[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds

To: Christian Sciberras <uuf6429@xxxxxxxxx>
Subject: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
From: Shaqe Wan <sha8e@xxxxxxxxx>
Date: Mon, 26 Apr 2010 06:02:48 -0700 (PDT)

Christian,

Did you read my first post? 

((( IMO, PCI is not that big security policy, but without it your not able to 
use the credit card companies gateway. Ithink its just the basics that any 
company dealing with CC must implement. Because it shall be nonsense to deal 
with CC, and not have an Anti-virus for example !! )))


I am not stating that PCI is good in no way, but I am saying that its a MUST 
for companies dealing with CC. And in a windows environment, an AV is 
important. 

He probably thought that I am with the rules of PCI, or that I don't have any 
idea that the world is not just WINDOWS !!!

Regards,



________________________________
From: Christian Sciberras <uuf6429@xxxxxxxxx>
To: Shaqe Wan <sha8e@xxxxxxxxx>
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Sent: Mon, April 26, 2010 3:54:20 PM
Subject: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds

Why exactly are you complying with Nick's statements? I would have thought you 
guys were arguing against said statements?


By the way, requirement #6 is particularly funny; it sounds peculiarly 
redundant to me...

Cheers.





On Mon, Apr 26, 2010 at 7:34 AM, Shaqe Wan <sha8e@xxxxxxxxx> wrote:


>
>Nick,
>
>Please if you don't know what the standards are, please read:
>
>https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml
>
>See Requirement  #5. Read that requirement carefully and its not bad to read 
>it twice though in case you don't figure it out from the first glance !
>
>Also, I said that using an AV is some basic thing to do in any company that 
>wants to deal with CC, its a
> basic thing for even companies not dealing with CC too !!! Or do you state 
> that people must use a BOX with no AV installed on it? If you believe in that 
> fact? Then please request a change in the PCI DSS requirements and make them 
> force the usage of a non Windows O.S, such as any *n?x system.
>
>Finally, the topic here is not about "default allow vs default deny" and if
> I understand what that is or not! You can open a new discussion about that, 
> and I shall join there and discuss it further with you, in case you need some 
> clarification regarding it.
>
>Regards,
>Shaqe
>
>
>--- On Sun, 4/25/10, Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx> wrote:
>
>
>>From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
>>>>Subject: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
>>To: full-disclosure@xxxxxxxxxxxxxxxxx
>>Date: Sunday, April 25, 2010, 1:57 PM
>>
>>
>>Shaqe Wan wrote:
>>
>><<snip>>
>>> Because it shall be nonsense to deal with CC, and not have an Anti-virus 
>>> for example !!
>>
>>Well, you see, _that_ is abject nonsense on its face.
>>
>>Do you have any understanding of one of the most basic of security 
>>issues -- default allow vs.
>> default deny?
>>
>>There are many more secure ways to run systems _without_ antivirus 
>>software.
>>
>>
>>Anyone authoritatively stating that antivirus software is a necessary 
>>component of a "reasonably secure" system is a fool.
>>
>>Anyone authoritatively stating that antivirus software is a necessary 
>>
>>component of a "sufficiently secure" system is one (or more) of; a 
>>fool, a person with an unusually low standard of system security, or a 
>>>>shill for an antivirus producer.
>>
>>
>>So _if_, as you and another recent poster strongly imply, the PCI 
>>standards include a specific _requirement_ for antivirus software, then 
>>the standards themselves are total nonsense...
>>
>>
>>
>>
>>Regards,
>>
>>Nick FitzGerald
>>
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>> 
>
>
>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
  - From: Christian Sciberras
- Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
  - From: Pieter de Boer
- Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
  - From: Michel Messerschmidt

References:
- Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
  - From: Shaqe Wan
- Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
  - From: Christian Sciberras

Prev by Date: [Full-disclosure] [USN-931-2] FFmpeg regression
Next by Date: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
Previous by thread: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
Next by thread: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
Index(es):
- Date
- Thread