- Security is quality under attack. Hard-won lessons in software security, from someone who built the programs and wrote the standards.
- HOME
- Management
- Security Breach at Unique Vintage
Security Breach at Unique Vintage
- Albert Zenkoff
- 2013-09-27
There is news that women’s clothing website Unique Vintage has sent notifications to the customers that the site has been breached and the customer information was exposed. What is interesting is that the website is fully PCI compliant, i.e. it follows all rules for security set forth by the credit card industry. And still, it appears, the credit card numbers, among other information, were stolen. And this went on for more than a year and a half before being detected.
There is no substitute for proper design and security diligence. Following the rules set in a book will only get you so far. The attackers do not follow any book strictly, so you should not.
- Management
- breach
- credit card
- customer information
- exposure
- news
- rules
- security diligence
- user information
- web
Albert Zenkoff
Security engineer and architect with 30+ years across Alcatel, Sony, Software AG, and Toyota. Started in embedded systems and telecom, moved through R&D, senior management, and back to engineering by choice.
Co-invented Near Field Communication (NFC) and authored 5 international standards for ISO, ECMA, and ETSI. Built enterprise security programs from zero twice, for Sony FeliCa and for Software AG (1500+ engineers, 100+ products). Patent holder in applied security automation, with a second patent pending for hermetic build systems.
I work across the full stack of security: application security, embedded systems, cryptography, supply chain, cloud infrastructure, and vulnerability management. My background in both engineering and management means I operate at the architecture level and at the policy level, whichever the problem requires.
advice attack authentication breach cloud cost costs Cryptography Development disk encryption economics embedded encryption general Google guidance hash hashing inevitability internet management mobile network news NSA Password password database password management passwords philosophy Physical security privacy protection quality rules security social society software software design software security technology user information vulnerability workshop