|
|
|
Tracer Utility Is Likely Culprit In Visas Fujitsu POS Security Alert
By: Evan Schuman
2006-03-20
Article Rating: / 0
There are 0 user comments on this Enterprise Applications story.
Fujitsu claims Visa overreacted and it's up to customers to use credit-card software properly.A commonly used testing utility is apparently behind the security alert that Visa issued late last week claiming Fujitsu retail point-of-sale software may have a problem.
Shortly after Visa—the owner of the worlds largest electronic payments network—issued an alert warning retailers about security problems with POS software issued by Fujitsu Transaction Solutions, Fujitsu officials said the alert was inappropriate.
"I think the Visa alert that was put out was somewhat misleading" in that it implied all Fujitsu POS software has problems, said Ed Soladay, the FTS chief operating officer. "It was not fully correct in the way they put things" in the confidential advisory.
Soladay said—and a Visa official later confirmed—that the problem was not with the core POS package that Fujitsu sells to retailers, but with a free tracer utility that many POS packages include.
The utilitys purpose is for internal testing of the credit card transaction process and to help with identifying problems during installation and maintenance. It is intended "to be used in trials to fix any bugs that can possibly come up," Soladay said.
Soladay said Fujitsu instructs retail customers to be very conservative in how they use the utility. "When they do use these, they dont use them for very long," he said, adding that he tells retailers that it is especially critical that they "dont use it in a live environment for very long."
The concern is that such a utility could capture confidential credit card information, in violation of Visa retail security procedures, Visa said.
Visa issued a statement March 17 explaining its confidential advisory and summarizing its concerns.
"In instances where any point-of-sale software or modification of it has a potential to put cardholder data at risk, Visa issues alerts to its member financial institutions so that they can take action to prevent the storage of such data," the Visa statement said. "In this instance, we provided a confidential alert to a limited number of financial institutions advising them that a particular configuration of certain software could cause it to store cardholder data. We further advised them of the existence of a software upgrade designed to address the problem."
What is less clear is how the situation came to Visas attention, as both Visa and Fujitsu say that they are not aware of any security breach or data theft associated with this incident. One Visa official said it might have become known when a retailer using the utility engaged in a required security audit and that audit noted the potential problem.
A story about the incident in the March 17 edition of The Wall Street Journal said the Visa memo identified the Fujitsu software in question as RAFT and GlobalStore.
Soladay said the memo was so specific as to the version of the software used that it had identified the retailer involved because only one customer was using that software, he said.
"They listed a particular software version that is only installed" at one unidentified chain, Soladay said. "I think they picked on one client that is using our tracing utility in a live environment."
Soladay put much of the blame on the retail chain, saying that its not Fujitsus fault "if someone chooses to download a utility" or "make use of any utility that we provide."
Soladay added that Fujitsu sometimes will provide a copy of the TraceMon utility to customers who ask for such a utility. That apparently happened with this retailer, according to Soladay and someone working with Visa who asked that his name not be used.
The utilitys use in a live environment could "store inappropriate data," said the Visa official. "Thats the thing that the hackers are looking for."
"Every retailer uses logging in a different manner" and it can allow for "the retention of the full track data," which would include information that Visa prohibits being stored, Soladay said.
Visa said that a Fujitsu upgrade addressed the situation but that the customer—at the time—had not deployed the upgrade.
Retail Center Editor Evan Schuman can be reached at Evan_Schuman@ziffdavis.com.
 Check out eWEEK.coms for the latest news, views and analysis on technologys impact on retail.
