[ic] Encrypted CC#'s in SQL, and CC# Identifier - Almost Done - Partial Solution

Doug Alcorn doug@lathi.net
26 Apr 2001 13:05:14 -0400

"Russ Mann" <tech@khouse.org> writes:

> Sorry for starting this.  Within reason, there is no added risk by
> storing CC#'s in PGP.  When was the last time you heard of a hacker
> breaking into a firewalled linux system, and decrypting thousands of
> CC#'s that were PGP'd?  Obviously there is a remote possibility of
> security breach, but that's not compounded by storing encrypted CC's
> instead of just emailing encrypted CC's, realistically.

Please don't consider this a flame; you just keep throwing gasonline
on the fire though.  What most of us realize is that security is a
matter of vigilance.  Having the right software certainly helps;
having the right attitude helps more.

You have demonstrated a willingness to sacrifice security (or accept
the risk as you might say) to gain ease of use.  You're in pretty good
company making this trade off.  Microsoft makes it nearly every day.
Linux machines are hacked every day; even Linux machines behind
firewalls.  I typically hear of about half a dozen machines a year
that get hacked that are owned and operated by people I know.  Don't
be mislead by Linux being secure.

I think if you want to have one-click shopping, that's OK (If you've
seen my home page, you'll realize I don't care what Amazon thinks).
However, none of us would advocate storing the decryption key on a
machine that is networked.  Have IC store the cc info encrypted and
just mail it to some other machine.  And make sure that the other
machine is one that doesn't have a permanent/public network

BTW, more machines are hacked through "Social Engineering" than
software engineering.  The weakest link in nearly every situation is
the compenent sitting in front of the keyboard.
(__) Doug Alcorn <doug@lathi.net> http://www.lathi.net chat:lathinet@yahoo|aol
oo / PGP 02B3 1E26 BCF2 9AAF 93F1  61D7 450C B264 3E63 D543
|_/  If you're a capitalist and you have the best goods and they're
     free, you don't have to proselytize, you just have to wait.