Steven W. Erbach
serbach at new.rr.com
Tue Jul 13 07:46:19 CDT 2004
Mark, >> aside from the protection offered by the credit card companies, how much more protection can they offer? << They claim to offer shoppers protection from identity theft. Prevention, in other words: "We thoroughly audit every HACKER SAFE site using over 2,500 different security tests. These tests are based on hacker activity information collected every 15 minutes from hundreds of private and government sources worldwide. "When we find any holes that could allow hackers to steal your personal information, we notify the merchant with instructions on how to secure their site. As long as the merchant does so quickly, we certify the site as HACKER SAFE. ScanAlert controls the certification image, not the merchant. You will not see the certification if the site does not pass our security audits." "Nearly every Web site where hackers have stolen private information had an SSL certificate in place... SSL simply has nothing at all to do with Web site security or safety from hackers." P.J.Connoly, INFOWORLD "SSL is basically like providing security for the bank teller when the vault is wide open. People rely too heavily on SSL. It gives them a sense of comfort; it just doesn't give them security," Pete Lindstrom, research director, Spire Security, LLC. For on-line merchants they claim: "HACKER SAFE certification meets the full set of requirements for the FBI/SANS Top Twenty Internet Security Test (vendor list PDF). Our vulnerability scanning technology has also been tested and accredited to meet the requirements for both American Express' CID Data Security program, and MasterCard's Site Data Protection program." Regards, Steve Erbach Scientific Marketing Neenah, WI 920-969-0504 "The too open mind is an empty mind." - Douglas Kern