| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 May 2011 02:49:05 +0000 From: "Thor (Hammer of God)" <thor@...merofgod.com> To: Tracy Reed <treed@...raviolet.org>, "Ivan ." <ivanhec@...il.com> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: Sony: No firewall and no patches > -----Original Message----- > From: Tracy Reed [mailto:treed@...raviolet.org] > Sent: Monday, May 09, 2011 7:17 PM > To: Ivan . > Cc: Thor (Hammer of God); full-disclosure@...ts.grok.org.uk > Subject: Re: [Full-disclosure] Sony: No firewall and no patches > > On Tue, May 10, 2011 at 09:33:23AM +1000, Ivan . spake thusly: > > I guess that makes a mockery of the PCI DSS framework! > > Not at all. PCI DSS does not guarantee security. And if they didn't have a > firewall and were running outdated software they weren't compliant > anyway. I agree - You can chalk that one up to the auditors. There was mention of that in the article, and I too would be interested in what auditing firm signed off on that one. I too am in the list of people hosed, and it is this type of thing that makes me happy that I practice what I preach when it comes to using a separate card (and account) for internet purchases as well as an assigned PO box. I'm *really* glad I used a fake birthday, but I do that all the time. SONY ORD stock has also dropped 10% since the 26th of April. Pretty harsh. This will end up costing everyone quite a bit. t _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists