lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <q2j3af3d47c1004260554kf173f7v3e03080125140a9c@mail.gmail.com>
Date: Mon, 26 Apr 2010 14:54:20 +0200
From: Christian Sciberras <uuf6429@...il.com>
To: Shaqe Wan <sha8e@...oo.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Compliance Is Wasted Money, Study Finds

Why exactly are you complying with Nick's statements? I would have thought
you guys were arguing against said statements?


By the way, requirement #6 is particularly funny; it sounds peculiarly
redundant to me...

Cheers.




On Mon, Apr 26, 2010 at 7:34 AM, Shaqe Wan <sha8e@...oo.com> wrote:

>
> Nick,
>
> Please if you don't know what the standards are, please read:
>
> https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml
>
> See *Requirement #5*. Read that requirement carefully and its not bad to
> read it twice though in case you don't figure it out from the first glance !
>
> Also, I said that using an AV is some basic thing to do in any company that
> wants to deal with CC, its a basic thing for even companies not dealing with
> CC too !!! Or do you state that people must use a BOX with no AV installed
> on it? If you believe in that fact? Then please request a change in the PCI
> DSS requirements and make them force the usage of a non Windows O.S, such as
> any *n?x system.
>
> Finally, the topic here is not about "default allow vs default deny" and if
> I understand what that is or not! You can open a new discussion about that,
> and I shall join there and discuss it further with you, in case you need
> some clarification regarding it.
>
> Regards,
> Shaqe
>
>
> --- On *Sun, 4/25/10, Nick FitzGerald <nick@...us-l.demon.co.uk>* wrote:
>
>
> From: Nick FitzGerald <nick@...us-l.demon.co.uk>
> Subject: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
> To: full-disclosure@...ts.grok.org.uk
> Date: Sunday, April 25, 2010, 1:57 PM
>
> Shaqe Wan wrote:
>
> <<snip>>
> > Because it shall be nonsense to deal with CC, and not have an Anti-virus
> for example !!
>
> Well, you see, _that_ is abject nonsense on its face.
>
> Do you have any understanding of one of the most basic of security
> issues -- default allow vs. default deny?
>
> There are many more secure ways to run systems _without_ antivirus
> software.
>
> Anyone authoritatively stating that antivirus software is a necessary
> component of a "reasonably secure" system is a fool.
>
> Anyone authoritatively stating that antivirus software is a necessary
> component of a "sufficiently secure" system is one (or more) of; a
> fool, a person with an unusually low standard of system security, or a
> shill for an antivirus producer.
>
> So _if_, as you and another recent poster strongly imply, the PCI
> standards include a specific _requirement_ for antivirus software, then
> the standards themselves are total nonsense...
>
>
>
> Regards,
>
> Nick FitzGerald
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