Comments on: openSUSE Weekly News, Issue 167 is out! http://news.opensuse.org/2011/03/19/opensuse-weekly-news-issue-167-is-out/ The latest news from the openSUSE project Sat, 18 May 2013 23:31:29 +0000 hourly 1 http://wordpress.org/?v=3.5.1 By: Scott http://news.opensuse.org/2011/03/19/opensuse-weekly-news-issue-167-is-out/comment-page-1/#comment-28626 Scott Thu, 24 Mar 2011 23:42:19 +0000 http://news.opensuse.org/?p=7706#comment-28626 RE: My question above – My apologies for being Verbose here but I am sure Im not the only person worried about online lists of users and their details and I would like to see a reply to comfort us here below…
I see that the traffic IS HTTPS and requires a valid login, however as far as I can see its still a list of name and addresses and other detailed information.
As such, online listings of Name and Addresses are strained to keep secure as this type of information would normally not be accessible over the Net.
The only real way of protecting this information, as I see it, would be for the Server to issue a Client PKI.
In that way if the database is compromised the Server Certificate can be revoked by and put on hold until its resequenced.

I understand you do not confirm to any ISO Standard or even the SOX….etc. Legislation in the US in terms of Data Security.

I would suspect there are many other people who are interested in the Connect Database Security and at this point in time I can see no attributes to hide any fields in the database moreover within each users profile.

Mailing lists acquisition is very lucrative and the total loss of every single user in a US Credit bureau before the SOX…etc. Legislation is fresh in my mind – The reason why the US legislated data security was done after approx many million people’s ID and details was hack/stolen from an agency in the US
More recently Virgin Mobile in .AU lost their entire customer user base as it was online and accessible via a simple password – This occurred late last year in .AU and ALL Virgin customer database was online and was taken via the simple use of a password to access the entire user database.

]]> By: Scott http://news.opensuse.org/2011/03/19/opensuse-weekly-news-issue-167-is-out/comment-page-1/#comment-28403 Scott Sun, 20 Mar 2011 04:47:35 +0000 http://news.opensuse.org/?p=7706#comment-28403 With Privacy concern becoming a huge issue for many and identity theft keeps rising;
Can you tell me how the Connect Data Base safeguards this information?
…sort of like who can look up other users and visibility etc. etc. etc.
I trust the traffic for connect is HTTPS to prevent google from just doing their thing or
hijacking graphic images of users who elect to upload a picture stuff…?
I trust it will be an Opt In choice rather than Opt Out?
What Countries will this info reside on as I noted that differing privacy laws govern its possible use?
Just standard privacy queries…
P.S …Sorry IT/Internet Security is just my job and other stuff stuff…TA :-)

]]>