Re: [mailop] conventional wisdom, was Google rejects a TLS connection

2017-03-17 Thread Royce Williams
On Fri, Mar 17, 2017 at 4:21 PM, Bill Campbell wrote: > I've had PCI testers complain when they tried port scans on > systems we monitor, and their IPs were blocked almost > immediately. They couldn't understand active measures that > detect attacks and take actions to

Re: [mailop] conventional wisdom, was Google rejects a TLS connection

2017-03-17 Thread Bill Campbell
On Fri, Mar 17, 2017, Laura Atkins wrote: > > On Mar 17, 2017, at 7:47 AM, John R Levine <[1]jo...@taugh.com> wrote: > > On Fri, 17 Mar 2017, Eric Henson wrote: > > As a PCI compliant company, we have to go to great lengths to secure > any system that stores, processes, or transacts

Re: [mailop] conventional wisdom, was Google rejects a TLS connection

2017-03-17 Thread D'Arcy Cain
On 2017-03-17 03:10 PM, Doug McIntyre wrote: The funniest PCI audit request I've come across is a customer had their PCI onsite auditor require the combination of their colo rack to be reset to 000 at the end of every visit. Not doing so would be a violation of their PCI security. I suspect

Re: [mailop] conventional wisdom, was Google rejects a TLS connection

2017-03-17 Thread Royce Williams
On Fri, Mar 17, 2017 at 9:42 AM, wrote: > On 17 Mar 2017 15:47:50 +0100, "John R Levine" said: > >> I used to have my own credit card account and my card processor demanded >> PCI compliance. About 1/4 of it was reasonable, 3/4 was cargo cult stuff >> that mostly

Re: [mailop] conventional wisdom, was Google rejects a TLS connection

2017-03-17 Thread Doug McIntyre
On Fri, Mar 17, 2017 at 01:42:16PM -0400, valdis.kletni...@vt.edu wrote: > I gave up on thinking that PCI was something other than an extortion racket a > number of years ago, when somebody reported on the major breaches of the year > and noted that 100% of them were in full PCI compliance at the

Re: [mailop] conventional wisdom, was Google rejects a TLS connection

2017-03-17 Thread Dave Warren
On Thu, Mar 16, 2017, at 17:38, John Levine wrote: > In article > <1489684655.3176120.913642288.0d732...@webmail.messagingengine.com> you > write: > >You can make a rule against sending credit cards by email, but if > >customer service reps know it works they might still encourage a > >customer to

Re: [mailop] conventional wisdom, was Google rejects a TLS connection

2017-03-17 Thread valdis . kletnieks
On 17 Mar 2017 15:47:50 +0100, "John R Levine" said: > I used to have my own credit card account and my card processor demanded > PCI compliance. About 1/4 of it was reasonable, 3/4 was cargo cult stuff > that mostly involved stuff like setting packet filters so they couldn't > probe ports that

Re: [mailop] conventional wisdom, was Google rejects a TLS connection

2017-03-17 Thread Laura Atkins
> On Mar 17, 2017, at 7:47 AM, John R Levine wrote: > > On Fri, 17 Mar 2017, Eric Henson wrote: > >> As a PCI compliant company, we have to go to great lengths to secure any >> system that stores, processes, or transacts credit card data. If that >> included our email

Re: [mailop] conventional wisdom, was Google rejects a TLS connection

2017-03-17 Thread John R Levine
On Fri, 17 Mar 2017, Eric Henson wrote: As a PCI compliant company, we have to go to great lengths to secure any system that stores, processes, or transacts credit card data. If that included our email servers, that would put every single mail server, every single mail client, including smart

Re: [mailop] conventional wisdom, was Google rejects a TLS connection

2017-03-17 Thread Paul Smith
On 17/03/2017 14:18, Eric Henson wrote: As a PCI compliant company, we have to go to great lengths to secure any system that stores, processes, or transacts credit card data. If that included our email servers, that would put every single mail server, every single mail client, including smart

Re: [mailop] conventional wisdom, was Google rejects a TLS connection

2017-03-17 Thread Vick Khera
On Thu, Mar 16, 2017 at 8:38 PM, John Levine wrote: > So just out of nosiness, when's the last time Something Bad Happened > in real life due to sending credit card info by e-mail? > One of my buddies does design and consulting of networks for industries regulated by federal

Re: [mailop] conventional wisdom, was Google rejects a TLS connection

2017-03-17 Thread Eric Henson
Of John Levine Sent: Thursday, March 16, 2017 7:38 PM To: mailop@mailop.org Cc: da...@hireahit.com Subject: Re: [mailop] conventional wisdom, was Google rejects a TLS connection In article <1489684655.3176120.913642288.0d732...@webmail.messagingengine.com> you write: >You can make a rul

Re: [mailop] conventional wisdom, was Google rejects a TLS connection

2017-03-17 Thread John Levine
In article <1489684655.3176120.913642288.0d732...@webmail.messagingengine.com> you write: >You can make a rule against sending credit cards by email, but if >customer service reps know it works they might still encourage a >customer to do it as it's faster and easier than other options (fax,