Visa bars CardSystems from handling transactions
Visa isn't satisfied with CardSystems Solutions' efforts to fix security weaknesses that put the records of 40 million cardholders at risk for fraud. As a result, it will no longer let the processor handle its transactions.
"CardSystems has not corrected, and cannot at this point correct, the failure to provide proper data security for those accounts," Tim Murphy, Visa's senior vice president for operations, said in a memorandum sent to several banks and obtained by The New York Times. "Visa USA has decided that CardSystems should not continue to participate as an agent in the Visa system."
Visa made the decision after a review and an independent investigation found the payment processor had improperly stored cardholder data and did not have the proper controls in place, the New York Times reported. Cardholders and merchants should not be affected by the change, the report added. It remains to be seen if MasterCard and American Express will follow suit.
Mozilla patches require another fix
Less than a week after Mozilla patched a series of security holes in Firefox and Thunderbird, it has issued yet another fix to repair non-security glitches those patches caused.
Mozilla blogs had been buzzing that another update was on the way:
"Just days after the releases of Mozilla Firefox 1.0.5 and Mozilla Thunderbird 1.0.5, it appears likely that 1.0.6 versions of the two applications could be coming as early as next week," the MozillaZine blog reported. "It is understood that API changes in 1.0.5 unintentionally broke some extensions" built by third-party developers. Enigmail PGP software -- which provides e-mail encryption, among other things -- is apparently one of the applications that won't work in Thunderbird 1.0.5.
But Mozilla moved a bit faster than expected, announcing the availability of Firefox 1.0.6 Wednesday.
The fixes had apparently held up work on foreign-language versions of Firefox and Thunderbird, to the chagrin of some of the developers.
"Many localizers are not happy with the situation," MozillaZine said. "Some have complained about the lack of clear information given by the Mozilla Foundation and expressed concern that their users are vulnerable to several publicized security flaws."
Multiple flaws in HP Tru64 Unix
Attackers could exploit multiple security holes in HP Tru64 Unix to cause a denial of service, the French Security Incident response Team [FrSIRT] said in an advisory.
"These flaws are due to an error when processing specially crafted [Internet Control Message Protocol] ICMP error messages, which may be exploited by attackers to inject arbitrary data into a [Transmission Control Protocol] TCP stream [blind data injection attack] or cause arbitrary TCP connections to end prematurely [blind reset attack]," the advisory said.
Danish Security firm Secunia issued its own advisory saying the flaws "can be exploited by malicious people to cause various types of DoS [Denial of Service] or spoof TCP traffic." Secunia said the solution is for users to apply the ERP kits Hewlett-Packard has made available.