[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] VISA PCI DSS standard : Good or bad?

To: <full-disclosure@xxxxxxxxxxxxxxxxx>, <newslist@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] VISA PCI DSS standard : Good or bad?
From: " " <ngiles@xxxxxxxxxxxx>
Date: Wed, 10 May 2006 11:42:49 -0500

Sit through the class and get a good understanding. Then crawl 
under your desk and hope you don't have to do one. "Use your best 
judgement" VISA golden rule right there..


On Wed, 10 May 2006 04:44:17 -0500 "newslist@security-
briefings.com" <newslist@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>Hello all
>
>Have you already face to the VISA PCI DSS standard?
>
>In case of your IT system store , manipulate, send credit card 
>numbers, 
>as a security professionals, you need to follow and make compliant 

>your 
>system with what VISA called the PCI DSS standard. the goal of 
>this 
>standard is to ensure that credit card of our customers are safe 
>from 
>evil hackers or employees...Great Idea!
>
>But for us,this standard have some weakness :
>- Commercial electronic payment organization designed an insecure 
>system  and now they want us to pay to secure their business !
>- To much focus on system and network security
>- Only a quarterly scan with any VISA compliant scanner such as 
>Qualys
>- None pentest on application level is required and when you think 

>that 
>as pentesters we almost always succeed to compromise sensitive 
>information such as credit card by a security bug at the 
>application 
>level , we do notice that it is the most important weakness.
>
>Never mind... VISA PCI DSS is here ...and we must apply it.
>
>There is some slides from Security Professionals Conference 2006 
>about 
>this topic that's worth to be read : "Two Approaches to PCI DSS 
>Compliance"
>go to http://www.security-briefings.com  for details
> 
>Regards
>
>Newslist [at] security-briefings.com
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Cisco Security Advisory: AVS TCP Relay Vulnerability
Next by Date: [Full-disclosure] [ MDKSA-2006:084 ] - Updated MySQL packages fix several vulnerabilities
Previous by thread: [Full-disclosure] VISA PCI DSS standard : Good or bad?
Next by thread: [Full-disclosure] MS06-019 - How long before this develops into a self propagating email worm
Index(es):
- Date
- Thread