Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:PCI-DSS Scope? (Score 1) 106

by mtl_hed (#39532421) Attached to: Hackers Can Easily Lift Credit Card Info From a Used Xbox
The PCI-DSS spec is used by organizations to evaluate their infrastructure as to whether it is in compliance. I've read the entire v2 doc before, and unlike most technical specifications it is more of a best practices guide for secure transport and storage for PCI data. This includes everything from switches, routers, servers, to tape backup and everything in between. In Microsoft's case this includes the Xbox itself and everything within their datacenters that PCI data flows through. Part of the spec states that storage of PCI data should be avoided if possible and gives recommendations around storage when it is deemed necessary for secure storage. Things like encrypted filesystems using hardware security modules help accomplish this. To jrj102 comment, it is very likely M$ chose not to store the data on the Xbox itself, but instead store it within their own network tied to your account in some way and thus greatly reducing risk.

"They that can give up essential liberty to obtain a little temporary saftey deserve neither liberty not saftey." -- Benjamin Franklin, 1759