|
|
�������x}r8s;�iW1ERw%uȖ\֔my,Uyc#�� IlS$l{'ˉ�.KrE��&DސH$#�I"f\8ܢd�C�3齿O$w��m��L�9UQ##3)9S]M�HwW3f�ө�P/�a���᳑(,�Q � tjOt0]2d�4
�lB|OoLP_ƾQ/?1M�Lb�q٨C�< tWü#~h#'@I�b(Ñh]
�(
)�w,8"a}c�$a��LD�>8�z�vur
n84�p;ڀrrV(�0��ݓ^w: /�y@α�{A~A~7"
DT-�jR,�͒DCa�OmdA�H{|T獒A7jy#R/Ջ�pT(*H.#=I-bv=ӧH0#ƌ^8RGb9v�mҹ�t��tNΎS$oIJ5<�jP�z 1�Je+5gxg_/:nN7ϗ�7vON{פ=�~q��5�0\68֪o~�n�vO]�3Q�&�ںa#j庤~Fb;�r!�||=!9Io'�?���پBds#$�7��ReQ
�oȱ�o>0@|Ӡd[�q,�
?n\S;G`hoX ^YKS�70���3�h�_?]#w��� a6F�@L5�\� ��a�#Xش�6�,%̛�ҁ>`I˪�2TY0�PH/g-
�5t*軬(If0;A0<^f/�_��\D�
3
p1S{n2�.S4�epv���^nVW͉:YX]uUjZnY?�iIw9yi
>_wڤջEo}쀊UbyƆƇ�j%",$��uuTSt,T+t�~~2,ՎJRWWL@�F�̶-a[ e u�5}y�̆>��:mNQ'm��51l;4d}t>�(>hhƋMriOM�r�Ӈt��u@�.~�{ͣn]?'tno7,AbG@��a`Ψ6r:D#m�|�&6��l�d�(4(s�ɹw[P&w&�zrt�cP���DE}�vĆY��' 6)�@}�>\���lmN3-mdZ`1 �5:%6�q�0y�zۢ�dQJdh����4.'P(AH �9k���� ���99^�
�ŊP^OH�X-VpD�m'8Ν3Tr X�K){T�Kh+�K@f:34YIJM�u]_�*ȉ#�m"0�9X����
,gZ
X��%ּ
f��
J
>�Ѥ73� K���ܺye�,@�PCb�;*6���O<�sy�
h? OuG�����+�Zsξ�S
:���j�R{`MLE2a==�%fQ/0}ԙQĠ3B�ZSOs�\| g:[6[�7˦�EI8��i]jk-�\<�W�7�Bɶ/²xcP66R(k��5Ӳ�=2P"
Cx�Ez҆C�C��Ss�m���_jA.R?>2ai;Z��K[�� �ʸA�nH� ~g�&�ʥ
ë�;q\�c/�zڽu@nZtq۱3 l0TN�#}0��;u��m
SM5,��vFEA=̔:Y[����^�|��@'��K |o2tJ.��k1sM^^��W�꺰']9�g!�A��0|p$'Z>�plZ`/R7&4wڳ�j�1���SQ_)+EUQH~�2��;2.eX �k��;g#�Of�Y�$�Ei.20y�(pE�5 �dj>'8o'<|�CX�E�~"}��i��lm��sm�"T0�|"�j*�VH0pl) �RUԒx�ZC@^~~���J%$]�4X2H�}=tǜ}h3ʫ�2�y����YV�j
ql�*Z�j
_�=>�2z�4Ebw�c�:1о�#]\V`Qa�SF=4F�X\odHЮ�$#SI3D#��w�%
'�L-n0LѽWKVg=�ib�gHo�m]�t@
�HQ.AqGs;OM���)�ӱ%NJt$�ҹ�D\S
j_awk�*�� :�A�
�Wt��Aݛ�,(D)yഩ�Z�.iYOS)%Vt u| `_�nM�=�=�WK�$
�Xu� 7
0�-�dqCUZQe߯y�bo^ ��Lj��B�GdD���#`(Tlo.1�X=H(T�g7gME]ac6U�{zn&�)ZmMӓU;4
cIۛ��oj-rF�Lk�s0�j(�Y��|;` rfVɍtNd_��&F}G��ϓG�
_�Fb&�T~��\yY�R�glס3i21玾V/ c�
׃nc>۹+a�*r6�_�?�K}�[L�@V1m0]��̞�̙�-m�dۨ�X9 2 GYdI.��|akR-֫`W�%�ʠ��K=� �j�;!�]8`�CҌp����^a?up�-49�I�(4܌�xϰL�'��Vqc?3 c�Cw�W��(1A���E6 w܆cyJV�~�ZgZ�qtt(+?�gX`ԧˁtںrg|�P�̾~xf�C ="gdzA�`�}݇4.�PЇ_eCR>"j-u/Z�;lb8K}��ރ4�
