On Mon, 27 Jul 2009 22:11:08 +0200, Alexandre Dulaunoy said: > On Mon, Jul 27, 2009 at 8:55 PM, Anton Chuvakin<an...@chuvakin.org> wrote: > > They probably were NOT, contrary to what their spokesperson seem to say. > > Network solutions is listed in the PCI DSS Validated Services Providers > starting > of October 31, 2008. The assessor was Payment Software Company (PSC).
Note the vast difference between the following three things: 1) PSC says Network Solutions appears to be compliant, based on their canned checklist. 2) Network Solutions is actually compliant in both letter and spirit, including all the nooks and crannies that PSC didn't poke into. 3) Although "fully compliant" is *probably* more secure than "didn't even think about being compliant", "fully compliant" doesn't therefor imply "fully secure".
pgprUrPx4UyuZ.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
