[ic] Credit Card Info
Jim Balcom
interchange-users@interchange.redhat.com
Mon Nov 5 10:37:20 2001
On Sun, 4 Nov 2001, John Beima wrote:
JB>>> Scotty and I process orders interchangeably, and so we both have full
JB>>> access
JB>>> to all of the computers, card #,s etc.
JB>>
JB>>All of the computers? Does that include EVERY machine on teh same subnet between
JB>>your mail server and you??? TCP/IP packets don't just go from A to B... They
JB>>travel through every network card on the network, so that machine can decide if
JB>>it is for it or not... VERY easy to packet snif e-mail messages, with the right
JB>>tools...
JB>>
JB>>Just because you have access, or even the only access, to point a and b doesn't
JB>>mean 250 other people can't read the exact same piece of mail...
We are talking about 3 Linux machines on the LAN in one room behind alarms
and high security locks and 2 Win98 machines in the adjacent room, also
behind high security locks and alarms.
That is ALL of the machines on the Class C License.
A visitor to the store comes in on server 4, views the Interchange stuff,
places an order through the Secure Server on Server 4 (128-bit security). A
canned response is sent to the customer from the mail server on Server 4.
Every 10 minutes, Outlook Express on the POS machine in the next room
running under Windows 98 polls Server 4 for the mail and removes it from the
server. Only orders are handled on this mail server. E-mail relating to the
store operations are handled on a different server.
The last that I knew, it wasn't possible to hack into a Windows 98 machine
(although I understand that there is a patch available to make them into a
server. That boggles my mind. Why use a Windoze machine as a server when
Linux works so much better!)
Possibly there is a leak somewhere, but I can't see it.
The only people with keys to the server room is Scotty and myself. Not the
janitor, not the landlord. The keys to the room where we have the POS
terminal is on the ASSA Master Key System. The janitor, and the landlord.
Those keys can not be duplicated without my permission.
At this time, I am comfortable that I have adequate security for charge card
numbers in place. I could be wrong.
-= Jim =-
----------------------------------------------------------------
Jim's Linux-Operated Underground Bomb Shelter
Tagline for Sunday, November 04, 2001 at 20:00 PM:
[Please insert a quarter in Drive A: for the next tagline.]
----------------------------------------------------------------
This Linux System has been up 226 hours
My web page: http://www.idk-enterprises.com
----------------------------------------------------------------