[Info-vax] Python for x86?
Dave Froble
davef at tsoft-inc.com
Mon Apr 17 22:45:16 EDT 2023
On 4/17/2023 9:43 PM, Arne Vajhøj wrote:
> On 4/17/2023 3:14 PM, Dave Froble wrote:
>> On 4/17/2023 3:00 PM, Scott Dorsey wrote:
>>> 25 years ago, those skilled domain knowledge experts would be sitting down
>>> with a programmer and telling the programmer what they wanted, and the
>>> programmer would be saying things like "Would it be okay if we did it in
>>> THIS order because it would be faster?" and things like "If this value is
>>> zero, it's not going to work, so will this ever be zero?" There would be
>>> a team with the programmer and the subject matter expert.
>>
>> This is most of the problem. The hackers, Ok, SME, don't consider anything
>> except what they want to do.
>>
>> Another simple example. A third party accepts and stores credit card
>> information, so vendors don't have to. Some web designer didn't know how to
>> query if the credit card info was already on file, so he just created a new
>> credit card entry for every usage. No problem for him. But, when a capable
>> person did an inquiry to see if the card was already on file, back came
>> thousands of the same CC #. Caused real problems, but not for the hacker.
>
> Obviously a disaster design/implementation.
>
> But usually it is the SME's problem if business rules are
> not properly implemented.
But the SME is only worried about what affects him. That's not enough.
> Arne
>
> PS: Having the credit card information even transient should be
> sufficient to trigger PCI-DSS compliance requirements even
> if persisted elsewhere.
This example was about a vendor selling PCI type of services. Why they let
multiple copies of a CC#, that's another story.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
More information about the Info-vax
mailing list