[Dshield] Another VA laptop missing.....
anonymous.squirrel at gmail.com
Tue Aug 8 20:34:02 GMT 2006
Maybe securing access to the records is not a good a solution as securing
the use of the credit records; in other words, no credit checks can be run
unless a unique, verified permission is received from the individual for
each credit check.
That solution avoids the specter of criminal penalites for actions where
criminal intent is not present, it avoids the economic cost of trying to
secure like data over a huge number of storage and processing facilities
(and comm lines), and it avoids the inevitable failures in the protective
strategy. Finally, it avoids the current hysteria which equates the loss of
a laptop with X numbers of individual's SSNs with a fraud against each of
those individual. The only downside I can see is that life will be harder
for those who want to close deals by pushing credit to those who may not be
able to handle it anyway. And that isn't so bad.
On 8/8/06, Frank Knobbe <frank at knobbe.us> wrote:
> On Tue, 2006-08-08 at 10:57 -0500, Allen Mundt wrote:
> > [...] If credit card
> > companies or larger financial institutions were held pecuniary liable,
> > the problems would be fixed in about 6 months.
> Doubtful since those fines would just be budgeted and result in higher
> fees for the consumer.
> No, what we need are *criminal* penalties (European Data Directive
> Once executives can no longer get away on those violations, but will
> have to serve time, then the security efforts may increase in favor of
> the consumer.
> It is said that the Internet is a public utility. As such, it is best
> compared to a sewer. A big, fat pipe with a bunch of crap sloshing
> against your ports.
> Learn from the founder of DShield how to secure your Internet presence
> with Linux, Apache, MySQL, PHP.
> Las Vegas, Oct. 2nd-6th 2006
> Details: http://www.sans.org/ns2006/description.php?tid=433
> (Brochure Code: ISC)
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list