�`i4~DC�?JfWJ۫Vݽ(]whgA�py# @@W{ABh]^/~{(�9^vdcxޕx\#;�R%9!pUN:<�a�Sڎ6�N,#�Z_?8�I]�4+�a@ ձkN,�8�;鸐B3ZK���AE6�u8eVyy~¯nU���k~���
$��`��AQ���1@�kNF/ё�{k
D&-����bT�0_RJ�I"Q6#=)#�WYYsһnq3Klo�}AǯNd~N�Z-[I7S+d$
c=]Я8��݃�͟*VRm/w~@H�y�
�~9p_<#ppz e�n1�~x�A\}\��i�Ԏ(%4�\("��?m[=`��Rr���PR)%bz�&IZ;Űu͒:p<5GK2)!M�Op��|L�6,O&y=%lQZ`H�(+, W@/�%$f;��B:z{ �g�iMN.m2�jt/>6D2F��M`l)JZa!A|)J|
a=i@�� Rr;8%}@JVKM^c'�`|x�r�'|'xj��}yU�Y^K=t#j^uofܣ�ky~"ѴNxL�7Ď#^@(NVu2k#7x/�[_YN.t0o�C�9]#ޓd=tWc�L[ ;S>^�g�x9[�R��rЧxf"64NlyWy#Kx�ESrc��W}Ba8:ʳ/q1~<,�?4f8�ieo@Z5i]28�1L;_ |3�$?[0;#|&�~>x�GM{@uS意g�
ڝ9�k�rĸEl(=lKx?�Kҽ`;᧥}e��4r7tR*9$�DH�!HZ�zUw7}ʜ9%/+w|62��(�o��P2�tI�Js[gȞ�x~Kw�b�8�A�?'������wUv@z@pw�{geQJ=�q-@jjyJ\<~^]�䑼D�qD%��t`�5o��14L,*zj6;l=3����hL :�;x�r�?0G OV�x�ջ�3�\���P`-ݺ�ܭ1J��"i#ĠHߙs4rEs ��_5���4:a6r*|"�ZyVa�'8\}5�ߊ:"Y1!Ifm1ZP|=�ߎ93{K�4�/1kpߕ_So_Lo-)���Bsдg=.00yS�/7r�FK[�⹏^}l؏o%~!әi*2-]d�X-GaV/�au��}D.KxHG�K�L@uQ����i_óx~EXCZR_sv��lE.}|FsL5+);f�e�Rh4_Pϟ̡��eO!4Z*?&%z/t7dY�:S�>ű7̱S of�Y8�8�f�RJ�ɪ!�CBrU�^tꐬ$^"ǔON_�R G,k3�69��x
<>�Ř!`�e͢^04=s��kS�.MerU%B91R~v_tx9
z7�#��bd�'�Bb�Q '�Am
t!hh91]"k~��3&�6q`�6K`�M�6t3!��5̅H{>�;��KQqxMoLZ�d�S�qL�
�U!}v%�dtAbXɠ3I=��Z,E�7A?C�ܾ
Jo"%nRna���@c�voooo�.jJX^8LR[ѸI�fi�rr4L\_S�(�R�NB��\,)X�ʕ�tV~-:>At{�]𥫓�˦+��G�}���P�t5�f7w|aK�]���R+��/at4wN5�lSdgзщ�" S4�<� J�$I|�4�-p|[�V(1fY�#H xƏC>FCY7�79AKzAy77777777�w�ke.mAG[�FjR|EJx�іl?)ڮoᙩsH?Ϡ9�_:�Y�!҅/2p[]wKn`�=˃)TU៰}L}IUn@g~\ԟ:s�&
F$bY�-Ч�$M��f�l�b�h\ƁQV�3K�4?t�Ga/KC�ش��cK6�N/�
��:^�g� n3
0�ap�!�G����)���8/|mߧ MƟ�+�[/9c<װD
Wk~eX� ,ͳ
:3cpY_ۑ��bKe�cX�9<7ndf-%h&��gxX±J)?ؓ�7|�y3Ӿ"F4榒η0Jx=X{�8\so_ǹts4Wyt�C˙8jPcrf�f��ş-zK�6+㲭�j\�7{囐`/c�Gonx�H{i7&�@�R53h�~�d66&y2]^I�Iͽ?�m_(�a+m���-lY�[`cXĊ�E�0Jaۅqdy`�}V)mj�2/d�XΔy3U6�_�?��NFTˬ��{$Q1
ƹ�+}e",�k֖d7P2
aD�+o�p.|p��\:�=_}DŽ3\&9N&?�_WS"*l/L=mNM�o>o;*똈h�]=G?LrP�(��So\kE_A-ôhgϡ?6
���?5�fT�f8#nĽ���R?_+�-Oq\��dIw'yDdm�ߣ�B�Go�S�u&n[{쏉�T= ?
KS^t��l��oI?��tĕ'w �2~(�l!
<��5�ҥ=m=>v ��
.�O7<=��E�k)G>?�FװGU6^�ۏo��?
