Free Online Article Directory. For Article Authors & Publishers
Have You Looked Under The Virtual Mat?
I wonder what the Japanese is for "when you are in a hole it's usually a good time to stop digging"?
I read the new Sony press release with some bemusement; the one with regard to the loss of 25 million further customer details from Sony Online Entertainment. The release had the following statement:
"information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained."
I wonder if Sony are aware of the Payment Card Industry Data Security Standard (PCI DSS) since they are very effectively stating their non-compliance. The PCI DSS control 3.1 states that cardholder data must be kept to a minimum and that a data retention and deletion policy must be implemented which involves a process for the secure deletion of cardholder data when it is no longer required. I would suggest outdated credit card databases fall fairly under this category.
Not only that but the PCI DSS Prioritised Approach categorises the 220+ controls into 6 Risk levels and control 3.1 is one of only 8 controls considered severe enough to be put in a Risk level 1. In these litigious days one can only assume that the Sony lawyers and Marcom staff who proof read this statement had been missing during the Security Awareness Training (Control 12.6, Risk level 6 )
On another tack with regard to this breach, I have been reading that Sony have said that in the original attack, that they couldn't be sure if the credit card database (the large one) had been stolen but in any case the entire database was encrypted.
This statement has been endlessly repeated - yet no-one that I can find has asked Sony the obvious question. "Did they take the decryption keys as well?" Because let's face it, if they got the keys as well, then the encryption is as useful to Sony and it's customers as the proverbial chocolate teapot.
Where were the decryption keys? Well this is a rhetorical question because I don't know - and let's hope that neither did the hackers.
However if you are smart enough to grab millions of card details from a large organisation's database and then find it is encrypted, you might just be tempted to wander back in to see if you can find a decryption key. Even worse, imagine if the key was stored in the database itself, or put in clear text into a configuration file, or left under the doormat (in a humorous virtual way ) - surely no one would do that. But then again, surely no-one would leave 100 million personal details lying around would they?
Free anonymizing proxies are readily available all over the Internet. There are shows that you install on your computer to access these proxies as well as there are proxies that you can access over a webpage.
VPN services use sophisticated technologies to provide anonymity and information protection for users. They make it possible for users in foreign nations to accessibility content that might be restricted.
On home computer networks, info can easily be protected by encryption. Encryption indicates changing the data by having a scrambled strand of nonsense.
VPN services are extremely common and there are quite a couple different providers offering you various variations of them. Of course, this begs the question: Why would I even require one of these services?
VPN services provide a method to protect the privacy. The fascinating thing regarding exactly how these networks work is that the privacy security carries out additional than you may think initially.
During this holiday season, is it better to give or receive? For identity thieves, it's neither; they prefer to take; and their latest hunting ground for victims is Facebook. Having surpassed 800 million users worldwide, there is plenty of targets on Facebook for crooks to go after. Knowing how they go about their schemes will help you be more informed about protecting yourself on Facebook.
Today we hear confirmation about a breach of the Sony Playstation Network with the loss of millions of account names and personal details and potentially the loss of payment card details such as the payment card number and Expiry dates, but excluding the security code.
Why is it: whenever there is a breach of a company's security it is always attributed to the work of sophisticated cyber criminals? Is this because it really does take a sophisticated criminal to breach an environment these days or do victims prefer to characterise the cleverness of the criminal rather than the weakness of the security environment?
Transponder keys becoming more and more technically advanced. The keys provide a signal between the key and the lock By using transponder keys and locks you can help prevent auto theft.
![[Valid RSS feed]](http://www.articlelisted.com/images/icon_Rss.png "XML Feed For RSS"){kind=icon}
Luben Solev's Author Feed
Print This Article
Add To Favorites 