[BlueOnyx:20936] Re: OpenSSH and PCI on 5208R
Michael Stauber
mstauber at blueonyx.it
Thu Apr 20 15:27:55 -05 2017
Hi Jim,
> I completely agree with you on the logic behind CVE-2016-10012, but
> TrustWave is not likely to agree. Some of the requirements for this are
> really odd. Credit card info never touches our server as it is sent
> directly to the gateway processor, but since we put the form up, they
> insist on our passing a scan. Makes no sense to me - we absolutely never
> see or touch credit card info, not even in any kind of pass-through. It
> goes directly from the form in the client's browser to authorize.net.
Yeah, to me this whole PCI-compliance stuff has always been vodoo-IT:
Let them stick some needles into the server so that one of their college
dropouts can check the colour of the smoke and issue you a certificate
that's not worth the paper that it's printed on. :-)
PCI compliance is what what we get when we allow he banking sector and
insurances define de-facto security standards. It's only got a
monetization value (for them) and does zilch for security in general.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list