Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Crost41103y@Demolishun I believe it is. You have to do a bunch of stuff to hold those details which is why a lot of people use a third party service just to get round it.
-
@Hazarth they aren't, but they have BACEN's (Brazilian regulator) authorization to act like a bank and be able to hold these types of information and receive transactions to be validated
-
Crost41103y@ChristoPy reporting it is the right thing to do but don't hold your breath. No one gives a shit until it's too late.
-
@Linux don't know, only that they are able to act like a bank
But we gonna force them to protect the data -
@Crost yep
Those guys are fucking millionaires
They don't give a shit to their app, they don't bother to protect the data, only to get money -
@Demolishun in Brazil it is, but laws towards tech are so vague and regulators are old as hell
-
C0D4682113yOh goody, another prime candidate of ass hats doing what ass hats to best.
If you were in any other nation, I'd say hit delete on all the cards and removing the logging code immediately.
Otherwise report them to the auditor and find another job, unless your local auditor is a spineless fucker, oh that case go back to my previous statement.
There is not one valid reason you could ever give me that you need the credit card information.
If you need to reuse the cards for legitimate sales / subscriptions then you use tokenisation instead. -
@C0D4 all responsible ones where in the call and are aware. We gonna force them to protect the data or we have the right to report
-
FFS.
Just sell the data on the darkweb for shitcoin or something. Make sure it is not traceable to you. Then make sure the newspapers get a hold of the sale info, and where the data came from.
Company goes flat broke, audited, and sued. Nobody buys from them anymore.
Nobody cares about the worst case scenario, until the worst case secnario goes down. -
@magicMirror dude, today I'm not this type but if it was like 5 years ago I would do it without thinking twice
-
satibel303y@johnmelodyme I've got 2 words to say :
First time?
Tbh that kind of news doesn't even surprise me anymore.
There was a dam control panel in france which was accessible on a freely accessible vnc connection a few years back.
government and large Industry/businesses it in a nutshell:
default passwords everywhere, vulnerable mission critical servers searchable on shodan up the wazoo, backups are probably an exotic dish...
I'm currently working on a contract where they hard depend on a server which has no backups and is hosted somewhere, by some unknown business.
Basically if it goes down, they close for a fairly long time and may not reopen.
But yeah hitting a nest like that on your own is probably scary. -
JsonBoa29243y@ChristoPy wasn't the Brazilian credit bureau hacked like six months past and they sold the entire fucking base in the internet? And people still keep plaintext DBs?!?!?!?
Damn. Backup the whole thing before the sleeper ransomware hatches. There is sure to be one by now. -
@JsonBoa whole bureau, IDs and selfies holding IDs of a bank, the ministry of health, the FUCKING MINISTRY OF JUSTICE
we are fucked up dude, no one cares -
So I worked for a POS company for a bit and handled their IT for their own stores along with developing features within their POS. They were scumbags too.
Some of the high level research I remember relating to PCI-DSS was each piece of the card must minimally live in separate C class subnets encrypted with separate keys.
It doesn’t take a security expert to see this is fucked… -
One month later, the database and the system are being abused: https://devrant.com/rants/5047721/...
Related Rants
Dude
The client has a giant database with all credit and debit cards
ALL INFOS IN FUCKING PLAINTEXT
THE CARD NUMBER
THE CVV
THE EXPIRY DATE
I'M SHAKING AF
rant
info
security
dumb client
credit card