funsec mailing list archives
Re: The PCI sky *isn't* falling!
From: Jon Kibler <Jon.Kibler () aset com>
Date: Tue, 24 Mar 2009 06:10:23 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anton Chuvakin wrote:
same answer: "I don't participate in security theater." I think thisFirst, I am amazed how people so intelligent can hold opinions so shortsighted :-)
I unquestionably stand by my assertion that PCI DSS is pure security theater at its worst. Perhaps you do not understand the concept of "security theater"? In simple terms, security theater is trying to make something appear secure that is not. I never said that for organizations that had less than zero clue about security, it didn't make the organizations ever so slightly more secure. However, it is these security clueless organizations that "pass" PCI DSS, and now think that they are secure, that is the worst possible example of where PCI DSS fails. It is simply a stamp that leads organizations into a false sense of security -- security theater! PCI DSS is to information security what the TSA is to airport security. Both are clueless and nearly useless. Would we notice if either went away tomorrow? From the security perspective, I seriously doubt it. Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknIsY8ACgkQUVxQRc85QlPWIQCdGJCZxN6Gww3XvX8CFISjFIaf FfcAnA5EblMW3926/yNiuFcAYFzzUVYu =IGa6 -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: The PCI sky *isn't* falling!, (continued)
- Re: The PCI sky *isn't* falling! security curmudgeon (Mar 23)
- Re: The PCI sky *isn't* falling! Anton Chuvakin (Mar 23)
- Re: The PCI sky *isn't* falling! Amrit Williams (Mar 23)
- Re: The PCI sky *isn't* falling! Paul Ferguson (Mar 23)
- Re: The PCI sky *isn't* falling! security curmudgeon (Mar 23)
- Re: The PCI sky *isn't* falling! Drsolly (Mar 24)
- Re: The PCI sky *isn't* falling! Anton Chuvakin (Mar 24)
- Re: The PCI sky *isn't* falling! Justin D. Scott (Mar 23)
- Re: The PCI sky *isn't* falling! Drsolly (Mar 24)
- Re: The PCI sky *isn't* falling! Justin Scott (Mar 24)
- Re: The PCI sky *isn't* falling! Jon Kibler (Mar 24)
- security theater is useful, stop abusing it [was: PCI] Gadi Evron (Mar 24)
- Re: security theater is useful, stop abusing it [was: PCI] Benjamin April (Mar 24)
- Re: security theater is useful, stop abusing it [was: PCI] Imri Goldberg (Mar 24)
- Re: security theater is useful, stop abusing it [was: PCI] nick hatch (Mar 24)
- Re: The PCI sky *isn't* falling! David Harley (Mar 24)
- Re: The PCI sky *isn't* falling! Jon Kibler (Mar 24)
- why is certification useful anyway? [was: PCI] Gadi Evron (Mar 24)