DŢW\7�= !�B(lǟ�8!q&�9pѰ���LX�8ߋ"%KRku�+N�t�c���[c�#UA2�AK5M.�*R!Ѥ�F)\�m1�]hs|YM13цX5�0y�f�DZGa�v̈́�7�Zzڽ9Z<�HsS587�Y}a�yr�OyFeE�8a|܉2*e��2CVmj|)5,\�H?\πJ*n�A4�`}"%mR$26VVPTjR;rC;��}��yjT�
fG@V0҆4xI܅9K.xԅ':�g�~drTUR#h -q1�
�Pч%[�sFy�(F<<}Q,턂r1Fӓ݊n>f?<�l �\�z9}x[Mw-=0w?;D�Ȁ %q|�п���{wn/1�~ۊ۫�6&K">��iә
�H
Wkn3r959S\mD��9,�#/ն�멑b�,9)�=KxfV-j5VG4K,2; �{2�
@�L5��m0�O�`߷b&,
<��s�Y�l�q1�j>
1>|6�ڄy���i$�YF�c
r'ǯ\Ixc#�k3du sF@Yj$>G��� ���&��Is|Bzhue��:}
d!/9kvk�o`#o�6�mAG��DGa"&N
,O ]TW 3 �J��:�\K:
+�{�G\n\�h[�:�L8!�iƂoFe_+E�cDTw/3OaD9P=SѥbX"�eR1��Q(pxi|��wN`n�O�KZ��
�5"���ccϙ�F$E�xL1fH'i֜iĄ~"![�J,/uz��< _z+?,Q�Y�
�G�3wأ4ϓ�}ޗ�Hm*��)vqU�@��y+��DL�͂zĂ![C1P?Rjs# a/x
` 3��u|``EP00��a|Lo?fQиOnF@ 33L�f;.
l9�:jT�@Lg�>�:ς؝)s)aR;2
x�:~0~0~�@���3��_a|_2�%�7P~U�{A7MF7@7�ug+\8=r �gs�z)W@^d_�~*%iFy�3YE�zvA�X^eR51
�/q>�{uk'�R+��]Q%|A}%kgF1nv�d�bCa��5KPe^ۛTjCGP�78%Y}MJ�4tk 7b[y�DYQI{R}tE��I>t�qLw��`
�nsOkr>u;�xvY^][��\�;Yo�[췡\2G/I>7��!fIM&π/N�&�~1gI+-}s�O�=
�%$Id�`m߂9o���9-Cc7Δ0π��g�ؠ+.Ġ/�>''4WB):3U\6
I7�T`'��;��Ǧ a4p%_ 7'쭰F����|m'�^1�PSFӽ"}ǚ�X?(ۄ)�mød{�«�&�k#�1,�{ԟ#1H
YY/�5p�twkd9HR�=�I�*4uMf�βْ����yn%0)%� �fKBl�PխVUS�P�= N_$�v�{5�W�?}�[D=$~5|o,Cwfc��S֒�_./gwcǁ�MzKo7j[��(&\`Fʪv\N^�T~7(B��4w^|7(6؆|%O�
ϻI_kR6�l j�P�|!�"ePީiˎ0��
m'#8�4C@x-J=p+@#
e`_0l`eh)f�Yձ
w��O 7�g}��^�ikŅ�>2z�dz�_Odxƪ~�axh=F=��d���M(I�S`i�/@�}^n�02)1�
<&�W Fc�?�dt;���b[p?>PE5f*R8WD
K�)YBAł?�Qg;kC`�t�2cQ�!*]^�x[9�@xeѵh_y�Q;�Y?]�m-1k8~m=fuG+U�rcdk�{f�:ePeX�l'�ᠢ׀5V`��92H�_S(|9N�]PnãÍGH�Ƹ[[�qy6`;Щ�1D\Nv�E9bꛦ\
�Ш�pKTؕE�l�d3^kgycD]Y>�;Ѝ
i�O1ngNb���*�φŀ�{̾16��Yf+1ݱOUt�g)�dv̅�2 !Nyyu~ҕ�^�)I&_cQd+8*)�ؐ�s���k`�bO��1,F�Lv7�@ '�Ɣ
ϰ"�� s+2�)��,�]�S'�>�z�~.^32e+[ЀH>Y;PE"�1w1�GN���=��_5>gvC�%�z1��~X0�~v1/�渲Y�>�e5rŤ�3a=�d>^}�]x�
O��gW�PRэX
-f�1!IDb88)ҡCCĚR!e´�#Tx 1L(�_3,�Y��7u!{x�ZyƋ{��El>�WNENE<<�*ID~y�)�V@��O{
|I"�:xqea
� V\r*���_;+wbA��<]�EC�RIPl��v,^>_hI:v'
AHdcZvc"ӳ/
.A|>hy6��x�L�
M4�jR&IL#;ob[�b$-�U.I])Պ[gv[W(~r[)�#U:M\"GZk/%!zRM�j39Q�/kG�sk&|��R2ұ=RZ`'l/Z6?IÍ�+��
|
Enterprise Applications 
