
"soz about the credit cards"
Was there actually an apology? I watched this yesterday and didn't notice one.
Stratfor has restored its website to normal operation on Wednesday, more than two weeks after a hack attack by Anonymous that made the global intelligence analyst firm a byword for information insecurity. Members of Anonymous made off with stolen emails and credit-card data after breaking into Stratfor's chronically insecure …
"With the credit card information stolen, I assumed that the worst was done. I was wrong. "
In other words "We looked bad about the credit cards and I thought that was bad but at least it didn't affect me, then I found out they had fucked with my shit too and that was worse"
The loss of your customers data is the worst aspect of the situation as they are totally blameless and trusted you with that info, whatever happens to your servers etc is secondary to that.
Storing credit card details in an unencrypted form is against the merchant card program rules. It certainly is in Europe. Failure to abide by the rules (especially a failure such as this where data was stolen) can result in withdrawal of your card processing facility.
As for the CEO resigning, I guess he is just taking the behaviour of our leaders as an example. Nobody in any lofty position carries any responsibility. On the rare occasions that one is forced out by massive public protest (RBS for example), they still walk away with a "jolly well done" handshake measured in the millions.
Fred Goodwin, who contrary to the popular reporting by the media at the time, didn't walk away with a massive golden handshake. What happened was that he stayed on to help the new board take over (something which he in no way had to do) for a consultancy fee. This consultancy fee was put directly into his pension.
After all the shouting about it in the press, he gave the consultancy fee for his work back, but that was never reported, either.
However, the current people running RBS get more pay than Fred did and are shredding the company making tens of thousands of people redundant and shipping jobs off to India. Offshoring was something the previous management never did, there were redundancies when RBS took over NatWest, but there were also jobs saved as the then management stopped the branch closure scheme and callcentre offshoring.
Sorry, but lack of security isn't one of those problems that comes about with "rapid growth".
However, lack of security IS one of those problems that comes from employing id10ts with zero experience in the real world to build your website.
A quick look at their html source shows it was built with Drupal 7. Also, instead of building a template from the ground up, or even properly tweaking one, they have a tremendous amount of HTML code just commented out... looks like someone didn't exactly know what they are doing and were a little unsure of themselves. Gotta love Kids.
Wonder if they've bothered applying any of the patches...