Results 301 to 325 of 495
-
04-09-2009, 07:46 AM #301cout << m_subtitle;
- Join Date
- Jan 2007
- Location
- /dev/null
- Posts
- 3,700
0
-
04-09-2009, 08:13 AM #302Disabled
- Join Date
- Nov 2003
- Location
- Amidst several dimensions
- Posts
- 4,324
0
-
04-09-2009, 08:42 AM #303Web Hosting Master
- Join Date
- Apr 2004
- Location
- UK
- Posts
- 1,334
0
-
04-09-2009, 09:06 AM #304Web Hosting Master
- Join Date
- Aug 2000
- Location
- Sheffield, South Yorks
- Posts
- 3,627
Most likely time lost in having to cancel cards and to update any services/providers that have those card details for billing - anyone with FuturePay agreements or PayPal subscriptions etc. They don't update themselves.
What I can't understand is why after the first hack they didn't come clean and why on Earth they didn't either:
1) Delete the card details from the servers and backups
or
2) Encrypt them with asymetric key encryption (think PGP/GnuPG).Karl Austin :: KDAWS.com
The Agency Hosting Specialist :: 0800 5429 764
Partner with us and free-up more time for income generating tasks0
-
04-09-2009, 09:10 AM #305Disabled
- Join Date
- Nov 2003
- Location
- Amidst several dimensions
- Posts
- 4,324
and also dont forget that people may not be able to fight some of the charges they get fradulently. OR, they may be in payment period of the month/year, and due to the charges or chargebacks their cards that were going to be used in paying bills may be out of limit, or blocked. and they may experience serious problems.
0
-
04-09-2009, 09:36 AM #306Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
0
-
04-09-2009, 09:43 AM #307Retired Moderator
- Join Date
- May 2004
- Location
- Toronto, Canada
- Posts
- 5,105
I agree with pretty much all that you have written here but can I summerize it and ask a question?
Basically you are saying that he has said way too much already and exposed his company to legal action.
Now you are asking him to answer an even more loaded question before he gets advice from a lawyer?
I am no lawyer but my advice is for him and INET NOT to answer that question no matter how much I personally would like to hear the answer. Isn't this the same advice we would give anyone else on the board? Once they bring the lawyers out stop talking.CloudNexus Technology Services
Managed Services0
-
04-09-2009, 10:20 AM #308Web Hosting Master
- Join Date
- Sep 2006
- Location
- Cardiff - United Kingdom
- Posts
- 1,569
Oh yes, since a 5 minute phone call is worthy of legal compensation.
Suing over something like this seems stupid and greedy - in my opinion.
If the data was encrypted, the hacker was good. There'd still be a good chance that he'd find the encryption key and be able to unencrypt them.0
-
04-09-2009, 10:23 AM #309Web Hosting Master
- Join Date
- Apr 2004
- Location
- UK
- Posts
- 1,334
Exactly. I bet that no WHT member's time is worth more than what it would cost to pursue a lawsuit. The people talking about suing, lawsuits and reparations are only suggesting this out of principal, thinking way above their station, and are probably the ideal wouldn't-know-where-to-start-anyway candidate.
0
-
04-09-2009, 10:33 AM #310Web Hosting Master
- Join Date
- Sep 2006
- Location
- Cardiff - United Kingdom
- Posts
- 1,569
Yep, exactly right As you say, those threatening to sue are probably the ones who haven't got a clue how to do that effectively.
This has been a relatively big-deal and my details were on the list, but being immature and threatening to sue over "loss of time" (i.e. 5 minutes) is plain silly.0
-
04-09-2009, 10:41 AM #311Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
0
-
04-09-2009, 11:56 AM #312Web Hosting Master
- Join Date
- Jan 2006
- Location
- Athens, Greece
- Posts
- 1,481
This is crazy. It's OK to plug your card to buy advertisement to bring you customer,
but why not think at the moment if it's safe? You assume it's safe but then
if something happens you can not take responsibility.
You know people where you put your ... and your signature is your responsibility. Same with your card.
And for those who cry about the security, how do you keep your customers cards on your server?0
-
04-09-2009, 12:30 PM #313Web Hosting Evangelist
- Join Date
- Jun 2003
- Location
- Calgary, Alberta
- Posts
- 531
I think a lawsuit in this situation is a waste of everyone's time, but I think iNet HAS to be held liable for the damage done - if that is the violation of the TOS of the Merchant Agreement and the fine of $500,000 per provider, then that is a $2,000,000 dollar fine and that would certainly be justice served.
