I wrote about the Best Western case yesterday, but something in today’s news caught my eye. Newsday.com reports this nugget of information:
The company said it purges guests’ credit card and other data from its systems within seven days of their checkout.
Seven days? They are prohibited by PCI from storing sensitive data after authorization, so what credit card data are they referring to here?
Was it just the PAN? Although seven days might seem short compared with a year of data, card information is meant to be masked, hashed or truncated immediately. Sensitive data has to be securely wiped as soon as a card has been authorized. How do they explain the reason for a seven day procedure that leaves card data exposed, since they say they are PCI-compliant?
How strange that bankinfosecurity let this get past its editors:
“Whitelisting” is a new twist on information security. Instead of trying to find a software solution that keeps all of the potential bad guys out of your systems, whitelisting allows you to establish a protection layer that grants access to only your finite list of good guys – individuals or applications.
New twist? Firewalls are the very definition of whitelisting and have been around since the dawn of information security theory. Although I occasionally find a non-security administrator trying to use blacklisting to segment a network, security professionals always start with whitelisting where possible.
4WD, compact and high mpg. Sounds ideal for someone I am helping right now. Too bad they would have to go somewhere else in the world to buy one.
Meanwhile, back in America people wax poetic about new cars pushing 26 mpg. Please, forget anything under 35 mpg. A model T in the 1920s could get high 20s in mileage. GM is sorely mistaken if it thinks 26 mpg is newsworthy while other car companies are releasing full-size vehicles with numbers closer to 50 and even 60.
I find it odd that Mercedes talks about “converting” Americans. An article in benzfaqs suggests the USA might see the first diesel-hybrid Bluetec.
The C250 is claimed to get 57.7 mpg, while a C300 Bluetec hybrid gets a claimed 61.4 mpg.
Many people are curious as to why Mercedes is choosing to sell their hybrids in the U.S. before branching out into the great sale waters of the UK. A Mercedes UK spokesman said “The focus has been on the big prize which is converting America.”
W00T! Convert me. Convert me. I’m a believer. Yooo-hooo, over here….