Friday, August 14, 2009

Network Solutions Hacked, Thousands of Merchants and Cardholders at Risk


A data breach at Internet domain administrator and web host Network Solutions has compromised personal and financial data for more than 500,000 credit and debit cardholders. To add more pain to the breach, Network Solutions says it was PCI compliant at the time of the breach.

The breach was discovered in June, was the result of hackers planting rogue code on the company's Web servers used to host mostly small online stores, intercepting financial transactions between the sites and their customers. No further explanation of how the rogue code made its way onto the company's servers was available from Network Solutions. Network Solutions communications representative has no comment due to of the ongoing law enforcement investigation. Compromised data was captured between March - June in 2009, when the breach was discovered.

The last PCI assessment and certification of Network Solutions' networks was completed on October 31, 2008, as per Network Solutions spokesperson Susan Wade. The firm that performed the assessment was the Payment Software Company, a San Jose, CA-based qualified security assessor company.

The 4,000+ ecommerce merchant customers were notified of the breach on Friday, July 24, via an email and a letter sent via US postal service. Network Solutions provides service to more than 10,000 merchant websites. The ecommerce customers are mainly small businesses, mostly "Mom and Pop" type retailers spread geographically across the country. Wade says that Network Solutions has offered them help in contacting their affected customers. Of the compromised data, no fraud has been reported thus far by the four major credit card brands.

Network Solutions has hired TransUnion, a credit reporting agency, to work with it on behalf of its merchants, to contact their customers whose data may have been affected.
Affected merchants can visit www.careandprotect.com, the website Network Solutions set up for them to get more information.

PCI Security Council Weighs In

Just because a company has passed its compliance validation, it doesn't mean that the need for vigilance of security measures should stop, says PCI Security Standards Council General Manager Bob Russo. As for whether Network Solutions was PCI-compliant at the time of the breach, Russo notes, "Until a forensics investigation is completed, an organization can not comment accurately on its compliance status."

The announcement a data breach at Network Solutions underscores the necessity for ongoing vigilance of an organization's security measures, he adds. "Security doesn't stop with PCI compliance validation. As the Council has said many times, it is not enough to validate compliance annually and not adopt security into an organization's ongoing business practices," Russo states. A card data environment is under constant threat, so businesses must ensure their safeguards are also under constant vigilance - "monitoring and where necessary, ongoing improvement. A layered approach to security is absolutely necessary to protect sensitive payment card data - without ongoing vigilance or a comprehensive security strategy, organizations may be just a change control away from noncompliance," he says.

Validation to the principles and practices mandated in the PCI DSS plays an integral part in an organization's security posture, but basic monitoring and logging cannot be set aside after a security assessment is complete, Russo stresses. "Reports by forensics companies suggest that this is an area of weakness among organizations," he says. "An intrusion need not result in card data compromise if an organization is following the 12 guiding requirements of the PCI Data Security Standard."

WebCanDo offers a PCI compliance review service that will ensure your cardholder data and your merchant services are protected.

Sprint Wireless Broadband: Ranked #1 in reliability by EVERY major third party comparison in the past year.


By Denny Nunez - (Sprint Nextel)

More and more of our clients are looking to migrate their mission critical wired data connections to Fixed-wireless solutions. The main drivers for this are flexibility, decreased time to market, and potential cost saving versus low speed landline alternatives such as frame relay circuits. One of the key selection criteria in choosing a wireless data provider is connection reliability. Wireless Data Coverage does not do much good if it is not consistent and reliable.
Verizon claims that they have the most reliable wireless broadband network. Sprint claims we have the most dependable wireless broadband network. “Sounds like we are saying the same thing”. Who is truly the most dependable or reliable?

The most unbiased way to find out is to look at trusted 3rd party tests based on sound scientific sampling methodologies.

Imagine if McDonalds started to advertise that they make the best hamburgers in America. Imagine they say this claim is based on McDonalds hiring their own Market Surveyors (who receive a W-2 directly from McDonalds) and come to the conclusion after trying the hamburgers from Burger King, Wendy’s and others, that their employer, McDonalds makes the best hamburgers! (Surprise!)

Far fetched? No brand name company would ever do something so obviously biased and expect the public to believe it?

Verizon’s Most Reliable Claim

Let’s take a closer look at the testing methodology that is behind Verizon’s claim of having the most reliable network. See This Verizon press release which reveals what is behind their most reliable network claim:

http://news.vzw.com/news/2009/01/pr2009-01-27j.html

“Verizon Wireless’ team of real-life test men and test women drove more than 1 million miles in 2008 – the equivalent of two roundtrips to the moon or 40 trips around the world – to test the company’s and competitors’ networks. Data collected by these test men and women, who inspired Verizon Wireless’ iconic national advertising campaign, helped the company direct its multi-billion dollar network capital expenditure program and is the basis for the company’s “most reliable network” claim.”

Huh? So Verizon employed drivers in Verizon owned test vans with Verizon owned test gear decided that Verizon has the most reliable wireless data network!

Luckily, in the past year at least 6 independent reports have been released comparing the major wireless data carriers. They are all from trusted 3rd party sources such as Gizmodo, PC World, DSL Reports, Mobile Broadband Reviews, and the company behind our most Dependable Data Network Claim – Nielsen Mobile. 100% of these trusted 3rd party reports come to the same conclusions: Sprint has the most reliable data network!

1) Gizmodo
Coast to Coast 3G Data Test
http://gizmodo.com/5111989/the-definitive-coast+to+coast-3g-data-test
“Sprint is a serious contender in almost any location—and should be taken seriously as a 3G and 4G data service provider”

2) PC World: A Day in the Life of 3G
http://www.pcworld.com/article/167391/a_day_in_the_life_of_3g.html
“Sprint's results lent credence to its 'most dependable' claim…The Sprint network performed especially well, both in speed and in reliability, in our test cities”

3) DataOutages.com:
Sprint - Fewest data service outages of any major wireless provider
http://dataoutages.com/

4) DSLReports.com
Wireless Broadband Review
http://www.dslreports.com/gbu

Sprint Ranked #1 in Reliability among major wireless data providers

5) Novarum
Performance of Cellular Data Networks
http://www.novarum.com/novarum_blog/2008/12/performance-of-cellular-data-networks.html
“Sprint offered the highest performance with the greatest availability… For both ATT and Verizon, in about 25% of the locations with service - we could not get 3G service but rather fell
back to 2G service”

6) MobileBroadband-Reviews.com
2009 Wireless Broadband Comparison
http://www.mobile-broadband-reviews.com/wireless-broadband-reviews.html
Sprint Wireless Data Ranked #1 For Coverage and Reliability.
“ The following is not an overstatement. Sprint mobile broadband is one of the best 3G services you'll find out on the market right now. If you're a Wireless Broadband Exposed reader, you already know that they have the largest and best mobile broadband coverage. In addition to that, their average mobile broadband speed is better than Verizon and AT&T in a number of cities.”

EVERY single independent study I have seen that objectively looks at wireless data services comes to the same conclusion: Sprint has the best wireless data network and the most reliable wireless data network in the country.

We can proudly tell our customers: If reliability matters, choose the wireless data network found to be the most reliable by every major third party report. Choose Sprint Wireless Broadband.