I think the way that iNet has handled this is inappropriate and I can understand why the Liaisons, Guides and Coordinator are doing their best to instate damage control, but the damage is done and a lot of members have lost trust in the way iNet does business.
Without members, there is no community and without a community their is no revenue for iNet - hopefully this is a wake up call to the business practices of iNet.
I am fortunate that I have another credit card to use until my canceled one arrives - but some people don't have that luxury.Jason (JC) Morris, Vice President - Technology
TechWest Hosting - Enterprise Plesk & cPanel Hosting Since 2003!
Shared & Reseller Hosting on Dell Quad Core 5420 Servers w/ RAID 10 in Multiple Datacenters!
Ruby on Rails, FFMPEG, Fantastico, RVSiteBuilder, RVSkins, Nightly Off-site Backups, Clustered DNS!0
-
04-09-2009, 12:34 PM #314Empowering Websites
- Join Date
- Mar 2008
- Location
- UK
- Posts
- 1,135
How do you know that his name is on the dump?
Shamil Nunhuck, - Radon Systems Limited
█ VPS + Dedicated Server Hosting and Management
█ vBulletin / XenForo Hosting and Services
█ Server / Website Consultation0
-
04-09-2009, 12:40 PM #315Web Hosting Master
- Join Date
- Sep 2006
- Location
- Cardiff - United Kingdom
- Posts
- 1,569
0
-
04-09-2009, 12:46 PM #316Web Hosting Evangelist
- Join Date
- Feb 2006
- Location
- San Francisco, California
- Posts
- 469
0
-
04-09-2009, 12:51 PM #317Web Hosting Master
- Join Date
- Mar 2008
- Posts
- 1,717
I too hate the lawsuit talk: it helps no one, and in fact only serves to reinforce the stereotype of "silly americans and their lawyers" (regardless of the nationality of those mentioning lawsuit).
I can pretty well guarantee that iNet will be in some way held liable for this mess, they don't need to answer the tough questions to be in the sticky situation because the same folks who drafted the PCI DSS aren't stupid. I'm curious as to who did the scan, because I'm pretty sure they won't be in that business any more, but I don't think we need 80 pages of demands for that information.
In a single sentence? "Not with the bloody CVVs!"
Your post is a completely inaccurate summary of the situation. Yes, even if the card numbers were encrypted, someone still could have stolen them because they had root on the entire machine; much like the password hash situation.
However, the manner in which they were stored is a clear violation of the PCI DSS - this has been said time and time again and doesn't need to be said again (in my opinion) unless someone such as yourself comes along and says that everything's okay.
Everything's not okay, why do we need to edge towards a triple-digit thread to come to this conclusion? I don't personally feel the need to grab my pitchfork and join the mob, because I'm confident the card companies will do that task for us. If they don't, then it's obvious that PCI DSS is a colossal waste of time and should just be abandoned, but either way no amount of ranting on iNet's own forum is going to change what's happened and what will happen as a result.
I'm not out for the blood of this forum, but I'm not going to pretend that everything is A-OK either... I'm just an interested third party who will watch from the sidelines to see where this goes. If you were affected and are out for blood, it's obvious that ranting in this thread isn't going to help. Lhiannon et al: those questions can't be answered by iNet - you should be directing them to your card company, so that they can direct them to iNet.
Overall, I've probably got enough minor appendages to count the number of productive posts in this thread. I fear that this post isn't among them, but do we really need to hear over and over again "you're not supposed to store CVVs" or "this isn't a big deal"?I used to run the oldest commercial Mumble host.0
-
04-09-2009, 12:55 PM #318Web Hosting Master
- Join Date
- Aug 2002
- Location
- London, UK
- Posts
- 9,039
Matt Wallis
United Communications Limited
High Performance Shared & Reseller | Managed VPS Cloud | Managed Dedicated
UK www.unitedhosting.co.uk | US www.unitedhosting.com | Since 1998.0
-
04-09-2009, 01:02 PM #319Hosting Billing Master
- Join Date
- May 2003
- Location
- California, USA, Earth
- Posts
- 1,098
I'm sure iNET will be held liable by the credit card companies. Unless you've suffered significant financial loss I see no reason to sue, credit cards can be replaced. Let's not take this as an opportunity to benefit.
With that said, I'm extremely disappointed that my credit card number was stolen, but more than that - The fact that it was stored in plain text, and that my CVV number was stored at all is completely unacceptable.
