Don't get me started on companies like this! PCI compliance isn't a bad thing, security is always a good thing but companies that just try and use automated vulnerability scanners are just wasting everyone time and money. Security is a procedural thing, not a technology one.
Use a better auditing company. You are being ripped off. Dan On 06/05/12 16:15, Richard Barker wrote: > Ok someone needs to tell the CC companies, ETrust and > https://www.securitymetrics.com/ > > RC > > On 5/6/2012 10:58 AM, Michael Stauber wrote: >> Hi Richard, >> >>> PCI Dss Compliance Issues for 5106R >>> >>> Description: Possible vulnerability in Net Tools PKI Server Severity: >>> Potential Problem CVE: CVE-2000-0739 >>> Details: Service: 444:TCP Port 444/tcp open >> On a BlueOnyx port 444 runs AdmServ and not PKI Server. So this doesn't apply >> here. >> >> Your vulnerbaility checker is not really testing the software. It just makes >> some assumptions like "Oh, port 444 is active, let me sound an alarm!" >> >> Which is not really helpful. ;-) >> > -- Find me online : http://www.dogsbody.info/ _______________________________________________ Blueonyx mailing list [email protected] http://mail.blueonyx.it/mailman/listinfo/blueonyx
