DVD Pacific have responded to security concerns

I thought I'd post the following email just received from the webmaster at
DVD Pacific, regarding security issues:

"We are extremely sorry to hear that you have been subjected to one of these
fraudulent transactions. We would like to let you know that these charges
are not only happening to customers of DVD Pacific. We have evidence from
others who are not our customers that this has also happened to them. A
report has been provided to the FBI.

We have taken steps to seriously bolster security in place at our web server
and this entailed initially engaging a forensic internet security specialist
to independently evaluate all aspects of our security and we have passed all
2000+ tests they ran and are now site certified by them. We also upgraded
our BlackICE Server Protection to monitor not only all inbound traffic but
outbound as well which would be effective in detecting Trojans or keylogger
viruses if ever managed to get by the inbound protection. BlackICE Server
Protection's intrusion detection capabilities automatically detect and block
malicious activities by monitoring all inbound and outbound traffic passing
through the server. We are instantly alerted of an attack, and can easily
identify the source and the method being used. Once an attempt is detected,
BlackICE Server Protection automatically blocks traffic from that source so
that the intruder is no longer a threat. BlackICE Server Protection also
provides exhaustive reporting on attacks common to servers, such as CGI
script access. Finally yesterday we also installed SecureIIST Web Server
Protection. Developed specifically for Windows-based web servers, SecureIIS
operates within Microsoft's IIS and actively inspects all incoming requests
at each stage of data processing to prevent potentially harmful network
traffic - whether encrypted or unencrypted - from penetrating our servers.
The server is now protected from damaging "known" and "unknown" attack
attempts. SecureIIS does not rely on a database of attack signatures, and
protects Microsoft servers by intelligently blocking entire classes of
attack methods.

The above further security measures should now ensure we have possibly the
safest e-commerce site online protected with the best presently available
technology. I understand your concerns that presently exist but I personally
wanted to assure you that we are doing everything we possibly can to
eliminate any and all inference that our site is not completely secure."

So it looks as if DVD pacific are being very proactive regarding this issue
and taking their customers comments very seriously, always the sign of a
professional and well run company.

cheers

--
Italo

Italo wrote:
snip I understand your concerns that
presently exist but I personally wanted to assure you that we are
doing everything we possibly can to eliminate any and all inference
that our site is not completely secure."

However a dodgy member of staff can easily access their database and sell on
the info or use it himself
--
Alex

"We are now up against live, hostile targets"

"So, if Little Red Riding Hood should show up with a bazooka and a bad
attitude, I expect you to chin the bitch! "

www.drzoidberg.co.uk
www.ebayfaq.co.uk

Italo wrote:
snip I understand your concerns that
presently exist but I personally wanted to assure you that we are
doing everything we possibly can to eliminate any and all inference
that our site is not completely secure."

However a dodgy member of staff can easily access their database and sell on
the info or use it himself
--
Alex

"We are now up against live, hostile targets"

"So, if Little Red Riding Hood should show up with a bazooka and a bad
attitude, I expect you to chin the bitch! "

www.drzoidberg.co.uk
www.ebayfaq.co.uk

"Dr Zoidberg" wrote in message ...
Italo wrote:
snip I understand your concerns that
presently exist but I personally wanted to assure you that we are
doing everything we possibly can to eliminate any and all inference
that our site is not completely secure."

However a dodgy member of staff can easily access their database and sell on
the info or use it himself

Exactly, which is the major chink in the armour of any online outfit. If you get stiffed, it shouldn't
matter anyhow as your covered. They really wont get too much money unless they hack someone's REAL
merchant details for a few hours & move the money real fast - not sure if it's possible!

Nige

"Dr Zoidberg" wrote in message ...
Italo wrote:
snip I understand your concerns that
presently exist but I personally wanted to assure you that we are
doing everything we possibly can to eliminate any and all inference
that our site is not completely secure."

However a dodgy member of staff can easily access their database and sell on
the info or use it himself

Exactly, which is the major chink in the armour of any online outfit. If you get stiffed, it shouldn't
matter anyhow as your covered. They really wont get too much money unless they hack someone's REAL
merchant details for a few hours & move the money real fast - not sure if it's possible!

Nige

"Dr Zoidberg" wrote in message
...
Italo wrote:
snip I understand your concerns that
presently exist but I personally wanted to assure you that we are
doing everything we possibly can to eliminate any and all inference
that our site is not completely secure."

However a dodgy member of staff can easily access their database and sell
on
the info or use it himself


True, but that could happen with any company, and not just an online store.

"Dr Zoidberg" wrote in message
...
Italo wrote:
snip I understand your concerns that
presently exist but I personally wanted to assure you that we are
doing everything we possibly can to eliminate any and all inference
that our site is not completely secure."

However a dodgy member of staff can easily access their database and sell
on
the info or use it himself


True, but that could happen with any company, and not just an online store.

Nige wrote:

Exactly, which is the major chink in the armour of any online outfit.
If you get stiffed, it shouldn't matter anyhow as your covered. They
really wont get too much money unless they hack someone's REAL
merchant details for a few hours & move the money real fast - not sure
if it's possible!

About six months ago I found a £400 bill placed on Ladbrooks on my
Barclaycard. Phoned up Barclaycard who stopped the card then and there
and sent me a new one three days later. A few days after that the £400
quietly disappeared from my bill. When I asked how the investigation was
doing they said it was ongoing and they couldn't comment further. When I
asked how come Ladbrooks would accept a cc transaction without any sort
of card or signature they declined to answer. But they did tell me they
suspected a DVD net retailer then as it was on the list of recently used
net sellers I'd provided them with. But not which one - I'd used a few
recently. Never heard anymore about it. Don't even know if the *******
won or not.

Regards

Mark

Nige wrote:

Exactly, which is the major chink in the armour of any online outfit.
If you get stiffed, it shouldn't matter anyhow as your covered. They
really wont get too much money unless they hack someone's REAL
merchant details for a few hours & move the money real fast - not sure
if it's possible!

About six months ago I found a £400 bill placed on Ladbrooks on my
Barclaycard. Phoned up Barclaycard who stopped the card then and there
and sent me a new one three days later. A few days after that the £400
quietly disappeared from my bill. When I asked how the investigation was
doing they said it was ongoing and they couldn't comment further. When I
asked how come Ladbrooks would accept a cc transaction without any sort
of card or signature they declined to answer. But they did tell me they
suspected a DVD net retailer then as it was on the list of recently used
net sellers I'd provided them with. But not which one - I'd used a few
recently. Never heard anymore about it. Don't even know if the *******
won or not.

Regards

Mark

DVD Pacific should invest in the services of a public relations company,
rather than let their geeky webmaster disclose more false claims, such
as "the safest e-commerce site online". Sorry, but I don't believe it.

Personally, I see DVD Pacific's responses as amateurish; especially the
blaming of customers, pointing fingers and posting of misinformation to
public forums.

It has confirmed what I have suspected for a while now - that many of
these "Internet DVD megastores" are under-skilled and ill-prepared for
running a secure, high-traffic online store. And especially for
responding to a crisis such as this. It simply isn't a matter of
getting a friend to do a site for you and hoping for the best.

B.