Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:Why are these numbers stored? (Score 1) 117

PCI/DSS isn't simply about being able to claim nebulous adherence to "best practices"; it's about an organization's ability to maintain a business relationship with their customers and an upstream merchant account provider under certain agreed upon minimum standards for data security. Quoting PCI Data Storage Do’s and Don’ts:

Do not store sensitive authentication data contained in the payment card’s storage chip or full magnetic stripe, including the printed 3-4 digit card validation code on the front or back of the payment card after authorization.

This point in particular is not flexible in nature. Storing that specific information, or failing to take specific steps to secure the access perimeter and specific systems through which said information traverses, are quick routes to termination of a merchant agreement. Such failures may also expose a business to significant legal liability; litigation rapidly becomes impressively expensive in the event of a breach whereby it comes to light that the business in question failed to follow basic PCI/DSS tenets, and said legal proceedings may turn into an even greater circus if dominant upstream EFT players such as Visa, etc believe there is reason to assume negligence on the part of an auditing firm that supposedly delivered a satisfactory report on compliance to the errant business. Reference the recent Target debacle for a fine example of such complications.

There are no magic bullets, but there are baselines. Those baselines could certainly use significant improvement, but that doesn't matter much if the business servicing the consumer doesn't care to consider even basic adherence to agreed upon information security standards as a critical factor.

Comment Re:War of government against people? (Score 1) 875

Don't forget the problem of keeping guns from getting back into the population at any given time. This goes back to the same issue you first spoke to: criminals will still obtain guns, and those who respect the law of the land won't. Essentially, I put this whole discussion into much the same frame as the "war on drugs," meaning things can't be uninvented and attempts to overly regulate many of them may result in more net harm than good.

Comment Re:War of government against people? (Score 1) 875

There are many variables you haven't accounted for. Quoting from Crime in the United States:

In 2011, the state with the lowest violent crime rate was Maine, with a rate of 123.2 per 100,000 residents, while the state with the highest violent crime rate was Tennessee, with a rate of 608.2 per 100,000. However, the District of Columbia, the U.S. capital district, had a violent crime rate of 1,202.1 per 100,000 in 2011.

D.C. has a long history of highly restrictive gun laws. Why then does D.C. have double the violent crime rate of Tennessee, and one hundred times that of Maine? It's also worth noting that Maine has very few restrictions on gun ownership. See how this works?

Comment Re:The "lettuce bot" is mostly a vision system (Score 1) 36

[sideband attempt 1 at obtaining a reply] I'm perfectly willing to burn the karma expended from potential "off topic" moderation of this comment to ask you the following question, which is likely to be considered highly "interesting" by anyone interesting in safeguarding privacy: Why haven't you replied to my last question [regarding TrueCrypt and the value of signing keys]?

Comment Re:That's not proof! (Score 1) 475

Please accept my apologies for the delayed reply. You appear to be lacking firsthand experience with interactions involving certain law enforcement agencies and persons who are subject to device examination. The first step will be production of a bit for bit copy of the digital media in question, followed by a quick analysis of the disk image. In many cases, said analysis will rapidly identify media regions which are likely to represent "hidden containers", and interesting interactions between the owner of the device and law enforcement personnel will commence shortly thereafter.

This may disappoint you, but it speaks directly to my original statement regarding the utility of hidden containers. The link included in my prior post was mostly intended to spur further thought, in the hopes that you would consider (at a minimum) the scenario I've just described. Given my apparent failure to spark that trail of reasoning, I elected to provide a more direct example in this post. Cheers.

Slashdot Top Deals

ASCII a stupid question, you get an EBCDIC answer.