Re: A better summary of the problem

From: David Eather (eather_at_tpg.com.au)
Date: 01/26/04

Next message: Fco. Jos? Ruiz: "Re: Question about Cryptografy and PCI"
Previous message: jcduque: "Re: Humble Contribution"
In reply to: David Hooker: "A better summary of the problem"
Next in thread: jcduque: "Re: Extending a secure zone to an insecure zone"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 27 Jan 2004 00:34:16 +1000

I'm not a security expert especially when it comes to secure protocols and
the ways of hacker.

I also have a balding grandmother who likes to bake, and I have to say that
what your trying to do has more hairs in it than one of grandma's special
cakes.

How much is the customer's data worth?
What is the collective value of the customer's credit cards? (it will be
big and big enough to motivate hackers and insiders)
What will be the cost when the data is stolen or compromised in a way you
haven't thought of or protected against?
Who do you think the pissed off clients are going to come after when this
happens? (after talking to the police who will assure them a felony has
taken place and lawyers who will tell them that it should not have been
possible with proper security measures)
who do you think the company will point out as a sacrificial lamb - "he did
it, he said he was the expert, we had to trust him"
What will be the court costs when it comes out the data was stolen from an
unsecured server you put their on?
What will the court's ruling for damages against you cost?
What will be the ongoing effect on your work or business?
How much more will your personal indemnity insurance now cost - assuming you
can get any?

If any of this has an amount you can't afford to pay out of you pocket
change, then do the job right - store client data only on secure servers and
do that properly. Some short cuts should not be taken.

David Eather

Next message: Fco. Jos? Ruiz: "Re: Question about Cryptografy and PCI"
Previous message: jcduque: "Re: Humble Contribution"
In reply to: David Hooker: "A better summary of the problem"
Next in thread: jcduque: "Re: Extending a secure zone to an insecure zone"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: [PATCH 1/2] irq_flags_t: intro and core annotations
... real bugs crop up: ... hacker uses spin_lock_irqin incorrect context (where it is not ... can have non-trivial cost. ... For 64-bit powerpc's software interrupt disabling scheme it seems ...
(Linux-Kernel)
Re: SPES (my new encryption) one of its kind
... do you think using higher number of ciphers really cost the user more ... than the hacker? ... do you think that using higher number of layers cost the user more than ...
(sci.crypt)