funsec mailing list archives
Re: Former Hannaford CIO: Avoid Microsoft and Change PCI'sEncryption Rule s
From: "Alex Eckelberry" <AlexE () sunbelt-software com>
Date: Fri, 11 Jul 2008 09:37:45 -0400
Retailers have problems with secuirity? Naaahhh -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Paul Ferguson Sent: Friday, July 11, 2008 2:00 AM To: funsec () linuxbox org Subject: [funsec] Former Hannaford CIO: Avoid Microsoft and Change PCI'sEncryption Rule s -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via StorefrontBacktalk. [snip] Bill Homa, who just stepped down July 1 as the CIO for the 165-store Hannaford grocery chain, considers Microsoft's OS to be "so full of holes" and describes the fact that current PCI regs do not require end-to-end encryption as "astonishing." But Homa's key point is that most retailers handle security backwards: Don't pour everything in protecting the frontdoor. Assume they'll get through and have a plan to control them once they're inside. One of the most frustrating IT security realities in retail today is the quintessential oxymoron: the more serious the CIO is about keeping data secure and the more sophisticated a defense is deployed, the more points of vulnerability emerge. [snip] More: http://storefrontbacktalk.com/story/071108homa - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIdvbwq1pz9mNUZTMRApgsAKDlDkp5kdPjRIVIxqx81RMRvJTH0ACeJ95Q wTtu/veg+jTQTJY1fJ/ETmw= =2PZw -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Former Hannaford CIO: Avoid Microsoft and Change PCI's Encryption Rule s Paul Ferguson (Jul 10)
- Re: Former Hannaford CIO: Avoid Microsoft and Change PCI'sEncryption Rule s Alex Eckelberry (Jul 11)