Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

personal information storage question



On Sat, May 1, 2010 at 2:43 PM, Kent Borg <kentborg-KwkGvOEf1og at public.gmane.org> wrote:

> Eric Chadbourne wrote:
> > I have a couple of local small insurance companies that need their
> > websites redone.  Looks like they are going to let me do it.  Are there
> > any industry specific security standards i have to be concerned with?
> >
>
> The credit card people have some (I think) public standards that might
> be worth looking at.
>
> > Such as with an HTML form that collects info for a request for a quote?
> >
>
> Don't talk to children. Some specific laws about that. European laws can
> be very strict, they probably don't apply to you, but might be worth
> Googling to get you thinking.
>
> > Thanks for any tips!
> >
> > Eric C - the one who wants to encrypt everything.
> >
>
> Yes on encryption. I would start with running everything over https,
> even the home page. Immediately redirect from http. (There are ways to
> do man-in-the-middle if one can grab the http connection first--people
> don't watch for the httpS and the padlock isn't really paid attention to
> and there is room for at least partially faking them). Don't trust that
> https is completely secure--what if the CA is served with a court order
> to supply keys?
>
>
Depending what you're doing you may need more than a plain SSL Cert for your
website.  There are different grade's of encryption for SSL and the higher
grades of encryption usually also have higher level of warranty against
mis-use.

-matt
http://www.sysadminvalley.com
http://www.beantownhost.com
http://www.linkedin.com/in/mattboston






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org