funsec mailing list archives
Re: The PCI sky *isn't* falling!
From: "Alex Eckelberry" <AlexE () sunbelt-software com>
Date: Mon, 23 Mar 2009 21:16:55 -0400
I agree, PCI is a stupid, idiotic standard but it does force some basic best practices. But to think it's a fix is "whistling past the graveyard". Alex -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Anton Chuvakin Sent: Monday, March 23, 2009 8:01 PM To: funsec () linuxbox org Subject: Re: [funsec] The PCI sky *isn't* falling!
same answer: "I don't participate in security theater." I think this
First, I am amazed how people so intelligent can hold opinions so shortsighted :-) I'd say that PCI DSS did more to information security than *anything else* since Windows added automated updates. Now, I've said it :-) But if you are looking for a proof of this, it is actually elsewhere: that mentioned "security theater" actually made people who were COMPLETELY ignoring security look at security - and then screw it up. And you know what? I think such motion from total ignorance to doing "a piss-poor job" of security represents a huge progress for such, mostly small, organizations. Now, some might say that my argument is of the type "Why do 99% of lawyers give the rest a bad name?", but it is not. I am pretty sure that even companies that "do it just the auditor" or, worse, deceive their PCI assessor still gain a tiny fraction of risk reduction, both for themselves - and for the rest of us. -- Anton Chuvakin, Ph.D http://www.chuvakin.org http://chuvakin.blogspot.com http://www.info-secure.org _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- The PCI sky *isn't* falling! Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 23)
- Re: The PCI sky *isn't* falling! Todd Parker (Mar 23)
- Re: The PCI sky *isn't* falling! Jon Kibler (Mar 23)
- Re: The PCI sky *isn't* falling! Jon Kibler (Mar 23)
- Re: The PCI sky *isn't* falling! Anton Chuvakin (Mar 23)
- Re: The PCI sky *isn't* falling! Alex Eckelberry (Mar 23)
- Re: The PCI sky *isn't* falling! Drsolly (Mar 23)
- Re: The PCI sky *isn't* falling! security curmudgeon (Mar 23)
- Re: The PCI sky *isn't* falling! Anton Chuvakin (Mar 23)
- Re: The PCI sky *isn't* falling! Amrit Williams (Mar 23)
- Re: The PCI sky *isn't* falling! Paul Ferguson (Mar 23)
- Re: The PCI sky *isn't* falling! Anton Chuvakin (Mar 23)
- Re: The PCI sky *isn't* falling! security curmudgeon (Mar 23)
- Re: The PCI sky *isn't* falling! Drsolly (Mar 24)
- Re: The PCI sky *isn't* falling! Anton Chuvakin (Mar 24)
- Re: The PCI sky *isn't* falling! Todd Parker (Mar 23)
- Re: The PCI sky *isn't* falling! Justin D. Scott (Mar 23)
- Re: The PCI sky *isn't* falling! Drsolly (Mar 24)