[funsec] (Yet Another) Lost Ernst & Young Laptop Exposes IBMStaff
jpolazzo at thesportsauthority.com
Thu Mar 16 13:29:31 CST 2006
>*more* secure than leaving it on the central server and then accessing
>a VPN from a (possibly compromised) home computer.
Well, if you ask me... data such as customer's SSN#, and CC#, etc should
never be allowed to be accessed from outside the company. If you're not
on the corporate LAN, then no access. I'd even further lock it down to
subnets if it's possible.
Or better yet, have per transaction CC#'s that you can create when you
know you are dealing with a disreputable source (eg most everyone). You
could gen a CC# with enough credit to handle the current transaction.
This could work in the same way a private key generates a public one,
with the private key being your true CC# and the public key being the
per transaction number that has only enough credit for that transaction
and expires after, say X amount of time.
I already implement a form of this by having only one credit card, and
making sure it is maxed out at all times :-)
-JP (who thinks we should be able to request new SSN#'s whenever a
breach of security happens, at the expense of the company/govt-org that
(unwillingly)distributed it in the first place
More information about the funsec