Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 1234»»»

The Credit Debate Expand / Collapse
Author
Message
Posted Thursday, March 27, 2008 2:50 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 12:34 PM
Points: 31,181, Visits: 15,626
Comments posted to this topic are about the item The Credit Debate






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #475750
Posted Thursday, March 27, 2008 10:39 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Tuesday, May 20, 2008 7:19 PM
Points: 1, Visits: 29
Biometric. As a consumer, if my credit card data are stolen I can cancel them and get new cards. If my biometric data are stolen, I can't easily get new irisis or fingerprints (nor would I be willing to). Security for that reason must be much, much greater than we currently have.

If I'm building a device to store biometric data for your 'home garage door opener', I need to ensure that it can't be easily broken and those data used to access your bank account. Of course, a garage door opener won't have the resolution of a bank's biometric data, but another bank's database will. As might a building's security system.
Post #475878
Posted Friday, March 28, 2008 3:26 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Tuesday, October 7, 2014 7:12 AM
Points: 1,049, Visits: 3,009
If I'm honest, I think the question's being tackled from the wrong end. As Steve alluded, it's the (mis)use, potential or real, to which the data is put that is the important factor, not what type of data it is.

As a person, consumer and parent, I'm more concerned about my family's safety than that of my bank account, so I value the security of my childrens' name and address data more than that of my credit card number. However, as a DBA, I know many companies might get twitchier about a credit card number being mistakenly disclosed than someone's address.

I think the important thing, therefore, is to have an accurate picture of which areas of data under your responsibility are most important to keep secure, and the damage that not doing so could cause.


Semper in excretia, sumus solum profundum variat
Post #475928
Posted Friday, March 28, 2008 3:28 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Yesterday @ 3:01 AM
Points: 1,054, Visits: 1,131
As a DBA, the unauthorised copying of any data under my control would be deeply embarrassing. But that wasn't your question!

My first thoughts were the same as Adam's. But then I started thinking about practical uses of stolen data. Credit Card data can be used instantly for financial gain, with very little chance of being caught.

What would I do with stolen biometric data? I suppose I could try and sell it, but what would the buyer do with it? Break into someone's garage? You have the biometric data, but that doesn't allow you to circumvent the fingerprint scanner on bolted to the wall. You would have to access the main computer which processes the scans. Which means you would have to break into the house first....

And at airports and banks? What possible use is a USB stick with stolen biometric data, when the security guard tells you to look into the iris scanner? In theory latex fingerprints and contact lenses can be made from biometric data, but this is hardly within the realms of most criminals.
Post #475932
Posted Friday, March 28, 2008 6:28 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Monday, December 2, 2013 6:30 AM
Points: 346, Visits: 691
You would have to be insane to contemplate storing biometric data, especially en masse. While only in its infancy biometric data is the holy grail of identity theft. It can't be (easily) changed by a person, and theft is the *least* of your problems.

Consider if a bad guy wanted access and compromised your system. He substitutes his biometrics for X, he's in and nobody the wiser. When he's done, he switches back.

Perfect crime.

Biometrics, a *REALLLY BAD IDEA*. Especially if it becomes widespread.
Post #476031
Posted Friday, March 28, 2008 6:48 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 6:53 AM
Points: 13,890, Visits: 28,285
Honestly, neither.

What scares me is medical data. I was working for a software start-up that provided software to doctors. Not only did it store full patient history, but it had diagnostic software to help the doctor perform a quick diagnosis of the patients. It was a horror show of an app, built over a series of years on top of what was originally a Paradox database. One day, one of the nurses that worked with us said to me, "We're going to kill someone with this." And she meant it. I started looking for new work immmediately.

Killing people scares me. Losing their money concerns me, but it doesn't scare me.


