funsec mailing list archives

Re: Bank security

From: Mike Preston <mike () technomonk com>
Date: Tue, 09 Mar 2010 12:17:15 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just had a backup of a PCI DSS DB uploaded via anon FTP for a server
I'm working on. Can't get much more clueless than that considering that
they had:

- - a valid login to an alternative secure sftp server.
- - both my and their own GPG credentials to allow it to be encrypted.
- - over 10 years experience as a 'system administrator' responsible for
the companies PKI.

The only mitigating factor was that the upload directory doesn't allow
downloads, but it still went over the wire in the clear.

Mike Preston

chaim.rieger () gmail com wrote:

Just had a gov agency send me an email that contained private and personal info (not mine)

Called em on it and they went oops
Sent via BlackBerry from T-Mobile
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkuWPEoACgkQvhwPecbXDdzQ6gCePVJzFmC6X6mMfCP3MH2Ur/Ad
iUQAni09cSxF7uUXygbufZSKgfRwf7hm
=G5eE
-----END PGP SIGNATURE-----
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: Bank security, (continued)
- Re: Bank security Larry Seltzer (Mar 08)
  - Re: Bank security Tomas L. Byrnes (Mar 08)
- Re: Bank security Rich Kulawiec (Mar 08)
  - Re: Bank security Tomas L. Byrnes (Mar 08)
  - Re: Bank security Joel Esler (Mar 08)
    - Re: Bank security Rich Kulawiec (Mar 09)
    - Re: Bank security Joel Esler (Mar 09)
    - Re: Bank security Dave Paris (Mar 10)
- Re: Bank security chaim . rieger (Mar 08)
- Re: Bank security chaim . rieger (Mar 08)
  - Re: Bank security Mike Preston (Mar 09)