- Dec 31, 2007
- 917
- 14
- 18,995
Just as EA launches Origin ... hmmmm ... yeah, I keep all my data encrypted in our public and not so public SQL servers ... not just the connections, but the data. A smart hacker will look for the code that encrypts the data, but that's a considerably harder task, especially when code is obfuscated.
But it's always a good idea to use a low limit Credit Card for any online purchases.
As far as separation of data, especially CC data ... most intermediate CC processing companies require PCI compliance (Payment Card Industry) for any merchant that does public online CC processing/captures (like Steam). Part of PCI compliances is regular quarterly audits of the servers and intrusion testing ... all CC data MUST NOT be directly accessable to the public ... in otherwords the SQL servers must live on a private LAN and the only communication that can happen is thru web service calls (indirect layer).
Theory being that Web Services are a more secure and indirect step prior to reaching the databases. However, these web services are in themselves a weak link and can open the door to many many more databases.
So to make a long story short PCI compliance is really just lip service to protect the payment processors and the banks, from that point onwards if any breach happens both the bank and payment processor can point the finger at the developers who created the web services.
Ironically, Microsoft can NOT be held accountable at all -- they are NOT required to be PCI compliant even if the intrusion were directly related to a security hole in the OS, Microsoft are NEVER "on the hook". How and why Microsoft can get away with this is beyond me. And it not just Microsoft, anyone that produces server OS is NOT accountable and does NOT have to be PCI compliant.
Steam has tools to locate the source of the intrusion, it's a pretty stupid move to attempt to hack Steam ... stay tuned for news updates rounding up yet another batch of hackers.
But it's always a good idea to use a low limit Credit Card for any online purchases.
As far as separation of data, especially CC data ... most intermediate CC processing companies require PCI compliance (Payment Card Industry) for any merchant that does public online CC processing/captures (like Steam). Part of PCI compliances is regular quarterly audits of the servers and intrusion testing ... all CC data MUST NOT be directly accessable to the public ... in otherwords the SQL servers must live on a private LAN and the only communication that can happen is thru web service calls (indirect layer).
Theory being that Web Services are a more secure and indirect step prior to reaching the databases. However, these web services are in themselves a weak link and can open the door to many many more databases.
So to make a long story short PCI compliance is really just lip service to protect the payment processors and the banks, from that point onwards if any breach happens both the bank and payment processor can point the finger at the developers who created the web services.
Ironically, Microsoft can NOT be held accountable at all -- they are NOT required to be PCI compliant even if the intrusion were directly related to a security hole in the OS, Microsoft are NEVER "on the hook". How and why Microsoft can get away with this is beyond me. And it not just Microsoft, anyone that produces server OS is NOT accountable and does NOT have to be PCI compliant.
Steam has tools to locate the source of the intrusion, it's a pretty stupid move to attempt to hack Steam ... stay tuned for news updates rounding up yet another batch of hackers.
Facebook
Twitter
Instagram