Fast, secure, cheap. Pick any two. -sc
-----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, April 01, 2012 12:11 AM To: NT System Admin Issues Subject: Re: Check your CC cards if you are holding a Mastercard or Visa, major breach announced 10M+ in cards On Sat, Mar 31, 2012 at 10:07 PM, Andrew S. Baker <asbz...@gmail.com> wrote: > http://finance.yahoo.com/news/mastercard-tells-banks-possible-security > -breach-154439326.html >From the article: "Processing companies ... are supposed to encrypt card information." Encryption does not address most of the active security threats out there. To quote Eugene "spaf" Spafford, "Using encryption on the Internet is the equilvant of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench." He said this over a decade ago, and it's even more true today. If the endpoints are very vulnerable, a secure link is worthless. FTA: "The illegal use of the data could be stymied if an online merchant asks for the three or four digits printed on a card known as the 'CVV code.'" It's a well-known maxim that security, like a chain, is only as good as the weakest link. Part of the problem with bank card security is that many vendors and stations employ a minimum of security. It does no good that only some vendors adopt stronger security; the bad guys know to use the weak vendors. From this follows a multi-faceted problem -- technology, cost, and people. Stronger security could be implemented (tech). But such measures would require wholesale replacement of merchant equipment and software (cost). People don't want to pay for real security most of the time (people). Those of us who would actually be willing -- even on an elective basis -- are too few to afford it on even an amortized basis. Unfortunately, I expect things will have to get much worse before enough people see the value in information security. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
