Security Pie » privacy

Amex – Where is PCI?

assafl — Wed, 08 Jul 2009 23:51:00 +0000

Ok – so this stuff bugs me. Whenever a company sets up standards for others to live by but fails to live up to the same standards themselves I get annoyed. Amex is the “bully” in point.

See http://www.kpho.com/money/19936013/detail.html for a story in which two guys who worked at Amex were able to abscond with “thousands” of credit card number and “millions” of customer dollars.

I have two Amex cards. So I went to the Amex website to figure out if my card was somehow exposed. NADA. Not a single word anywhere on the site (perhaps I missed it?).

What is the use of PCI if one of the three card peddlers (Visa and Mastercard being the other two) reflect an attitude of indifference towards protecting MY data.

Wake up Amex CEO: Kenneth I. Chenault. I entrust you with my data. It is time for you to protect it! Mighty nice of you to harrass others with odd PCI requirements. Perhaps it is time you pass a PCI audit yourself.

/al

In Flight Privacy

sharon — Thu, 08 Jan 2009 23:08:40 +0000

Previously, we sent our reporters on a first class mission. Now, we are reporting from coach. Names removed to protect the innocent.

Hi, we had a delay of one hour. I’ll probably arrive to you place around midnight. If it’s too late can you please leave the keys outside?

No problem. I’ll wait for you. Is it tonight or tomorrow?

Tonight… In flight internet is awesome…

Is it really IN flight internet? Can you see porn?

When my “neighbors” will sleep I’ll definitely try it…

You need protection. For the next flight buy one of those 3com protection screens…

So that’s the real reason you need it…

I’m thinking about a smart answer, since this conversation is being blogged…..

In my opinion, this post speaks for itself.

Despeite The Lack Of Privacy, I’m Using Chrome

sharon — Thu, 20 Nov 2008 22:45:03 +0000

The folks at consumerwatchdog.org are doing a very important job, keeping vendors honest and consumers alerts. The following video highlights some of the privacy issues with Chrome. I agree that Google should have warned Chrome users. I am sure that they will. Yet, I will continue to use Chrome (since I have nothing to hide). If I need to keep my privacy, I’ll use another tool.

Clear Passwords

sharon — Fri, 07 Nov 2008 01:06:48 +0000

2008 is almost over but still there are respectable and notable companies that act like security is non of their business. I find it very irritating that some companies that promote security as a product and company differentiators act in a non secure fashion. Following the “no one want to see an obese promotes healthy food” analogy, I would expect companies nowadays to act in a secure fashion. Most of the web sites will send you a thank you letter after registering at their web site, but as I discovered today, some will send you an email confirming your registration alongside your username and password in cleartext.

As a service for those who forgot, here’s how email privacy works:

How email works

And here’s the message that turned me mad (Identifiable elements deleted to protect the innocent):