[BlueOnyx:10459] Re: PCI Dss Compliance Issues
Dogsbody
dan at dogsbody.org
Sun May 6 10:45:49 -05 2012
Don't get me started on companies like this!
PCI compliance isn't a bad thing, security is always a good thing but
companies that just try and use automated vulnerability scanners are
just wasting everyone time and money. Security is a procedural thing,
not a technology one.
Use a better auditing company. You are being ripped off.
Dan
On 06/05/12 16:15, Richard Barker wrote:
> Ok someone needs to tell the CC companies, ETrust and
> https://www.securitymetrics.com/
>
> RC
>
> On 5/6/2012 10:58 AM, Michael Stauber wrote:
>> Hi Richard,
>>
>>> PCI Dss Compliance Issues for 5106R
>>>
>>> Description: Possible vulnerability in Net Tools PKI Server Severity:
>>> Potential Problem CVE: CVE-2000-0739
>>> Details: Service: 444:TCP Port 444/tcp open
>> On a BlueOnyx port 444 runs AdmServ and not PKI Server. So this doesn't apply
>> here.
>>
>> Your vulnerbaility checker is not really testing the software. It just makes
>> some assumptions like "Oh, port 444 is active, let me sound an alarm!"
>>
>> Which is not really helpful. ;-)
>>
>
--
Find me online : http://www.dogsbody.info/
More information about the Blueonyx
mailing list