I'm confused as to why they actually needed to ask. Don't they have the ability to peek into the direction, ports/protocols and external addresses being used during transfers? I mean, if they can see a bunch of traffic on ports 568 or 119 from "newshosting.com", they can safely assume the user is leeching from a Usenet server, for example. I have to think there's at least one person who works for the ISP capable of running WireShark on a mirrored port and able to make sense of the data. Is it a privacy thing?

I completely agree and would mod you up if I had any points; Humans have accomplished these mile-stones (or baby steps?) and it shouldn't matter, over all, who has the biggest dick. Competition is a fantastic motivator, but shouldn't be the main purpose for advancing our species.

No one runs from you Petey, they just walk away from the ridiculous bullshit you spew. It is kind of nice to see that you're still using phrases like "ad hominem", "sockpuppet" and "P.S.=>", however.

And yes, I am attacking you on a personal level. I don't need to say anything about your completely ignorant statements regarding hosts file usage or the one program you wrote 10 years ago...plenty of people on the interwebs do that for me. I'd rather point out what a loser you must be to troll every forum (the ones you haven't been banned from, anyway) looking for anyone who might have the audacity to dare speak negatively of you so you can then reference multiple 3-year old posts and the names of anyone who have done you wrong (you act like a pissed off girl mad at her cheating ex-boyfriend the way you do that, BTW).

Oh well, at least you've provided me with some entertainment. :-)

Oh. My. God. I just laughed so hard I farted. It does my heart good to know that even after many years here on /. that douche bag is still the butt of jokes.

I have no interest in looking smart to anyone here just like I would have no interest in looking ethical. If I'm the owner of a company and have the ability to make more money by taking advantage of a loophole in whatever system, then I'm going to do it. Unless there's a legal punishment, then why not? If I don't then someone else will and in the business world the advantage goes to whomever does.

Unfortunate as is may be, nice guys usually do not finish first. Sorry.

I can't decide if the people who took advantage of the ranking system are to blame, or if the system itself is. I certainly can't blame anyone for trying to inflate numbers by utilizing a loophole left by Google or YouTube; I would probably do the same thing if it meant making more money. Even though I'm glad that Google and YouTube closed the "vulnerability", it does lend fuel to the idea that we're really just seeing the Internet that Google wants us to see.

It's not like they hacked the website to post links for Goatse and Lemonparty; they did so to remove the anti-American/European propaganda and replaced it with the truth about the horrible acts of violence bestowed upon those civilians by Al-Qaeda. But I guess it's their right to kill innocent people in the name of some imaginary fairy in the sky, and we should just mind our own business and stay the hell out of their country and off their servers.

Say what you want about the political aspects or reasons to "invade" or not to...I don't give a shit about any of it, but there's nothing that makes it OK to harm innocent people and then lie about it. Much of the indigenous population supports Al-Qaeda because of they're simply not aware that the terrorists cover up their own disgusting actions.

Oh, so it's a semantic argument you want, is it? No thanks, take a stroll elsewhere, please.

FTFY

From the PCI Security Standards Council "PCI Data Storage Do's and Don'ts":

Do not store any payment card data in payment card terminals or other unprotected endpoint devices, such as PCs, laptops or smart phones

And

At a minimum, PCI DSS requires PAN to be rendered unreadable anywhere it is stored – including portable digital media, backup media, and in logs.

Based on that information, I would say that PCs and, certainly in this case, game platforms (since the Xbox is really just a PC) would fall under the "endpoint device" category. Especially since the end-user has no control over whether or not that information is stored on their device because only Microsoft can alter the code that allows or disallows the storage.

Fortunately "reasonable" doesn't have to come into play here. PCI auditing standards exist so the human fallacies (potentially) of reason and common sense are mitigated by explicitly defined controls that anyone who deals with credit cards at all must adhere to. Someone like Microsoft, thankfully, would probably be even more scrutinized by auditors, not only because they are Microsoft, but because Microsoft would want to make sure they are compliant.

That being said, PCI, in part, states that credit card info must never be stored, cached, saved...etc., in any device that is directly accessible to the customer or attached to the vendor's network unless sufficiently encrypted with even more controls guarding the public and private encryption keys. Basically, no XBOX should ever store credit card information, only account information at the very least. Even then, the credit card info that CAN be saved on Microsoft's servers can contain the CC number, cardholder name, service code and expiration date (cardholder data), but it CANNOT store the PIN, magentic stripe data or CAV2 code (card authentication data).

I did mean that, thank you. That's what I get for posting at quitting time...

Off-topic I know, but it's funny to go back and view Apple's website from 2001 when they first released the iPod. They talk about how "ultra-slim" this thing is at over a quarter-inch thick. What is it now...like 7 mm?

Excellent point, although I was speaking specifically about the release that a patient has to sign before having their records faxed over to another provider. There would have to be another type of approval set in place to allow a doctor to access the information, or some type of override by emergency workers in a situation where the patient is unconscious. I'll let the guys getting paid figure out the logistics.

That's goddamned hilarious, I hope you are modded appropriately...but you also kind of have a point. Would whomever develops this technology need to have separate storage for each patient's records, or could there be a central database of all the commonly used diagnoses that they could just link to? Otherwise, you're right...if you have to repeat "this patient is a fat ass" a bazillion times, it could take up quite a bit of space. I suspect, however, for security purposes and continuity (imagine if a table gets linked to the wrong patient and they are treated for a diagnosis that was meant for someone else) they would have to keep the data separate.