funsec mailing list archives
Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach
From: Valdis.Kletnieks () vt edu
Date: Mon, 27 Jul 2009 17:05:30 -0400
On Mon, 27 Jul 2009 22:11:08 +0200, Alexandre Dulaunoy said:
On Mon, Jul 27, 2009 at 8:55 PM, Anton Chuvakin<anton () chuvakin org> wrote:They probably were NOT, contrary to what their spokesperson seem to say.Network solutions is listed in the PCI DSS Validated Services Providers starting of October 31, 2008. The assessor was Payment Software Company (PSC).
Note the vast difference between the following three things: 1) PSC says Network Solutions appears to be compliant, based on their canned checklist. 2) Network Solutions is actually compliant in both letter and spirit, including all the nooks and crannies that PSC didn't poke into. 3) Although "fully compliant" is *probably* more secure than "didn't even think about being compliant", "fully compliant" doesn't therefor imply "fully secure".
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Fwd: [Dataloss] Network Solutions was PCI compliant before breach Paul Ferguson (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Valdis . Kletnieks (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Michael Graham (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach chris (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Michael Graham (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Chris Blask (Jul 27)
- Re: new cybersecurity laws (was: Network Solutions was PCI compliant before breach) Young, Keith (Jul 28)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach chris (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Alexandre Dulaunoy (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Valdis . Kletnieks (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliantbefore breach Larry Seltzer (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliantbefore breach chris (Jul 27)