>>
http://news.com.com/MasterCard+breach+hits+40+million+accounts/2100-1029_3-5751886.html
>On the 11 o'clock news report of this, Richard Holober of the Consumer
>Federation of California stated unequivocably that this data needs
>strong encryption. Deja Vu?
The thing is, encryption wouldn't have helped (going by the press
description of the CardSystems hack). Someone got a worm ("script")
installed on one of their systems processing credit cards, probably a
Microsoft Windows server judging by their job postings. Game over. CEO
John Perry is NOT enjoying his Father's Day.
That said, *everyone* is asking about encryption now. Tape, network, DASD
-- all of it. I have my own ideas about the "right" approaches here, but
what have you all found? Are you encrypting all your 3590s now so that
you can ship them via UPS? Are you adding MIPS for encryption? Are you
using crypto hardware? Upgrading to z990/z890 to get the new CPACF?
Encrypting some or all of VSAM and DB2 on DASD? Turning on TN3270E
SSL/TLS -- and installing emulators to support it (or switching to HOD)?
HTTPS? Encryption for MQ? CICS and IMS sockets?
- - - - -
Timothy F. Sipples
Senior Software Architect, Enterprise Transformation
IBM Americas zSeries Software
Phone: (312) 245-4003
E-Mail: [EMAIL PROTECTED] (PGP key available.)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
