On Mon, 23 Mar 2009, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
> http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti > cleId=9130073&intsrc=news_ts_head > > "Visa Inc.s top risk management executive dismissed what she described as > `recent > rumblings' about the possible demise of the PCI data security rules as > `premature' > and `dangerous' to long-term efforts to ensure that credit and debit card > data is > secure." > > Well, they're certainly dangerous to Visa's long-term efforts to control the > finance > markets. > > "[D]espite recent data breaches at two payment processors, the Payment Card > Industry Data Security Standard (PCI DSS) `remains an effective security tool > when implemented properly.' And the "Perfect Antivirus", when used correctly, will detect all viruses past present and future, and give no false alarms. Plus it's free. I know the PCI DSS very well, and I doubt if more than a small percentage of the people who claim compliance, actually are. And that's without asking how secure a compliant system actually is. > Why does this remind me of "an important part of this complete breakfast"? > > "The officer added that breaches such as the ones at Heartland Payment > Systems > Inc. and RBS WorldPay Inc. were shaping public opinion and obscuring what > otherwise has been `substantial progress' on the security front over the past > year." > > How *dare* the news shape public opinion? > > I am sure that everyone in this room has read the headlines questioning how > an > event of this magnitude could still happen even now, the officer said, > referring to > the Heartland breach. The fact is, it never should have, and indeed would > not > have if Heartland had been vigilant about maintaining its PCI compliance, > according to the officer. > > Trust us. > > As we have said before, she continued, no compromised entity has yet been > found to be in compliance with PCI DSS at the time of a breach. > > Requirement 15: Thou shalt have no breaches. > > While this situation is unfortunate, it does not make me question the tools > we > have at our disposal, she said of the PCI rules. > > No, of course not ... > > ====================== (quote inserted randomly by Pegasus Mailer) > [email protected] [email protected] [email protected] > An Englishman, even if he is alone, forms an orderly queue of one > - George Mikes > http://victoria.tc.ca/techrev/rms.htm > http://blog.isc2.org/isc2_blog/slade/index.html > http://blogs.securiteam.com/index.php/archives/author/p1/ > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