----------------------------------------------------
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood..." Theodore Roosevelt
The Scary DBA
Author of: SQL Server Query Performance Tuning
SQL Server 2012 Query Performance Tuning
SQL Server 2008 Query Performance Tuning Distilled
and
SQL Server Execution Plans

Product Evangelist for Red Gate Software
Post #476050
Posted Friday, March 28, 2008 7:01 AM


SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Monday, October 20, 2014 7:41 AM
Points: 249, Visits: 1,744
Grant Fritchey (3/28/2008)
Honestly, neither.

What scares me is medical data.


I have to agree. Medical data is definately its own kind of stress. That's what I've been dealing with for the past 10 years, from confidential clinical drug trial data, to HIPAA protected disease surveillance data, insurance claims, and clinical encounter data. I don't think that working with either financial or biometric data would be as harrowing.

Post #476057
Posted Friday, March 28, 2008 7:01 AM
Right there with Babe

Right there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with Babe

Group: General Forum Members
Last Login: Monday, October 20, 2014 11:42 AM
Points: 755, Visits: 1,927
The danger of lost biometric data is far more, though at the moment it is of minimal use. But things like SS, bank account info, etc can be changed if compromised, your bio data cannot. So 15 years from now when it's used extensively for everything from employment to insurance, you will at best be constantly putting out fires, or at worst have your reputation and finance in constant ruin.


btw why would anyone use biometrics on a garage door?


...

-- FORTRAN manual for Xerox Computers --
Post #476058
Posted Friday, March 28, 2008 7:13 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Yesterday @ 5:59 PM
Points: 7,105, Visits: 15,445
Grant Fritchey (3/28/2008)
Honestly, neither.

What scares me is medical data. I was working for a software start-up that provided software to doctors. Not only did it store full patient history, but it had diagnostic software to help the doctor perform a quick diagnosis of the patients. It was a horror show of an app, built over a series of years on top of what was originally a Paradox database. One day, one of the nurses that worked with us said to me, "We're going to kill someone with this." And she meant it. I started looking for new work immmediately.

Killing people scares me. Losing their money concerns me, but it doesn't scare me.


Agreed. I've been involved in a series of these kinds of scenarios and it's pressure I'm just not comfortable with. It's scary stuff to have to handle. Credit can be repaired, but killing someone with bad data is a one-way ticket: there's no "replaying the transaction logs" for that. I've steered clear as much as possible from being involved in direct patient care systems.

The turning point: I was once asked to be on an eval team for an RFID system to identify patients. The RFID badges were integrated into the order system, which would then send info machines around the patient. The problem was - the effective range of the badges was 1-2 feet, which worked great under normal circumstances; when the patient had a problem though, machines routinely get shoved out of the way...and often into the effective range of the OTHER patient in the room. So the machine starts prompting that the "orders"/dosage, etc... have changed.....The system ended up being scrapped at our hospital, and purportedly updated so that doesn't happen any moer, but still - that's a level of perfection I just plain don't want to have to live up to. I have a hard enough time sleeping, and that's with a clear conscience.

As an aside - the kind of depth and breadth information you get on people in addition to all of their health info is astounding enough. Why bother going after just credit card info when you can get their payment info AND every piece of demographic info you'd ever need on them, their family members, the family's financial info....


----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
Post #476067
Posted Friday, March 28, 2008 7:22 AM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Wednesday, January 22, 2014 9:48 AM
Points: 202, Visits: 3,531
I am not an old bird but it seem like there was a time when a credit card was something important. Over time the security around a credit card has become more passé. The merchant no longer checks the signature panel, a signature is no longer required for a purchase under a specified dollar amount, you all but receive an activated card in the mail during a marketing promotion. It was much more difficult for you to "lend" your financial identity to someone or have it taken by someone in the past. Now credit cards are known to have these weaknesses and people don't trust them as much. It’s not an item I would pin my identity to anymore.

So the question I see is what will happen when we evolve and biometric data becomes treated in the same manner. What would happen if I no longer trusted my own fingerprints or retinal scan. Would I have an identity anymore? What if one identity was spread across 100 criminals could you ever catch them?
Post #476077
« Prev Topic | Next Topic »

Add to briefcase 1234»»»

Permissions Expand / Collapse