[AUUG-Talk]: Re: Membership Renewals
david.purdue at auug.org.au
Tue Sep 26 23:35:29 EST 2006
Having had a look at your post, I have decided that I will never hire
you as a security consultant, since it is your belief that security
systems should fail open.
The AUUG system was designed to fail safe. In the handover there was a
failure (human error), and so it failed - safe. The bad news - we cannot
recover the credit card details. The good news - neither can anyone else.
David Lloyd wrote:
>> Membership management has been somewhat patchy since Liz left.
>> While we are processing membership renewals, we have not been
>> sending out renewal notices. Further, the credit card details
>> for auto-renewal were stored so securely that we have no access to
> Without taking a too combatitive stance, I've taught security courses
> before. The very first thing I teach my students is this:
> "If, for whatever reason, the system cannot do the work you are
> authorised to do, then the system is NOT SECURE. It is unusable.".
> Humour me - why would I want to renew my membership with an organisation
> representing computing professionals who has, at best, an unusable (and
> insecure) system? If you can't work out how to find those credit card
> details, am I meant to trust that you actually know what members are to
> be RE-newed as opposed to RE-join?
> It sounds like you've just LOST the credit card details in their
> entirety; I know admitting/confessing that could land AUUG in a heap of
> hot water, but really. *I* don't buy the "it's stored so securely"
> explanation at all, because:
> 1. Either that makes AUUG unable to manage security
> - remember, if it's unusable (in this case, if the credit card details
> are not retrievable), it's UNUSABLE
> - unusable !== secure
> 2. Or AUUG actually has lost all its members credit card details and
> doesn't know where they are
> - which is kind of dangerous, don't you think?
> 3. Or AUUG has lost its members credit card details, has no idea where
> they are and no idea how to retrieve them
> - errk, great, members' credit card numbers are effectively Lost In Space
> Sorry, guys, if you want to portray yourselves as a "Professional
> Organisation" for Unix (and other computing) professionals, "losing"
> credit card details because they are UNUSABLE (euphemism: too secure)
> really kinda shoots you in the foot.
> Talk - The AUUG discussion list.
> Talk at auug.org.au
More information about the Talk