lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20060510164251.2977EDA82F@mailserver7.hushmail.com>
Date: Wed May 10 17:43:29 2006
From: ngiles at hushmail.com ( )
Subject: VISA PCI DSS  standard : Good or bad?


Sit through the class and get a good understanding. Then crawl 
under your desk and hope you don't have to do one. "Use your best 
judgement" VISA golden rule right there..


On Wed, 10 May 2006 04:44:17 -0500 "newslist@...urity-
briefings.com" <newslist@...urity-briefings.com> wrote:
>Hello all
>
>Have you already face to the VISA PCI DSS standard?
>
>In case of your IT system store , manipulate, send credit card 
>numbers, 
>as a security professionals, you need to follow and make compliant 

>your 
>system with what VISA called the PCI DSS standard. the goal of 
>this 
>standard is to ensure that credit card of our customers are safe 
>from 
>evil hackers or employees...Great Idea!
>
>But for us,this standard have some weakness :
>- Commercial electronic payment organization designed an insecure 
>system  and now they want us to pay to secure their business !
>- To much focus on system and network security
>- Only a quarterly scan with any VISA compliant scanner such as 
>Qualys
>- None pentest on application level is required and when you think 

>that 
>as pentesters we almost always succeed to compromise sensitive 
>information such as credit card by a security bug at the 
>application 
>level , we do notice that it is the most important weakness.
>
>Never mind... VISA PCI DSS is here ...and we must apply it.
>
>There is some slides from Security Professionals Conference 2006 
>about 
>this topic that's worth to be read : "Two Approaches to PCI DSS 
>Compliance"
>go to http://www.security-briefings.com  for details
> 
>Regards
>
>Newslist [at] security-briefings.com
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