are there PCI DSS (or equivalent) requirements for user-interface security for cardholders?

The PCI DSS requirements around account security (password strength, password changes, etc.) all seem to apply to system users who have access to cardholder data.

Are there any industry standards that apply to the user (i.e. cardholder) accounts themselves?

In other words, suppose I find out that my banking website allows me to set my user account password to “dog”. Is there some banking-specific industry regulation that this violates, that I can point them to?

Cryptographic requirements for GDPR

I’m looking into how to store emails and data regarding GDPR. The reasoning is that it would be beneficial to store users emails linked to certain data (shop data about purchases and questionnaires). E.g.

  • User u email
  • User u purchased product x
  • User u questionnaire about experience of product x

I’ve read into how hashing the emails could allow for pseudonymized data, but I’m not sure if this is enough, for example.

“Although you no longer have the email addresses of all your users, you could easily compare your database to a list of known email addresses to identify which of those people use your service.”

  • https://www.reddit.com/r/gdpr/comments/8rpb0c/storing_email_hashes_only/

There will always be a situation in which people would be able to recover the anonymised data, so my question is, is hashing of emails enough for GDPR? If not then what is the minimum requirement from a cryptographic point of view?

Installation of Google Stenographer and its directory access requirements

I’m hoping someone could answer what I’m sure is a basic question about the Ubuntu/Linux directory structure. I am trying to get Google Stenographer installed/configured on my Ubuntu 16.04LTS box. The instructions I am following (https://github.com/google/stenographer/blob/master/INSTALL.md) state the following:

There are a few directories Stenographer needs in order to run correctly:

/etc/stenographer root:root/0755
/etc/stenographer/certs stenographer:stenographer/0750

My question is, can someone please describe to me what is meant by the “root:root/0755” and “stenographer:stenographer/0750” portions of those lines?

The information I’ve been able to find leads me to think they are related to group/user/permission levels perhaps??? And if so, what do the 0755 and 0750 indicate?

Thank you! Jeff S.

Requirements to stay over in Dubai while transit?/

My Flight is on 25th June 2019 and I’m travelling from Guatemala to India but i want to stay in Dubai to visit my Cousins over there and back to India.

I’m a Indian Citizen

Do we get visa on arrival or we need to travel with the visa??

Because my friends travelled through Dubai and stayed over there for 15days and they got on arrival visa and just to confirm before booking the Tickets.

Are PCI DSS standard requirements regarding TLS applicable only to customer facing webs or to whole even internal networks?

I have found Are You Ready for 30 June 2018? Saying Goodbye to SSL/early TLS article that says TLS 1.0 should be disabled:

30 June 2018 is the deadline for disabling SSL/early TLS and implementing a more secure encryption protocol – TLS 1.1 or higher (TLS v1.2 is strongly encouraged) in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data.

Is PCI DSS standard requirements regarding TLS applicable only to customer facing webs or to whole even internal networks?

Develop based on my current requirements only?

I’ve a service called Claims-Service which has following signature:

IClaimsService { EnsureClaim(claimType, userId) }

It queries database to see if the claim is present in any of my roles or not.

Based on my current requirements, I don’t have a scenario which requires a user to have more than one claim to do something, but I think I’m going to need it in near future. (I’m in the very beginning of the project)

Is it ok to add following method to my service or not?

EnsureClaims( claimTypes, userId )

So I can pass array of claim types to it.

What pros and cons do you see if I develop the second method in my service?

Note that EnsureClaim and EnsureClaims need their own queries and there won’t be any type of code re use. So I’m talking about developing new codes, automated tests & code review. And I’m not talking about huge amount of new codes.