::PepperTech:: Security Management News Blog
Wednesday, January 16, 2008
Sunday, October 28, 2007
Art.com Hacking
Art.com Inc. said that recently a hacker illegally gained access to some of its customers' names and encrypted credit-card numbers for some transactions made on its Websites from July through September. More details here.Tuesday, October 16, 2007
Full body scan or "striptease"?
EPIC (Electronic Privacy Information Center) calls the full-body scans a virtual striptease. However, TSA claims that 79% of the public prefer the full-body scan! For one thing, I do not know where the TSA got the stats, but it appears as though people prefer to be stripteasers than just be padded down.
In all seriousness, I am glad that there are security checks, but are they effective and how does it affect the general traveller in terms of privacy, reasonable comfort and all such feel-good factors?
Tuesday, August 07, 2007
Saturday, June 16, 2007
Data Privacy Watchdog for India
India does not have strict data privacy laws. This has allowed for a huge number of security breaches in the recent past. Now, India has a self-regulated industry watchdog that is going to oversee data privacy in regards to offshoring. More details on silicon.com.Tuesday, April 24, 2007
Scalability in Compliance
Compliance is generally either towards internal requirements or to external regulations. And ideally, since there is no single way to interpret external regulations, corporates create internal interpretations of external regulations. So, in essence, you are complying with a set of internal requirements. That said, the universe of your requirements will be unique to your business. Lot of times you hear corporates whining about too many regulations that they have to comply with. However what one does not realize is the upshot that the ridiculous vagueness presetned by the regulations. That is, it allows you the wiggle room to interpret the regulations in multiple ways. SOX 404 interpretation in corporate A may very well be different from SOX 404 interpretation in corporate B. You can establish compliance to multiple regulations if you can establish a link between them and a singular industry standard (eg: ISO 17799 or BS 7799) that you want your corporate to follow. Most times, all of the regulations have a common denominator of security requirements that can be addressed by one industry standard. And if you align with the chosen standards, you can easily prove your alignment with the regulatory requirements as long as you have a clear mapping on the regulation to the industry standard and its applicability in your business. In summary, a) if your internal audit and security teams can distill the regulations into a universe of compliance requirements, b) map those requirements into an industry standard such as ISO17799 and c) implement processes in alignment to the established mapping, it would make your life easier, implementation more streamlined and compliance readily scalable to multiple regulations.Sunday, March 25, 2007
Basic rules while on the net...
Just in line with my last post for a layman user on being safe on the net -- please read this article.An additional note: Change the default user id and password on the router, and if you are an advanced user, put some physical address based filters on it. That way only the router will recognize only those computers that are on your network based on the filter configuration.
Gift card float fraud scheme
Customer data stolen from TJ Maxx had been in use in what the investigators call the gift card float scheme. See details here. Some of the things that you should do are 1) always verify your purchases either manually or using a tool like Intuit Quicken or MS Money, 2) notify your card company right away, and invalidate the card, and 3) set up alert on your credit report through. You can get information on all these through your bank. And many banks offer this for free to their clients.Enterprise Security News. Email at: peppertech *at* pepperthought dot com
recent entries
- Last Post... Bye Bye...
- Art.com Hacking
- Full body scan or "striptease"?
- Do not hack the hackers
- Data Privacy Watchdog for India
- BBC/Yahoo Hackday
- Scalability in Compliance
- Basic rules while on the net...
- Gift card float fraud scheme
- Security at offshore vendors
archives
- 06/01/2004 - 07/01/2004
- 07/01/2004 - 08/01/2004
- 08/01/2004 - 09/01/2004
- 09/01/2004 - 10/01/2004
- 11/01/2004 - 12/01/2004
- 12/01/2004 - 01/01/2005
- 01/01/2005 - 02/01/2005
- 02/01/2005 - 03/01/2005
- 03/01/2005 - 04/01/2005
- 04/01/2005 - 05/01/2005
- 05/01/2005 - 06/01/2005
- 06/01/2005 - 07/01/2005
- 07/01/2005 - 08/01/2005
- 08/01/2005 - 09/01/2005
- 09/01/2005 - 10/01/2005
- 10/01/2005 - 11/01/2005
- 11/01/2005 - 12/01/2005
- 12/01/2005 - 01/01/2006
- 01/01/2006 - 02/01/2006
- 02/01/2006 - 03/01/2006
- 03/01/2006 - 04/01/2006
- 04/01/2006 - 05/01/2006
- 05/01/2006 - 06/01/2006
- 06/01/2006 - 07/01/2006
- 07/01/2006 - 08/01/2006
- 08/01/2006 - 09/01/2006
- 09/01/2006 - 10/01/2006
- 02/01/2007 - 03/01/2007
- 03/01/2007 - 04/01/2007
- 04/01/2007 - 05/01/2007
- 06/01/2007 - 07/01/2007
- 08/01/2007 - 09/01/2007
- 10/01/2007 - 11/01/2007
- 01/01/2008 - 02/01/2008
other blogs
- scott lofteness
- lawrence lessig
- don park
- phil libin
- jonathan schwartz
- pat paterson
- nw fusion
- kim cameron
- id corner
- archie reed
- bruce schneier
- craig burton
- scott c lemon
- p.t. ong
identity management and pki
- computer associates
- sun microsystems
- oblix
- novell
- courion
- ibm
- identrus
- microsoft
- entrust
- verisign
- window security
- security documents
- tricipher
- thor technologies
- m-tech
- fischer int'l corp
- booleansoft
standards bodies
- oasis
- liberty alliance
- electronic authentication partnership
- www
- open authentication
- trusted computing group
