funsec mailing list archives
Re: The PCI sky *isn't* falling!
From: Todd Parker <kitsune () sbcglobal net>
Date: Mon, 23 Mar 2009 11:50:24 -0700 (PDT)
The dirty secret PCI is trying to hide, is that much of the information flying on their clients networks is cleartext. I've been inside some of those networks, and was appalled. ________________________________ From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca> To: funsec () linuxbox org Sent: Monday, March 23, 2009 12:15:20 PM Subject: [funsec] The PCI sky *isn't* falling! http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti cleId=9130073&intsrc=news_ts_head "Visa Inc.’s top risk management executive dismissed what she described as `recent rumblings' about the possible demise of the PCI data security rules as `premature' and `dangerous' to long-term efforts to ensure that credit and debit card data is secure." Well, they're certainly dangerous to Visa's long-term efforts to control the finance markets. "[D]espite recent data breaches at two payment processors, the Payment Card Industry Data Security Standard (PCI DSS) `remains an effective security tool when implemented properly.' Why does this remind me of "an important part of this complete breakfast"? "The officer added that breaches such as the ones at Heartland Payment Systems Inc. and RBS WorldPay Inc. were shaping public opinion and obscuring what otherwise has been `substantial progress' on the security front over the past year." How *dare* the news shape public opinion? “I am sure that everyone in this room has read the headlines questioning how an event of this magnitude could still happen even now,” the officer said, referring to the Heartland breach. “The fact is, it never should have,” and indeed would not have if Heartland had been vigilant about maintaining its PCI compliance, according to the officer. Trust us. “As we have said before,” she continued, “no compromised entity has yet been found to be in compliance with PCI DSS at the time of a breach.” Requirement 15: Thou shalt have no breaches. “While this situation is unfortunate, it does not make me question the tools we have at our disposal,” she said of the PCI rules. No, of course not ... ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org An Englishman, even if he is alone, forms an orderly queue of one - George Mikes http://victoria.tc.ca/techrev/rms.htm http://blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- The PCI sky *isn't* falling! Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 23)
- Re: The PCI sky *isn't* falling! Todd Parker (Mar 23)
- Re: The PCI sky *isn't* falling! Jon Kibler (Mar 23)
- Re: The PCI sky *isn't* falling! Jon Kibler (Mar 23)
- Re: The PCI sky *isn't* falling! Anton Chuvakin (Mar 23)
- Re: The PCI sky *isn't* falling! Alex Eckelberry (Mar 23)
- Re: The PCI sky *isn't* falling! Drsolly (Mar 23)
- Re: The PCI sky *isn't* falling! security curmudgeon (Mar 23)
- Re: The PCI sky *isn't* falling! Anton Chuvakin (Mar 23)
- Re: The PCI sky *isn't* falling! Amrit Williams (Mar 23)
- Re: The PCI sky *isn't* falling! Paul Ferguson (Mar 23)
- Re: The PCI sky *isn't* falling! Anton Chuvakin (Mar 23)
- Re: The PCI sky *isn't* falling! security curmudgeon (Mar 23)
- Re: The PCI sky *isn't* falling! Todd Parker (Mar 23)