IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [sensitive-data-exposure]

126 questions
1
vote
0 answers

Are missing access logs for a non-production environment populated with over 5 million patient records a big deal?

LOL. I have no background in infosec, so I was hoping to get some input on a very strange thing that has come up involving my local health service provider. Any input would be swell! - A case study on how to screw up big time Consider the following…
faustus
  • 111
  • 4
1
vote
1 answer

How to protect devices that are reliant on Bitlocker and a password without TPM?

In working with a number of non-profit organizations, devices such as laptops used by staff are encrypted using Bitlocker. Unfortunately since the devices (often donated) do not feature TPM, Bitlocker has been enabled using local group policies. The…
Motivated
  • 1,493
  • 1
  • 14
  • 25
1
vote
0 answers

Is creating a derived password safe?

I need to store really sensitive data in a client-hosted database. Since there's no way I can protect this database (because I don't own it), my idea was to encrypt it by using the user's password, so only the user with his own password can access…
Victor Oliva
  • 111
  • 2
1
vote
1 answer

Erasing the contents of a photocopier hard drive, in such a way that the copier can use it again

http://www.idtheftcenter.org/Identity-Theft/photocopying-sensitive-documents-you-might-want-to-think-again.html How do I erase the copier hard drive if I take it out, without damaging it so the copier could use it again? Do I have to take the whole…
Kuge
  • 11
  • 2
1
vote
1 answer

secure mysql against data tempering?

As stated in the title, how do I secure mysql against data tempering? I have been searching the internet for a solution but did not find one that fills my needs. Let me describe my problem, assume I have sensitive information in a table, and a…
pabloBar
  • 35
  • 4
1
vote
1 answer

sensitive data temporarily stored, then redacted: PCI compliant?

I am at a startup where we have chat support. Agents chat with customers and sensitive data may be transmitted during the chat session window. We store this sensitive data in our database for the duration of the session. Once the chat session closes…
user3871
  • 111
  • 2
1
vote
2 answers

In what cases should applications be prepared for brute force?

Today I had an idea: I've been thinking that one can use brute force to get some data from a university from our country. It turned out my thoughts were true: an attacker can use brute force to reveal sensitive information. How strong should be the…
Ionică Bizău
  • 813
  • 2
  • 10
  • 15
1
vote
4 answers

Taking credit card info online recommendations

I have an online store in which customers can purchase a code which enables them to have use of a bot service I run. Part of the bot needs customers sensitive information to be entered, address, and card information. This is secure on my end with…
joelittlejohns4
  • 11
  • 1
1
vote
2 answers

When writing an API an that connects to the database, what information is sensitive and should be protected?

I am on a team that is writing a .NET Core API to service a desktop application. This application used to manage its own database connection through an OracleConnection, and all the values used to connect to the database, including password, were…
kleineg
  • 111
  • 3
1
vote
1 answer

How to enter sensitive information securely?

I'm interested in finding out what is the best method to enter sensitive information somewhere given an insecure computer. Granted, I know that if the computer has a keylogger or some other malware that captures input, there are much more important…
Breeze
  • 113
  • 4
1
vote
0 answers

Does using Oracle TDE guarantees compliance to HIPAA, for persisting sensitive data?

Persisting sensitive customer pharma data is becoming more challenging with stricter HIPAA compliance guidelines, wondering if TDE solves it entirely or are there any gaps that a developer/dba should be aware of.
bluefalcon
  • 143
  • 3
1
vote
1 answer

Capturing sensitive data within legal restrictions?

As a web development agency we're currently taking on a site rebuild for a recruitment agency. The current site allows applicants to register as temporary workers for the agency ( our client ) who will then be assigned short-term contracts as and…
bharling
  • 111
  • 4
1
vote
2 answers

How to protect a PC against sensitive data access by malicious app/driver

As a software developer I frequently work with various USB-attached peripherals in the prototype stage and their drivers. Sometimes the peripherals come from companies that I do not know well or otherwise can't trust 100%, so there's a residual risk…
rsp1984
  • 143
  • 3
1
vote
1 answer

What is the best Practice / Industry Standard for storing documents with social security numbers, date of birth, financial records, etc?

I am building an app that will be storing sensitive info (SSN's, DOB's, Financial Information, Credit Cards, etc. Is there a standard that will cover all these items and what is the best approach to storing? Should blobs be used?
RTG
  • 19
  • 1
1
vote
1 answer

Is it generally safe (and compliant) to log a stack trace?

I work on financial web sites that maintain PCI-DSS, FDIC/FFIEC, and ISO-27000 compliance. Also, we are big fans of OWASP :) Our web sites log errors in cleartext to a flat file held on the web server. These sites handle a lot of high value PII. I…
John Wu
  • 9,101
  • 1
  • 28
  • 39
1 2 3
8 9