[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Credit cards

Subject: Re: [cobalt-security] Credit cards
From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
Date: Tue, 14 May 2002 19:27:12 +0000 (GMT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

JL> Date: Tue, 14 May 2002 07:28:29 -0700
JL> From: Jeff Lasman


JL> And how about a procedure in place to get those credit card
JL> numbers OFF the system on a regular basis so if it is hacked,
JL> you won't end up on the six-o'clock news.

The big thing is to ensure that any CC info that might be written
to disk is asymmetrically encrypted or randomly encrypted (a la
OpenBSD swap partitions).  Storing on a bastion system doesn't
hurt.

I'm writing something that even zeroes RAM where CC info was kept
after processing.  But, then, I'm paranoid.  (And, no, that's not
a plug.  We have no current plans to sell the software in
question.)


--
Eddy

Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.

Follow-Ups:
- Re: [cobalt-security] Credit cards
  - From: Jeff Lasman

References:
- Re: [cobalt-security] Credit cards
  - From: Jeff Lasman

Prev by Date: [cobalt-security] disjunction: www.cobalt.com/support vs ftp.cobalt.sun.com
Next by Date: Re: [cobalt-security] Credit cards
Previous by thread: Re: [cobalt-security] Credit cards
Next by thread: Re: [cobalt-security] Credit cards

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index