|
|
| Author |
Message |
| 25 new of 52 responses total. |
willcome
|
|
response 18 of 52:
| 
Dec 17 23:26 UTC 2003 |
jp2's a millionaire!
|
scg
|
|
response 19 of 52:
|
Dec 18 02:01 UTC 2003 |
re 16:
If you're running Windows and aren't *very* careful about applying
security patches promptly, the answer is probably that any data on your
computer is reasonably easily accessable whenever you're on the Net.
Banks and the like, which have historically relied entirely on firewalls for
protection of PCs, have had some significant problems with this recently,
since a lot of the recent Windows worms have had no trouble at all getting
around firewalls.
|
jep
|
|
response 20 of 52:
|
Dec 18 10:48 UTC 2003 |
The e-mail I received, letting me know it was time to renew my
membership, had a link to Paypal which had a hard-coded $60 in it. I
just used that and didn't look beyond it.
Using the link was as simple as it could have been. Adding options
would complicate matters, and I don't know if it would be worthwhile
overall. I just know if other options were available, I'd probably
have used one of them.
|
jep
|
|
response 21 of 52:
|
Dec 18 10:50 UTC 2003 |
re resp:12: I'd overlooked the perks of membership. (-: I agree, a
no-ID membership would have to be without outbound Internet privileges.
I think it'd be worthwhile offering that as a contribution option.
|
aruba
|
|
response 22 of 52:
|
Dec 18 13:43 UTC 2003 |
Re #19: Steve is referring to Windows 2000ff, whereas I am running Windows
98, which is much stupider and therefore less exploitable. And I am up to
date on patches.
I don't want to do anything with the data that might compromise it, so if
there is a real issue here, I'll do what's necessary. But I bristle at
being called a liar for saying the data "is not stored on the net". It's
not, and never has been.
|
gull
|
|
response 23 of 52:
|
Dec 18 14:33 UTC 2003 |
Re resp:17: If you're hoping to only deal with companies that never put
your data through a Windows PC, all I can say is, "good luck".
Re resp:22: Windows 98 doesn't run most of the services that have been
compromised on NT, 2000, and XP, but it is vulnerable to some Internet
Explorer and Outlook Express exploits. (Note, too, that Microsoft is
dropping support for Win98 soon and will not be providing any more
bugfix updates.) The fact that you don't have any services running
doesn't help you when someone takes advantage of an IE bug to install
BackOrifice. There are at least three bugs in IE that have not been
patched yet and will allow a rogue website to install pretty much
anything on your computer. My advice at this point is for Windows users
to avoid IE and use something else, like Mozilla, Firebird, or Opera.
I think jp2 does have somewhat of a point, but the risk would be easily
mitigated just by keeping the membership info on removable media and
only having it in the computer when you need to work with it. I would
also hope you're only storing name and address info, not sensitive stuff
like credit card numbers, driver's license numbers, or SSN's.
|
aruba
|
|
response 24 of 52:
|
Dec 18 15:02 UTC 2003 |
We don't have any credit card numbers or social security numbers. We do
have drivers license numbers. I don't use Outlook Express and only use IE
when Opera and Netscape won't work on a particular site. (Try using Opera
on microsoft.com sometime - you get a teeny-tiny font that's illegible.)
I think putting the database on a floppy sounds like a good way to have data
corruption problems, and it's not a good solution for large databases. I
guess I could put it on a keyring data chip, and keep it with me at all
times, but that seems a little paranoid to me.
|
gull
|
|
response 25 of 52:
|
Dec 18 15:17 UTC 2003 |
My concern isn't that you have it on your person; I'm not worried about
physical attacks. I'm just suggesting that if it's not accessable on
the computer when you don't need to work with it, that greatly reduces
the window of time during which someone can gain access to the data.
|
jep
|
|
response 26 of 52:
|
Dec 18 15:25 UTC 2003 |
Mark, please don't let jp2 rile you. It doesn't seem to be his goal to
help Grex with anything. It seems to be his goal to pretend he knows
everything better than everyone else. Even if it would be a minor
improvement to security, I don't think anyone else expects you to go to
heroic efforts to protect Grex data. Just do what anyone would do in
these times; take ordinary, normal precautions and if a problem comes
up some day, we'll all deal with it.
