Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach

[security curmudgeon <jericho () attrition org>]

On Mon, 27 Jul 2009, Alexandre Dulaunoy wrote:

: On Mon, Jul 27, 2009 at 8:55 PM, Anton Chuvakin<anton () chuvakin org> wrote:
: > They probably were NOT, contrary to what their spokesperson seem to say.
: 
: Network solutions is listed in the PCI DSS Validated Services Providers 
: starting of October 31, 2008. The assessor was Payment Software Company 
: (PSC).

Yes, but according to Visa and PCI cheerleaders, that means they were PCI 
compliant on October 31, 2008, probably at 3:32p and not one minute 
after, let alone a day after, let alone a month(s)..

The silly part of this is that there is any debate on compliance status. 
The fact that the NetSol person may be wrong (per Anton), Visa lists 
compliance as of 9 months ago and it taking a ouija board to figure out 
compliance *today* speaks volumes.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.