php-windows Digest 9 Feb 2005 18:51:37 -0000 Issue 2568
Topics (messages 25545 through 25546):
Re: [PHP] Re: Storing CCN's Again...
25545 by: tg-php.gryffyndevelopment.com
PHP in IIS 6
25546 by: Jason Beaver
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Yeah, Richard's got it exactly right. Companies like Amazon NEED to have a
million precautions in place because it's not just the possible money lost to
their customers, but the excessive amounts of BUSINESS lost (and trust in
Amazon as a reliable and secure financial institution). One incident of the
credit card info leaking out can cost Amazon literally millions, even if it's
only one CCN and it never gets used fraudulently. Hell, just the RUMOR of it
happening can cost them way too much.
But yes.. no system is unbeatable. If you can't get directly to the CCNs, you
can possibly get to them further 'upstream' after they've been decoded. Or,
more common than electronic hacking, is for someone within the organization to
take sensitive financial statements without having to do any hacking, just
betraying the trust of their employers. The human is always the weakest link
in any security scheme anyway.
I wouldn't recommend anyone other than a highly trained professional (or
someone who's going to hire a professional to audit the system after it's
built) to attempt ot do something like store credit card numbers.
The idea behind security in this instance is to make the effort not worth the
payoff. Some hackers do things for the challenge and bragging rights, but
chances are, someone who's after CCNs is going to be selling them or using
them. So unless they're totally stupid or just bored and want a challenge,
they're going to be thinking about a couple of things:
1. What's the financial payoff for succeeding (either in selling the CCNs or
using them personally.. in either case it could be for the credit or for
identity theft of another kind)
2. What's the risk and possible penalties for getting caught.
If the payoff is greater than the risk (in their mind), then it's worth it.
If they can steal a couple thousand CCNs with one COPY command and spend 2
weeks, a month, whatever offline running a brute force cracking program that
will get them ALL the CCNs, then it's worth it. If you're using suitably
strong enough encryption then it could take them nearly forever to get the
info, but it's still not foolproof.
PGP, for example, produces very strongly encrypted data. But if someone has
your private key and a public key that's used to decrypt the data, then all
they have to do is run a brute force crack on the PGP passphrase used to
decrypt it. They're not attacking the data and it's encryption, they're
attacking the passphrase.
If you can decrypt the data, someone else can too... with the right tools and
keys and time.
Hell, you don't even need to get to the CCN data if someone can get in and pose
as a legitmate user and order products from your site using the stored CCNs.
That might limit what they can buy, but it's still someone using a CCN that's
not theirs.
Too much liability for my tastes. I'd purchase a pre-made, hopefully secure,
and guarenteed CCN management package or service.
People get real twitchy about money and bosses get real twitchy about their
employees creating stuff that can bring down the company due to lawsuits and
liability. C. Y. A. :)
-TG
= = = Original message = = =
[EMAIL PROTECTED] wrote:
>> Amazon store Credit Card Number in their databases. Are we saying that
>> someone could hack into their database server and steal the numbers?
YES!
Wasn't PayPal widely publicized as a victim of such an event?
Why would you think Amazon would be any better/safer?
No system is unbeatable.
So somebody *could* break in.
You can be damn sure they work really hard to avoid that.
>> Or
>> have Amazon gone far enough to protect their data?
How far is "far enough"?
> I supose they use a similar tactic as i have, and have a two way
> encryption
> method.
I suppose they do a LOT more than that.
They might, just as an example, have a network setup like this:
Seg 1 Seg 2 Seg 3
Internet <---> Public Servers <---> CC Processing Servers <---> CC Storage
Servers
Where Seg 1 and Seg 2 and Seg 3 are all on:
Completely different sub-networks
Completely different network cards
Completely different routers, hubs, switches
Completely different color-coded network cables
.
.
.
And, of course, they use two-way encryption of the data that *IS* on the
CC Servers, so while the secret decoder ring is on the CC Processing
Server, you'd have to break into CC Processing, get the ring, break into
CC Storage, and then apply the ring from CC Processing to the data in CC
Storage. Is this starting to sound like an Adventure Game or what?
They then severely restrict the source code and network access that can
work with Seg 3, with an EXTREMELY limited API, internal documented,
security audited, clean-room access, armed guards on all hardware setup,
etc
Instead of breaking into CC Storage with your secret decoder ring from CC
Processing, you can maybe find a flaw in the API of Seg 3, and sniff out
encrypted data to apply the ring, or even catch it after they decrypted
it.
The point is, you have to work much harder at it because of the segmented
architecture.
By adding an additional layer between the CC Processing and the CC
Storage, they reduce risk significantly.
All the CC machines (Processing and Storage) are in the armed guard locked
storage room for physical access to be severely curtailed. Duh.
But the CC Storage machines have an additional layer of software/network
blocks with severely limited software/network access to the CC Storage
area.
I'm not claiming they *DO* have this, but I'll bet whatever they do have,
it's at least that complicated, if not more so.
Or, even more likely, Amazon doesn't store the number! They let the BANK
that provides their CC processing services store the numbers. So then the
BANK has this kind of setup. Whatever.
This is just a description of what was explained to me on this very same
list several years ago as *ONE* industry-standard way to store CC Numbers
for later retrieval.
I'm not an expert, and may easily have left out some (okay a lot) of
crucial details.
If you're storing CC Numbers with *JUST* the 2-way encryption, maybe
you're doing it wrong. I dunno for sure, but *I* think so. Go hire a
professional security audit and find out.
YMMV IANAL NAIAA
--
Like Music?
http://l-i-e.com/artists.htm
___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
--- End Message ---
--- Begin Message ---
I'm running PHP 4.3.1 on a windows 2k3 server. I have a script that used to
work on my 2k server using CGI. When I use the ISAPI method under my 2k3
server the scrip appears to work fine but when it gets to a system() command
it doesn't do it for some reason.
Under the CGI method it gives me the "The specified CGI application
misbehaved by not returning a complete set of HTTP headers." error.
What the script does is it takes some data out of a database then formats it
into a print file called "prnfile" then I use "system('type prnfile > lpt4',
$result);" the result I get is "1". I have tried other commands in there in
the troubleshooting process I tried "dir" and it actually give me the
directory listing of the working folder so it appears that my code is
getting processed. I tried "echo test > test.txt" and that did not work.
This leads me to believe that the issue is with permissions, only I can't
figure out what it wants. I have tried giving IUSR full permissions on the
web folder, php folder, and cmd.exe, I have also tried giving write
permissions in IIS to the web site.
With both methods it does create the "prnfile".
anyone have any ideas if you need any more info let me know
--- End Message ---
