That is right. Its not a internet standard but a commonly used security
standard. Not only for the payment card industry but also for
web/internet server/services security audits amongst some other security
"recommendations". E.g. in case the website would process credit card
information.
Whether its a must or not, a standard or a recommendation, just go by
logic. Do you want to hand out (disclose) the version information of a
running service? Indicating which vulnerabilities the service has?
Believing the banner, Postfix 2.3.3 was released in Aug/Oct 2006 .......
Hari Kurup wrote:
On 11/28/09 12:21 PM, IT-Doc24 Ltd. - Rocco Radisch wrote:-
(the version information should be cut out, called banner, its against
PCI recommendation)
https://www.pcisecuritystandards.org/
right, so PCI stands for "Payment Card Industry"
They make standards that apply "to all organizations which hold,
process, or pass cardholder information from any card branded with the
logo of one of the card brands"
(ref:
http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard)
As they don't make internet standards (that is the work of the IETF), I
don't see why you would base on their recommendations unless you are one
of the said organisations.
--
Hari
_______________________________________________
LUG mailing list
[email protected]
http://kym.net/mailman/listinfo/lug
%LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
The above comments and data are owned by whoever posted them (including
attachments if any). The List's Host is not responsible for them in any way.
---------------------------------------
_______________________________________________
LUG mailing list
[email protected]
http://kym.net/mailman/listinfo/lug
%LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
The above comments and data are owned by whoever posted them (including
attachments if any). The List's Host is not responsible for them in any way.
---------------------------------------