If Jamie can post a piece of data from Mark's files about Grex (or e-
mail it to Mark), then I'll think he's uncovered a problem. Otherwise,
I'll think Jamie is just trying to stir up trouble where there is
none. Again.
|
carson
|
|
response 27 of 52:
|
Dec 18 15:40 UTC 2003 |
(I'd like the discussion to refocus on the initiative presented in
resp:0 and how modification of current policy may or may not benefit
Grex. I don't consider the security of gathered information to be
directly relevant to this discussion because even the initiative as
currently worded would require some information to be gathered.)
|
jp2
|
|
response 28 of 52:
|
Dec 18 16:03 UTC 2003 |
This response has been erased.
|
bhoward
|
|
response 29 of 52:
|
Dec 18 16:24 UTC 2003 |
Oh.
|
willcome
|
|
response 30 of 52:
|
Dec 18 19:01 UTC 2003 |
.hO
|
aruba
|
|
response 31 of 52:
|
Dec 18 21:24 UTC 2003 |
Maybe I wasn't clear, Jamie: personal data about members is not available on
the net, and never has been. I doubt your bank can claim as much.
|
jp2
|
|
response 32 of 52:
|
Dec 18 21:33 UTC 2003 |
This response has been erased.
|
jp2
|
|
response 33 of 52:
|
Dec 18 21:37 UTC 2003 |
This response has been erased.
|
aruba
|
|
response 34 of 52:
|
Dec 18 21:37 UTC 2003 |
What was it I said that made you think data was stored online?
|
gull
|
|
response 35 of 52:
|
Dec 18 22:56 UTC 2003 |
I hate to turn this into an argument about definitions, but it really
depends on what you mean by 'stored online'. jp2's argument is that if
the computer the data is on is ever connected to the internet, the data
is 'stored online'. I assume other people are arguing that the data is
not 'stored online' unless it's on a permanently-connected system. I
suspect the actual intent of the wording would be more accurately
expressed as, 'the data is not stored on Grex.'
|
tod
|
|
response 36 of 52:
|
Dec 18 23:01 UTC 2003 |
This response has been erased.
|
jp2
|
|
response 37 of 52:
|
Dec 19 01:20 UTC 2003 |
This response has been erased.
|
davel
|
|
response 38 of 52:
|
Dec 19 02:43 UTC 2003 |
Re 35: It may be an argument about definitions, but I don't think the issue
is (or is only) occasionally-connected versus permanently-connected. If the
data were on Grex, say, there'd be great reason for concern not only because
it's online almost all the time, but also because it runs lots of programs
which let outside parties initiate logins & other connections. That's not
likely to be true of Mark's PC. And it's a really big difference.
TBH, I don't know what software Mark uses for Grex's books (& what hardware
is required), but I have to wonder whether Grex (or some donor) mightn't find
it worthwhile to provide the treasurer - not the current person, but the
office - with (say) an older laptop which could hold such data and never be
connected, period. That would, at least, reduce the likelihood of
software compatibility issues when the treasurer changes - just pass along
the computer along with relevant paper stuff.
|
aruba
|
|
response 39 of 52:
|
Dec 19 04:20 UTC 2003 |
Well, personally, I'd rather not have to turn on a separate computer every
time I want to do something Grex-related. But being able to pass it on to
the next treasurer is an advantage, I agree. (I also don't have room to
operate two computers at once, so starting one would likely mean shutting
down the other.)
|
keesan
|
|
response 40 of 52:
|
Dec 19 17:08 UTC 2003 |
24 about Opera and tiny text size, do you have Opera 7? It lets you specify
minimum font size, or display in 'text' mode with all fonts the same size,
or in accessible mode with all fonts large, or zoom up to 400%. See View,
Styles, User mode.
|
aruba
|
|
response 41 of 52:
|
Dec 19 18:14 UTC 2003 |
Thanks Sindi - I'm still on Opers 6.05, so that gives m incentive to
upgrade.
|
gull
|
|
response 42 of 52:
|
Dec 19 18:46 UTC 2003 |
I upgraded from Opera 7.1something to 7.3something and it fixed a
problem I'd been having with eBay.
|