Got something to say?
We’re always happy to hear from you, our readers. Please cryptography, enciphering, encoding or a
send your comments, praise or criticisms to scfeedbackUS@ computer contaminant (NRS 205.4742).”
haymarketmedia.com. We reserve the right to edit letters. Computer contaminants as a protective
measure? Now I’m worried.
From the online mail bag right is held by the “data collector” who is Tony H
In response to an Oct. 1 story: Nevada man- breached, or by the state’s Attorney Gen-
dates encrypted personal data: eral. Also, the deﬁnition of encryption in In response to an Oct. 3 story, Was Forever
the Nevada law is poorly deﬁned, as they 21 wrongly certiﬁed PCI compliant?:
The Nevada statue does NOT allow for allow “the use of any protective or disrup-
a consumer to bring suit; instead, that tive measure, including, without limitation, Being PCI compliant is not the same as
being secure. Kudos to [Ken Stasiak, presi-
dent/CEO, Secure State] for stating this.
Example: PCI section 6.6 says you can be
compliant by running an automated exter-
nal black box application scan. These won’t
even ﬁnd all of the OWASP top 10 vulner-
abilities, and locate only about one-sixth of
INFORMATION the total types (not instances) of exploit-
able vulnerabilities that may be present.
PCI compliance is a good thing, but no
one should believe it equals acceptable
ASSURANCE levels of security.
In response to an Oct. 8 online story:
Protect data systems.