Re: The PCI sky *isn't* falling!

[security curmudgeon <jericho () attrition org>]

: > same answer: "I don't participate in security theater." I think this
: 
: First, I am amazed how people so intelligent can hold opinions so
: shortsighted :-)

s/shortsighted/practical  ?

: I'd say that PCI DSS did more to information security than *anything 
: else* since Windows added automated updates.

Care to back that up in any way? I think the customers of Heartland, RBS 
and other compromises would disagree.

: Now, some might say that my argument is of the type "Why do 99% of 
: lawyers give the rest a bad name?", but it is not. I am pretty sure that 
: even companies that "do it just the auditor" or, worse, deceive their 
: PCI assessor still gain a tiny fraction of risk reduction, both for 
: themselves - and for the rest of us.

Is that "tiny fraction of risk reduction" evident in Heartland / RBS? Is 
that fraction worth the trade-off for an entirely inflated false sense of 
security?

:     Anton Chuvakin, Ph.D
:    http://www.chuvakin.org
: http://chuvakin.blogspot.com
:   http://www.info-secure.org

You forgot one part of your sig:

Director of PCI Compliance Solutions at Qualys


- security curmudgeon

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.