
Unencrypted Data Lets Thieves ‘Charge Anywhere’ - wglb
http://krebsonsecurity.com/2014/12/unencrypted-data-lets-thieves-charge-anywhere/
======
Groxx
A less useless title might help (though "Unencrypted Data Lets Thieves 'Charge
Anywhere'" is the article's title).

tl;dr, the first paragraph in the article:

> _Charge Anywhere LLC, a mobile payments provider, today disclosed that
> malicious software planted on its networks may have jeopardized credit card
> data from transactions the company handled between November 2009 and
> September 2014._

------
limaoscarjuliet
$5 says they used self-signed certificates, which are vulnerable to man-in-
the-middle attack. Funny how I have to explain it to customers and
implementation team that this will eventually happen.

~~~
th0br0
Why are they supposedly vulnerable? If you register your custom CA as
trustworthy + keep the important files offline, then you're just as well (or
badly) off as with a regular certificate.

------
nkantar
It seems that these data breaches are happening at a rate comparable to auto
industry recalls.

Or perhaps they're just getting publicized a lot more.

