Although the following is not strictly LBC-related, it is related to
your access to this mailing list.
My mail access died early Friday morning. No explanation was immediately
forthcoming. I tried to connect off and on for a couple of days, without
success. I called the provider's tech support Saturday evening, and
received a message that the mail service, interactive login service and
server web site were down, and that the company was working on it.
Early Sunday morning, a few messages got through, and I figured the
glitch was gone. No big deal. Mid-Sunday, though, there was still no
service. Not only was mail sporadic, but outgoing mail was impossible.
Typical Internet problems, you might think, as did I. I went to work for
a while, came back Sunday evening, and found this message waiting for
me:
"Some of our customer data was compromised early Friday morning, Aug. 7,
1998,
and that data included your credit card number. Please notify your
credit card
company, and if need be, cancel your credit card. The cause of the
compromise
and this theft has not yet been determined.
"*** is working with the authorities and credit card companies in
investigating
this matter. We apologize for the inconvenience and thank you for being
a loyal
*** customer."
These people violated the basic tenet of C2-level security. That level
strongly suggests that sensitive data be stored on machines without any
means of automatic connectivity. In other words, standalone devices with
physical and password security.
If you gain access to the Internet through a small provider who bills
your credit card monthly, you might find it in your interest to pass
this message on to your provider, along with the admonishment that
unless they can, in detail, describe to you the level of security
provided for your personal and credit card data, you will expect monthly
paper billing, or you will find another local provider with better
security.
I was lucky. I called the credit card company and found there were no
new billings in the past three days, and had my accounts transferred to
another number. However, it took my provider three days to notify me;
had another day, or two, passed, I could have been in receivership,
given the credit limit on that card. Keep in mind that access was
provided on the basis of giving the provider my credit card number for
monthly billing--I was not given the option of monthly paper billing.
Such an arrangement is for the convenience of the provider--it reduces
their costs.
Just something to ponder, folks.
Cheers, All.
--
My other Triumph runs, but....
|