[BlueOnyx:04490] Re: PCI scans -trying again without the report

Jeff Folk jefffolk at mac.com
Sat May 15 10:15:57 -05 2010 

I never did see the report. Are the findings a result of base software  
on the server, or vulnerable scripts on the customer's site. If the  
later, shouldn't the customer be responsible for compliance? If you  
created the website, well, then I guess it would be you.

As in the case of bind, did you supply the complete version and  
release/patch level for your software? Having managed a data center  
for a bank, and dealt with SOX auditors and federal/state examiners, I  
kept a "living" document continually updated with this information.  
Auditors are basically uninformed about doing this stuff. They just  
make you prove how you adhere to the letter of the policy. Always  
answer a question completely, but don't offer anything additional. You  
don't want to open any doors for additional questions.

As PCI compliance goes... People tend to think that doing the  
processing software themselves is cost efficient... I disagree.  
Outsourcing this makes a LOT of sense these days. DO NOT save card  
numbers, and send the shopping cart to the processor for check out.  
Poof, compliance challenges are gone.

Post a link to the report, I'll be happy to make a recommendation...  
But don't be surprised if I answer that you should outsource some  
aspect.

Regards;
Jeff

On May 15, 2010, at 9:40 AM, webmaster wrote:

>
>
> So no feedback on this?
>
> Getting frustrated with BX.
>
> I thought this was the latest and greatest.
>
> Guess it's time to abandon the 550/BQ/BX world and move to another
> hosting platform.
>
> Cpanel here I come?
>
> So sad. Your such a fun group
>
>
>
>> Had a PCI compliant company scan my BlueOnyx system today and got 4  
>> failures.
>> (Report was pasted to the bottom of this email)
>>
>> Do any of you host sites that take credit cards?
>>
>> If so how are you getting your machines to pass these tests?
>>
>> Are you doing something special other than the nightly yum updates?
>>
>> My old 550 had less errors when they scanned it. (only one)
>>
>> If you want to see the report I can post it with link
>>
>> --Tim
>>
>>
>> _______________________________________________
>> Blueonyx mailing list
>> Blueonyx at blueonyx.it
>> http://www.blueonyx.it/mailman/listinfo/blueonyx
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list