough to beat you guys (IMO).

    However, most people on here would not benefit from sueing iNET in any way shape or form. The legal fees alone would be horrendous compared to the compensation. If they have not cancelled their cards yet, they are starting to shift liability away (again, IMO)

    We all know you guys are going to take a whack from the CC company's. And there really isn't anything that is going to stop that, no matter what is or isn't said. This post is more of a ramble .

    Glad to see Troy is going to come out and say something, that is a good decision.
      0 Not allowed!

  21. #321
    Join Date
    Oct 2006
    Location
    /usr/src/linux/
    Posts
    700
    I really fail to understand why everyone keeps repeating the same statements over and over again.
    What iNet did was wrong and illegal, they admitted it and took full responsibility, What more do you people want? What's done is done get over it.
    A lawsuit would be ridiculous IMHO.
    VPSnoc.com offers high quality Xen® OpenVZ & Windows® Virtual Private Servers at affordable prices.
    99.95% Uptime | 24/7/365 Support | Unmetered bandwidth.
    Follow us: twitter.com/VPSnoc
      0 Not allowed!

  22. #322
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,093
    Quote Originally Posted by DigitalLinx View Post
    I really fail to understand why everyone keeps repeating the same statements over and over again.
    What iNet did was wrong and illegal, they admitted it and took full responsibility, What more do you people want? What's done is done get over it.
    A lawsuit would be ridiculous IMHO.
    Welcome to the USA, where people sue if you look at them wrong...or perhaps if you do not look at them. You can sue for any reason you want, sure the lawsuit will get thrown out quickly but does not stop people from doing it.

    Everybody wants a quick buck nowadays...
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service
      0 Not allowed!

  23. #323
    Quote Originally Posted by Steve_Arm View Post
    This is crazy. It's OK to plug your card to buy advertisement to bring you customer,
    but why not think at the moment if it's safe? You assume it's safe but then
    if something happens you can not take responsibility.
    You know people where you put your ... and your signature is your responsibility. Same with your card.
    And for those who cry about the security, how do you keep your customers cards on your server?

    Oh .

    Remind me why should we take responsabilty for the bad practices of a company out of our control?
    Remind me again what sort of responsability should we take for this sort of crap?

    Yes , is our fault that a goofy or a bunch of that sort, stored CC info in clear, forgot to REMOVE CC info as requested, managed to get hacked all the way, got wiped of all data, and now personal , financial and private data of some 200k members are public?

    NO offence , but could you be so kind to guide me ?
    Because I see "Community Guide" near your nickname.
    I am pretty sure that your guidelines will be a milestone for me
    Last edited by Webfactor; 04-09-2009 at 01:33 PM.
      0 Not allowed!

  24. #324
    Join Date
    Aug 2002
    Location
    London, UK
    Posts
    9,039
    However, most people on here would not benefit from sueing iNET in any way shape or form. The legal fees alone would be horrendous compared to the compensation. If they have not cancelled their cards yet, they are starting to shift liability away (again, IMO)
    Not when there are still people who have not been notified.

    WHT needs to email ALL users of this forum again explaining the circumstances.

    3 card numbers of ours were on the list I saw, and I got a single email today about a card number which was none of those 3!

    iNET have failed to even get notifying people done right!!
    Matt Wallis
    United Communications Limited
    High Performance Shared & Reseller | Managed VPS Cloud | Managed Dedicated
    UK www.unitedhosting.co.uk | US www.unitedhosting.com | Since 1998.
      0 Not allowed!

  25. #325
    Join Date
    Oct 2004
    Location
    Oneida, NY
    Posts
    2,849
    Quote Originally Posted by Jamie Edwards View Post
    Exactly. I bet that no WHT member's time is worth more than what it would cost to pursue a lawsuit. The people talking about suing, lawsuits and reparations are only suggesting this out of principal, thinking way above their station, and are probably the ideal wouldn't-know-where-to-start-anyway candidate.
    It's not a matter of a 5 minute phone call.

    MANY of us use our debit cards and credit cards on a daily basis to pay bills, buy groceries, and shop online.

    This negligent act by iNet will cause us:
    1) Inconvenience of having to withdraw cash from the bank - waiting in long lines (can't use ATMs mind you)

    2) Getting behind on bills with vendors because we have to wait 2-3 weeks for a new card. This can result in late fees, service disconnections, and all of that sort of thing...

    3) Having to call each and every one of our vendors to update auto-pay...5 minutes times 30 vendors adds up.

    Quote Originally Posted by Steve_Arm View Post
    This is crazy. It's OK to plug your card to buy advertisement to bring you customer,
    but why not think at the moment if it's safe? You assume it's safe but then
    if something happens you can not take responsibility.
    You know people where you put your ... and your signature is your responsibility. Same with your card.
    Oh, so it's the customers fault for assuming that the website they put their credit card information on met bare minimum credit card storage guidelines?

    Quote Originally Posted by Steve_Arm View Post
    And for those who cry about the security, how do you keep your customers cards on your server?
    Multiple layers of encryption, and without the CVV codes --- you know --- in accordance with PCI requirements
    Big things coming soon
      0 Not allowed!

Page 13 of 20 FirstFirst ... 310111213141516 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •