[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Credit card
- Subject: Re: [cobalt-security] Credit card
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Wed, 15 May 2002 14:03:29 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
dg> Date: Wed, 15 May 2002 00:29:58 -0700 (PDT)
dg> From: duncan gray
dg> So really the main issue is getting the information off the
dg> server as soon as possible, so if for some reason you were
dg> hacked, they only get 1 number, or none as youve already
dg> removed them. Do the credit card companies say you cant do
No. Encrypt the info using asymmetric encryption or a hybrid
(random symmetric key, with key asymmetrically encrypted, a la
PGP/GnuPG/SSL) approach. Store info on a _separate_ bastion
server.
Then, if someone cracks the webserver, they cannot decrypt
existing records. The encrypt/decrypt keys are different, and
always should be transmitted via a secure channel.
Note that if someone cracks the webserver they can still install
trojans, so you're not in the clear re new CC info. And if they
scan memory pages or swap partitions for certain regexps, such as
"([0-9]{4}[\ -]?){4}", you have a problem.
dg> this sort of thing? is it chiseled out in stone somewhere?
The lower the risk, the friendlier the merchant provider will be.
Anger one if you dare. Tell them you're storing unencrypted
info, and see what happens.
As Gerald (others?) pointed out, it's not much harder to do it
better... and, I maintain, not too difficult to do it right. If
one cuts corners on something as basic as encryption, what else
is lacking?
dg> I'm sure holding CC details on the server would be more
dg> secure then the office next door, where all some one has to
dg> do is brake a window(ok yeah just an example), take the
dg> reciepts. etc. Or just look over someones shoulder when they
dg> are making a payment somewhere.
How many x86-based RaQ admins running BIND-8.2.2p*? How many
type "the keys to the kingdom" over clear text on a shared
ethernet segment? How many use short passwords that are easily
guessable via dictionary-based attacks?
Given clueful administration, the server is more secure. But
that's a rather large assumption. What's really scary is how
many people don't even know the issues at hand...
--
Eddy
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.