Security Pie

The ramblings of three security curmudgeons

Why???

with 5 comments

Why do we work so hard to protect user data and privacy when it seems users are very happy to place their credit card info online and broadcast their shopping? The concept of blippy.com was shocking to me. It still is. Do users understand that all this information is amassed and can be used at any time by anyone?

What makes blippy trustworthy of access to a bank account? Are they audited? Are they PCI compliant? They are not even public and (unlike TJX) have nothing to lose by compromising the security of the users data…

Yesterday, while analyzing business processes at a DLP account, we ran across a user that sent their entire password list in an unencrypted CSV format. Access to bank accounts, investment accounts, healthcare, Web 2.0 sites, etc.

Perhaps privacy, by 2020, will be replaced by identity insurance…

Written by assafl

February 11th, 2010 at 12:14 pm

Posted in Uncategorized