[BlueOnyx:04493] Re: PCI scans - with link to report

webmaster webmaster at oldcabin.net
Sat May 15 11:43:07 -05 2010 



Jeff,

Thanks for your input.

I have posted that report here: 
www.oldcabin.net/Port-scan-resultst.doc & 
www.oldcabin.net/port-scan-results.txt


My biggest concern is...... I though the BX systems were up to 
date?  When yum runs it takes care of updates/patches and such?

After receiving the report I was floored because my old cobalt 550 
only had one error and the BX had four.  I didn't think I was going 
to have to start hacking/patching the BX system like I have to do 
manually with the RAQ.

When you look at the report notice the first entry for bugzilla?
I don't think I even have that on my system but the report says it 
needs to updated.
Huh?
Could their report be wrong?


>I never did see the report. Are the findings a result of base software
>on the server, or vulnerable scripts on the customer's site. If the
>later, shouldn't the customer be responsible for compliance? If you
>created the website, well, then I guess it would be you.
>
>As in the case of bind, did you supply the complete version and
>release/patch level for your software? Having managed a data center
>for a bank, and dealt with SOX auditors and federal/state examiners, I
>kept a "living" document continually updated with this information.
>Auditors are basically uninformed about doing this stuff. They just
>make you prove how you adhere to the letter of the policy. Always
>answer a question completely, but don't offer anything additional. You
>don't want to open any doors for additional questions.
>
>As PCI compliance goes... People tend to think that doing the
>processing software themselves is cost efficient... I disagree.
>Outsourcing this makes a LOT of sense these days. DO NOT save card
>numbers, and send the shopping cart to the processor for check out.
>Poof, compliance challenges are gone.
>
>Post a link to the report, I'll be happy to make a recommendation...
>But don't be surprised if I answer that you should outsource some
>aspect.
>
>Regards;
>Jeff
>
>On May 15, 2010, at 9:40 AM, webmaster wrote:
>
> >
> >
> > So no feedback on this?
> >
> > Getting frustrated with BX.
> >
> > I thought this was the latest and greatest.
> >
> > Guess it's time to abandon the 550/BQ/BX world and move to another
> > hosting platform.
> >
> > Cpanel here I come?
> >
> > So sad. Your such a fun group
> >
> >
> >
> >> Had a PCI compliant company scan my BlueOnyx system today and got 4
> >> failures.
> >> (Report was pasted to the bottom of this email)
> >>
> >> Do any of you host sites that take credit cards?
> >>
> >> If so how are you getting your machines to pass these tests?
> >>
> >> Are you doing something special other than the nightly yum updates?
> >>
> >> My old 550 had less errors when they scanned it. (only one)
> >>
> >> If you want to see the report I can post it with link
> >>
> >> --Tim
> >>
> >>
> >> _______________________________________________
> >> Blueonyx mailing list
> >> Blueonyx at blueonyx.it
> >> http://www.blueonyx.it/mailman/listinfo/blueonyx
> >
> > _______________________________________________
> > Blueonyx mailing list
> > Blueonyx at blueonyx.it
> > http://www.blueonyx.it/mailman/listinfo/blueonyx
>
>_______________________________________________
>Blueonyx mailing list
>Blueonyx at blueonyx.it
>http://www.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list