Re-read the information about the Target breach, and reconsider what I have said. This would not effect people outside of the US that do not use credit cards with magnetic strips. Its not just a matter of reading the strip directly, but as well as the technology involved in how that information is further processed.
Ken, please pick a point are you going to choose to argue against/for: Is it going to be adequate security; or is it going to be financially feasible security? -- Espi On Mon, Dec 23, 2013 at 7:27 PM, Ken Schaefer <[email protected]> wrote: > How do you know “they should not have happened”? Perfect security is, > pretty much, impossible. So, statistically, there will always be some level > of breaches occurring, including some level of severe breaches. How do you > know we aren’t at a level that makes monetary sense? Would you be prepared > to, say, halve your income (because prices are double), simply to have 5% > or 10% fewer security breaches? > > > > I don’t see how any recent serious breach is related to the use of > magnetic stripe media or re-use of stolen phones, so I don’t really > understand what you’re saying there. > > > > Cheers > > ken > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Micheal Espinola Jr > *Sent:* Tuesday, 24 December 2013 2:20 PM > *To:* [email protected] > > *Subject:* Re: [NTSysADM] RE: 40 Million CC breach at Target.... > > > > I can only assume they dont, since historically (generally speaking) there > have had serious breaches that should not have happened. I've been > involved with POS systems, banking systems, as well as various wifi-devices > - and for years, there's been a lot of foolishness. Business rarely does > what it should - and instead only does what it has to, or can financially > bet against. > > - Banking: We (the US) still allow a system that relies heavily on > magnetic strip media. > - Telco: We (the US) still allow a system were cell phones can be > stolen and reused. > > > -- > Espi > > > > > > On Mon, Dec 23, 2013 at 6:31 PM, Ken Schaefer <[email protected]> wrote: > > Your rant presupposes that there isn’t “decent security” already in > place. What evidence do you have that there isn’t? > > > > Cheers > > Ken > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *J- P > *Sent:* Tuesday, 24 December 2013 12:43 PM > *To:* [email protected] > *Subject:* RE: [NTSysADM] RE: 40 Million CC breach at Target.... > > > > /rant on > > I have one question that rings in the back of my mind, they (banks > creditors merchants etc..) charge all sorts of fee's, > sometimes i'have heard of fees larger than a bill thats due- > Why cant they take a piece of that to get some decent security into place? > > /rant off > > Happy holidays and a prosperous new year to all > > > > > > > > > > > Jean-Paul Natola > > ------------------------------ > > From: [email protected] > > > Date: Mon, 23 Dec 2013 08:10:19 -0500 > > Subject: Re: [NTSysADM] RE: 40 Million CC breach at Target.... > > To: [email protected] > > *>>**That's a pretty fair analogy - and both statements are true. On the* > > > > > > > *other hand, banking is much better understood - experience with banking > goes back hundreds of years, with concomitant expertise in many fields in > dealing with the risks in banking. The experience around computing is much > more shallow, and the risks are not as well known, nor has nearly as much > thought and practice gone into mitigating them.* > > > > > Okay, so how about when banking relies upon computing? Which risk profile > comes into play, then -- the hundreds of years, or the shallow > years/decades? > > Whether or not YOU use online banking, it is almost assured that your bank > provides it and that others are aware of its existence. Do you think that > your bank is providing such a service without any reliance upon 3rd > parties? Do you think that because you aren't using the online services > from your bank that your data would be unimpacted? > > (Hint: I'm sure that some of the people impacted in the Target breach, as > in the TJX breach before it, were *not* online users) > > > > > *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> > *Providing Virtual CIO Services (IT Operations & Information Security) for > the SMB market…* > > > > > > > > On Sun, Dec 22, 2013 at 10:31 PM, Kurt Buff <[email protected]> wrote: > > On Sun, Dec 22, 2013 at 6:59 PM, Andrew S. Baker <[email protected]> > wrote: > >>>Amazon's cloud is external to its customers - Amazon's staff, > > procedures and infrastructure are a risk to its customers. > > > > > That's as illogical a statement as the following: > > > XYZ Bank's technology infrastructure is external to its customers - XYZ > > Bank's staff, procedures and infrastructure are a risk to its > customers... > > That's a pretty fair analogy - and both statements are true. On the > other hand, banking is much better understood - experience with > banking goes back hundreds of years, with concomitant expertise in > many fields in dealing with the risks in banking. The experience > around computing is much more shallow, and the risks are not as well > known, nor has nearly as much thought and practice gone into > mitigating them. > > > >>>Except when suborned or perverted by money, patriotism or blackmail: > > > http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220 > > > > > And how does you maintaining your infrastructure on-premises, but having > to > > rely on 3rd party telecommunications mitigate the above risk in any way? > > It's not just that specific incident - that's but one example, and in > this specific instance, there was no remedy - trusted parties were > subverted, and the same can happen in other fields. I'm not arguing > for perfection here - just a recognition that complexity brings risk, > and that keeping things simple and under more control is usually wise. > > Indeed, for some businesses, especially small ones with no IT staff, > or very limited IT staff, going with a public cloud might make sense. > But if a business has good IT staff, I'd venture that migrating most > or all of their infrastructure to a public cloud isn't their best bet. > > Kurt > > > > >
