Full Disclosure mailing list archives
Re: Compliance Is Wasted Money, Study Finds
From: Shaqe Wan <sha8e () yahoo com>
Date: Mon, 26 Apr 2010 22:36:16 -0700 (PDT)
Hola, The problem is not weather they are educated against other standards or policies or not, the problem is that without this compliance you can't work with CC !!! Its something that is enforced on you ! BTW: why don't people discuss what is the points missing in the PCI Compliance better than this argue ? Regards, ________________________________ From: Christian Sciberras <uuf6429 () gmail com> To: Shaqe Wan <sha8e () yahoo com> Cc: full-disclosure () lists grok org uk Sent: Mon, April 26, 2010 4:19:27 PM Subject: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds OK. "All those in favour of PCI raises their hands." Kidding aside, of course it is a must, since the said companies doesn't have any notion of security before this happens. However, how much is this actually helpful? Now let's be honest, how much would it stop a potential attacker from getting into a system "protected" by PCI? Little, if at all. On the other hand, a company should adopt real and complete security practices. Again, my point is, these companies shouldn't be "educated" or limit their security to this standard. Because if they do (and I'm pretty sure they do) would make this standard pretty much useless. Anyway, I won't get into this argument, since no one will give a sh*t about it anyway. Cheers. On Mon, Apr 26, 2010 at 3:02 PM, Shaqe Wan <sha8e () yahoo com> wrote: Christian,
Did you read my first post? ((( IMO, PCI is not that big security policy, but without it your not able to use the credit card companies gateway. Ithink its just the basics that any company dealing with CC must implement. Because it shall be nonsense to deal with CC, and not have an Anti-virus for example !! )))I am not stating that PCI is good in no way, but I am saying that its a MUST for companies dealing with CC. And in a windows environment, an AV is important.He probably thought that I am with the rules of PCI, or that I don't have any idea that the world is not just WINDOWS !!! Regards,
________________________________
From: Christian Sciberras <uuf6429 () gmail com> To: Shaqe Wan <sha8e () yahoo com> Cc: full-disclosure () lists grok org uk Sent: Mon, April 26, 2010 3:54:20 PM Subject: Re: [Full-disclosure] Compliance Is Wasted Money, Study FindsWhy exactly are you complying with Nick's statements? I would have thought you guys were arguing against said statements?By the way, requirement #6 is particularly funny; it sounds peculiarly redundant to me... Cheers. On Mon, Apr 26, 2010 at 7:34 AM, Shaqe Wan <sha8e () yahoo com> wrote:Nick,Please if you don't know what the standards are, please read: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml See Requirement #5. Read that requirement carefully and its not bad to read it twice though in case you don't figure it out from the first glance ! Also, I said that using an AV is some basic thing to do in any company that wants to deal with CC, its a basic thing for even companies not dealing with CC too !!! Or do you state that people must use a BOX with no AV installed on it? If you believe in that fact? Then please request a change in the PCI DSS requirements and make them force the usage of a non Windows O.S, such as any *n?x system. Finally, the topic here is not about "default allow vs default deny" and if I understand what that is or not! You can open a new discussion about that, and I shall join there and discuss it further with you, in case you need some clarification regarding it. Regards, Shaqe --- On Sun, 4/25/10, Nick FitzGerald <nick () virus-l demon co uk> wrote:From: Nick FitzGerald <nick () virus-l demon co uk>Subject: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds To: full-disclosure () lists grok org uk Date: Sunday, April 25, 2010, 1:57 PM Shaqe Wan wrote: <<snip>>Because it shall be nonsense to deal with CC, and not have an Anti-virus for example !!Well, you see, _that_ is abject nonsense on its face. Do you have any understanding of one of the most basic of security issues -- default allow vs. default deny? There are many more secure ways to run systems _without_ antivirus software. Anyone authoritatively stating that antivirus software is a necessary component of a "reasonably secure" system is a fool. Anyone authoritatively stating that antivirus software is a necessary component of a "sufficiently secure" system is one (or more) of; a fool, a person with an unusually low standard of system security, or ashill for an antivirus producer. So _if_, as you and another recent poster strongly imply, the PCI standards include a specific _requirement_ for antivirus software, then the standards themselves are total nonsense... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Compliance Is Wasted Money, Study Finds, (continued)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 25)
- Re: Compliance Is Wasted Money, Study Finds Tracy Reed (Apr 25)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 25)
- Re: Compliance Is Wasted Money, Study Finds Digital X (Apr 26)
- Re: Compliance Is Wasted Money, Study Finds Shaqe Wan (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Shaqe Wan (Apr 26)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 26)
- Re: Compliance Is Wasted Money, Study Finds Shaqe Wan (Apr 26)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 26)
- Re: Compliance Is Wasted Money, Study Finds Shaqe Wan (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Shaqe Wan (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Lyal Collins (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Shaqe Wan (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Shaqe Wan (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 27)
- Re: Compliance Is Wasted Money, Study Finds wilder_jeff Wilder (Apr 27)