Reader Comments (rss)

(Flattened / Threaded)

1.  

   

   Mike, Feb 24th, 2006 @ 12:36pm

   
   

   No Subject Given

   Porn!

    

   [ reply to this | link to this | view in thread ]

2.  

   

   Jobe, Feb 24th, 2006 @ 1:27pm

   
   

   What about my rights

   Like privacy, and not having to worry if some hacker got my credit card number.
   How about Congress passing some law to make it mandatory that if a company "leaks" credit card information, they are responsible for any unwanted charges that are accrued on it, or that the company has a "comprehensive" security program in place if the company needs to have your credit card number.
   
   Wishful thinking.
   

    

   [ reply to this | link to this | view in thread ]

3.  

   

   emichan, Feb 24th, 2006 @ 4:14pm

   
   

   No Subject Given

   It seems like these judges don't really realize how much harm a malicious person can do if they have your personal information.
   

   
   We'll just have to wait until one of these companies is brought before a judge who's had his/her information leaked. Then maybe the judge will have a better idea of just how much harm these types of leaks can cause.

    

   [ reply to this | link to this | view in thread ]

4.  

   

   Warren A Hall, Mar 13th, 2006 @ 8:54pm

   
   

   Security wrist slaps not enuf. .exe them

   Security wrist slaps not enuf. .exe them Any organization that loses usable backup information to an outside "party" should be liable for every penny of subsequent individual consumer out of pocket costs plus a liberal allowance for pain and suffering, and a seven year aggregation of costs covering all components of identity theft, with minimal required proof of guilt of the organization by an individual (see below), plus a fee for preparation of auditable expense and loss reports (at professional accountant's rate), plus interest on all claims; all of which is to be paid within five weeks. Callous indifference or rank laziness leaves an organization open to the above claim, due to the simple acts and slight additional effort that makes the backup tapes/media useless to practically any but the operations group. It is only they who have access to the master log of backups which provide the media i.d., encryption key i.d. and a log of the fields of data-set content by backup media i.d. and other sequences as well. How and why penalties should be severe: I/P Department must do the following No tape or other media will have data-set name, department name, or user name on the outside of the media. The encryption key must be changed for each dataset. The data of any set is to be striped to backup; do in a raid format if practical. The I/P Department may select any vendor for the backup control system, the Raid process, the encryption service, and other management services. All output is to be compressed, either by the Raid operation, or by the backup program, All data sets are to be encrypted with 4096 bit keys, The systems group not exempt from any of the above requirements; that includes source code, compiled/object code, script files, j.c.l./job streams, et al. The use of raid technology, encryption, and backup management have always been goals of I/P, not just blue-sky. With this proposal as a goad, none will have any excuse for non-compliance, and with the features outlined above, practically no one will be able to "break" the security to see so much as a recognizable digit or name. Warren Hall

    

   [ reply to this | link to this | view in thread ]

Add Your Comment