found on the pentesters list;
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
found on the pentesters list;
by R. DuFresne
::
Rate this Message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Seems relevant to recent discussions here; - ---------- Forwarded message ---------- From: security curmudgeon <jericho@...> Date: Jun 3, 2009 7:54 PM Subject: [Dataloss] Merrick Bank v. Savvis: Analysis of the Merrick Bank Complaint To: dataloss-discuss@..., dataloss@... http://infoseccompliance.com/2009/06/03/merrick-bank-v-savvis-analysis-of-the-merrick-bank-complaint/ Merrick Bank v. Savvis: Analysis of the Merrick Bank Complaint Posted on June 3rd, 2009 by David Navetta The Merrick Bank v. Savvis lawsuit has the potential to change the liabilty dynamic of the PCI regulatory system. The Savvis case is one of the first known instances of a payment card security assessor being sued by a merchant bank ( the merchant bank is a third party relative to the Savvis-CardSystems relationship). The Merrick Bank compliant alleges that it relied on Savvis certification of CardSystems as Visa CISP compliant (this matter pre-dated the PCI standard), and that certification was false. After CardSystems suffered a breach exposing up to 40 million payment card records, Merrick allegedly incurred $16 million in payments to the card brands (which was ultimately transferred to issuing banks who suffered losses arising out of the CardSystem breach). If Savvis is held liable (or even if this case makes it past motion to dismiss or a motion for summary judgment) it has the potential to significantly modify the relative risk of PCI qualified security assessors, and in turn modify the PCI regulatory scheme. This post discusses the two theories of liability alleged by Merrick: (1) negligence; and (2) negligent misrepresentation. [..] Thanks, Ron DuFresne - -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629 These things happened. They were glorious and they changed the world..., and then we fucked up the endgame. --Charlie Wilson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFKJ+bgst+vzJSwZikRAjeNAJ9c5X3tEqQfY7BaXI5T7SdpyJalMACcCHBz v74EaCfeStiJ/cH5WF+kfG4= =ESf9 -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards |
|
|
Re: found on the pentesters list;
by miedaner
::
Rate this Message:
If a provider is held liable ( which in my opinion - they should have some
skin in the game ) Then that opens up a line of litigation I thought should have started 10 years ago - holding security vendors liable for breaches related to their products, merchantability, false claims, negligence etc. I see the precedent being used for MSP's, Security Software vendors, maybe even software vendors in general. Could be a new line of work testifying as an expert witness concerning vendor due dilgence. Class action? People who have had identity stolen because of holes in IE browser? I think there is a cause of action and harm is easy to prove and link also. Which leaves you with, is my lawyer bigger than your lawyer. If I was a law firm I would get some experts, give notice and wait. -----Original Message----- From: firewall-wizards-bounces@... [mailto:firewall-wizards-bounces@...]On Behalf Of R. DuFresne Sent: Thursday, June 04, 2009 11:23 AM To: 'firewall-wizards@...' Subject: [fw-wiz] found on the pentesters list; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Seems relevant to recent discussions here; - ---------- Forwarded message ---------- From: security curmudgeon <jericho@...> Date: Jun 3, 2009 7:54 PM Subject: [Dataloss] Merrick Bank v. Savvis: Analysis of the Merrick Bank Complaint To: dataloss-discuss@..., dataloss@... http://infoseccompliance.com/2009/06/03/merrick-bank-v-savvis-analysis-of-th e-merrick-bank-complaint/ Merrick Bank v. Savvis: Analysis of the Merrick Bank Complaint Posted on June 3rd, 2009 by David Navetta The Merrick Bank v. Savvis lawsuit has the potential to change the liabilty dynamic of the PCI regulatory system. The Savvis case is one of the first known instances of a payment card security assessor being sued by a merchant bank ( the merchant bank is a third party relative to the Savvis-CardSystems relationship). The Merrick Bank compliant alleges that it relied on Savvis certification of CardSystems as Visa CISP compliant (this matter pre-dated the PCI standard), and that certification was false. After CardSystems suffered a breach exposing up to 40 million payment card records, Merrick allegedly incurred $16 million in payments to the card brands (which was ultimately transferred to issuing banks who suffered losses arising out of the CardSystem breach). If Savvis is held liable (or even if this case makes it past motion to dismiss or a motion for summary judgment) it has the potential to significantly modify the relative risk of PCI qualified security assessors, and in turn modify the PCI regulatory scheme. This post discusses the two theories of liability alleged by Merrick: (1) negligence; and (2) negligent misrepresentation. [..] Thanks, Ron DuFresne - -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629 These things happened. They were glorious and they changed the world..., and then we fucked up the endgame. --Charlie Wilson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFKJ+bgst+vzJSwZikRAjeNAJ9c5X3tEqQfY7BaXI5T7SdpyJalMACcCHBz v74EaCfeStiJ/cH5WF+kfG4= =ESf9 -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards |
| Free embeddable forum powered by Nabble | Forum Help |
