funsec mailing list archives
RE: (Yet Another) Lost Ernst & Young Laptop Exposes IBMStaff
From: "Justin Polazzo" <jpolazzo () thesportsauthority com>
Date: Thu, 16 Mar 2006 12:28:30 -0700
*more* secure than leaving it on the central server and then accessing
it via
a VPN from a (possibly compromised) home computer.
Well, if you ask me... data such as customer's SSN#, and CC#, etc should never be allowed to be accessed from outside the company. If you're not on the corporate LAN, then no access. I'd even further lock it down to subnets if it's possible. ----------------------------------- Or better yet, have per transaction CC#'s that you can create when you know you are dealing with a disreputable source (eg most everyone). You could gen a CC# with enough credit to handle the current transaction. This could work in the same way a private key generates a public one, with the private key being your true CC# and the public key being the per transaction number that has only enough credit for that transaction and expires after, say X amount of time. I already implement a form of this by having only one credit card, and making sure it is maxed out at all times :-) -JP (who thinks we should be able to request new SSN#'s whenever a breach of security happens, at the expense of the company/govt-org that (unwillingly)distributed it in the first place _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: (Yet Another) Lost Ernst & Young Laptop Exposes IBMStaff Justin Polazzo (Apr 19)
- <Possible follow-ups>
- RE: (Yet Another) Lost Ernst & Young Laptop Exposes IBMStaff Justin Polazzo (Apr 19)