It's going to be a long time before I have confidence in iNET again, if ever.. I really don't see myself handing over any financial data again. This has turned out to be more than inconvenient.0
-
04-09-2009, 01:14 PM #320Web Hosting Master
- Join Date
- Mar 2009
- Location
- Texas
- Posts
- 942
Thanks Dennis. I hope you understand what I was saying. I am not personally attacking you in any way At least not trying to.
I would in no way shape or form want you to incriminate yourself, but, the damage in that department has been done. It's obvious from the tables it isn't encrypted, that right there is enough to beat you guys (IMO).
However, most people on here would not benefit from sueing iNET in any way shape or form. The legal fees alone would be horrendous compared to the compensation. If they have not cancelled their cards yet, they are starting to shift liability away (again, IMO)
We all know you guys are going to take a whack from the CC company's. And there really isn't anything that is going to stop that, no matter what is or isn't said. This post is more of a ramble .
Glad to see Troy is going to come out and say something, that is a good decision.0
-
04-09-2009, 01:21 PM #321Web Hosting Master
- Join Date
- Oct 2006
- Location
- /usr/src/linux/
- Posts
- 700
I really fail to understand why everyone keeps repeating the same statements over and over again.
What iNet did was wrong and illegal, they admitted it and took full responsibility, What more do you people want? What's done is done get over it.
A lawsuit would be ridiculous IMHO.█ VPSnoc.com offers high quality Xen® OpenVZ & Windows® Virtual Private Servers at affordable prices.
█ 99.95% Uptime | 24/7/365 Support | Unmetered bandwidth.
█ Follow us: twitter.com/VPSnoc
0
-
04-09-2009, 01:28 PM #322Web Hosting Master
- Join Date
- Apr 2003
- Location
- NC
- Posts
- 3,093
John W, CISSP, C|EH
MS Information Security and Assurance
ITEagleEye.com - Server Administration and Security
Yawig.com - Managed VPS and Dedicated Servers with VIP Service0
-
04-09-2009, 01:30 PM #323Junior Guru
- Join Date
- Apr 2005
- Posts
- 242
Oh .
Remind me why should we take responsabilty for the bad practices of a company out of our control?
Remind me again what sort of responsability should we take for this sort of crap?
Yes , is our fault that a goofy or a bunch of that sort, stored CC info in clear, forgot to REMOVE CC info as requested, managed to get hacked all the way, got wiped of all data, and now personal , financial and private data of some 200k members are public?
NO offence , but could you be so kind to guide me ?
Because I see "Community Guide" near your nickname.
I am pretty sure that your guidelines will be a milestone for meLast edited by Webfactor; 04-09-2009 at 01:33 PM.
0
-
04-09-2009, 01:40 PM #324Web Hosting Master
- Join Date
- Aug 2002
- Location
- London, UK
- Posts
- 9,039
However, most people on here would not benefit from sueing iNET in any way shape or form. The legal fees alone would be horrendous compared to the compensation. If they have not cancelled their cards yet, they are starting to shift liability away (again, IMO)
WHT needs to email ALL users of this forum again explaining the circumstances.
3 card numbers of ours were on the list I saw, and I got a single email today about a card number which was none of those 3!
iNET have failed to even get notifying people done right!!Matt Wallis
United Communications Limited
High Performance Shared & Reseller | Managed VPS Cloud | Managed Dedicated
UK www.unitedhosting.co.uk | US www.unitedhosting.com | Since 1998.0
-
04-09-2009, 01:44 PM #325Web Hosting Master
- Join Date
- Oct 2004
- Location
- Oneida, NY
- Posts
- 2,849
It's not a matter of a 5 minute phone call.
MANY of us use our debit cards and credit cards on a daily basis to pay bills, buy groceries, and shop online.
This negligent act by iNet will cause us:
1) Inconvenience of having to withdraw cash from the bank - waiting in long lines (can't use ATMs mind you)
2) Getting behind on bills with vendors because we have to wait 2-3 weeks for a new card. This can result in late fees, service disconnections, and all of that sort of thing...
3) Having to call each and every one of our vendors to update auto-pay...5 minutes times 30 vendors adds up.
Oh, so it's the customers fault for assuming that the website they put their credit card information on met bare minimum credit card storage guidelines?
Multiple layers of encryption, and without the CVV codes --- you know --- in accordance with PCI requirementsBig things coming soon0