funsec mailing list archives
Re: The PCI sky *isn't* falling!
From: security curmudgeon <jericho () attrition org>
Date: Tue, 24 Mar 2009 01:56:54 +0000 (UTC)
: > same answer: "I don't participate in security theater." I think this : : First, I am amazed how people so intelligent can hold opinions so : shortsighted :-) s/shortsighted/practical ? : I'd say that PCI DSS did more to information security than *anything : else* since Windows added automated updates. Care to back that up in any way? I think the customers of Heartland, RBS and other compromises would disagree. : Now, some might say that my argument is of the type "Why do 99% of : lawyers give the rest a bad name?", but it is not. I am pretty sure that : even companies that "do it just the auditor" or, worse, deceive their : PCI assessor still gain a tiny fraction of risk reduction, both for : themselves - and for the rest of us. Is that "tiny fraction of risk reduction" evident in Heartland / RBS? Is that fraction worth the trade-off for an entirely inflated false sense of security? : Anton Chuvakin, Ph.D : http://www.chuvakin.org : http://chuvakin.blogspot.com : http://www.info-secure.org You forgot one part of your sig: Director of PCI Compliance Solutions at Qualys - security curmudgeon _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- The PCI sky *isn't* falling! Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 23)
- Re: The PCI sky *isn't* falling! Todd Parker (Mar 23)
- Re: The PCI sky *isn't* falling! Jon Kibler (Mar 23)
- Re: The PCI sky *isn't* falling! Jon Kibler (Mar 23)
- Re: The PCI sky *isn't* falling! Anton Chuvakin (Mar 23)
- Re: The PCI sky *isn't* falling! Alex Eckelberry (Mar 23)
- Re: The PCI sky *isn't* falling! Drsolly (Mar 23)
- Re: The PCI sky *isn't* falling! security curmudgeon (Mar 23)
- Re: The PCI sky *isn't* falling! Anton Chuvakin (Mar 23)
- Re: The PCI sky *isn't* falling! Amrit Williams (Mar 23)
- Re: The PCI sky *isn't* falling! Paul Ferguson (Mar 23)
- Re: The PCI sky *isn't* falling! Anton Chuvakin (Mar 23)
- Re: The PCI sky *isn't* falling! security curmudgeon (Mar 23)
- Re: The PCI sky *isn't* falling! Drsolly (Mar 24)
- Re: The PCI sky *isn't* falling! Anton Chuvakin (Mar 24)
- Re: The PCI sky *isn't* falling! Todd Parker (Mar 23)
- Re: The PCI sky *isn't* falling! Justin D. Scott (Mar 23)
- Re: The PCI sky *isn't* falling! Drsolly (Mar 24)
- Re: The PCI sky *isn't* falling! Justin Scott (Mar 24)
- Re: The PCI sky *isn't* falling! Jon Kibler (Mar 24)