funsec mailing list archives
Re: The PCI sky *isn't* falling!
From: Drsolly <drsollyp () drsolly com>
Date: Mon, 23 Mar 2009 21:22:05 +0000 (GMT)
On Mon, 23 Mar 2009, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti cleId=9130073&intsrc=news_ts_head "Visa Inc.s top risk management executive dismissed what she described as `recent rumblings' about the possible demise of the PCI data security rules as `premature' and `dangerous' to long-term efforts to ensure that credit and debit card data is secure." Well, they're certainly dangerous to Visa's long-term efforts to control the finance markets. "[D]espite recent data breaches at two payment processors, the Payment Card Industry Data Security Standard (PCI DSS) `remains an effective security tool when implemented properly.'
And the "Perfect Antivirus", when used correctly, will detect all viruses past present and future, and give no false alarms. Plus it's free. I know the PCI DSS very well, and I doubt if more than a small percentage of the people who claim compliance, actually are. And that's without asking how secure a compliant system actually is.
Why does this remind me of "an important part of this complete breakfast"? "The officer added that breaches such as the ones at Heartland Payment Systems Inc. and RBS WorldPay Inc. were shaping public opinion and obscuring what otherwise has been `substantial progress' on the security front over the past year." How *dare* the news shape public opinion? I am sure that everyone in this room has read the headlines questioning how an event of this magnitude could still happen even now, the officer said, referring to the Heartland breach. The fact is, it never should have, and indeed would not have if Heartland had been vigilant about maintaining its PCI compliance, according to the officer. Trust us. As we have said before, she continued, no compromised entity has yet been found to be in compliance with PCI DSS at the time of a breach. Requirement 15: Thou shalt have no breaches. While this situation is unfortunate, it does not make me question the tools we have at our disposal, she said of the PCI rules. No, of course not ... ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org An Englishman, even if he is alone, forms an orderly queue of one - George Mikes http://victoria.tc.ca/techrev/rms.htm http://blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: security theater is useful, stop abusing it [was: PCI], (continued)
- Re: security theater is useful, stop abusing it [was: PCI] Benjamin April (Mar 24)
- Re: security theater is useful, stop abusing it [was: PCI] Imri Goldberg (Mar 24)
- Re: security theater is useful, stop abusing it [was: PCI] nick hatch (Mar 24)
- Re: The PCI sky *isn't* falling! Kaegler, Mike (Mar 24)
- Re: The PCI sky *isn't* falling! David Harley (Mar 24)
- Re: The PCI sky *isn't* falling! Jon Kibler (Mar 24)
- Re: The PCI sky *isn't* falling! nick hatch (Mar 23)
- why is certification useful anyway? [was: PCI] Gadi Evron (Mar 24)
- Re: The PCI sky *isn't* falling! Valdis . Kletnieks (Mar 23)
- Re: The PCI sky *isn't* falling! Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 23)
- Re: The PCI sky *isn't* falling! Drsolly (Mar 23)
- Re: The PCI sky *isn't* falling! Gadi Evron (Mar 24)
- Re: The PCI sky *isn't* falling! Jay Singala (Mar 25)