[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
You should have a Modem type Card reader.... They want me to show we are "PCI" Compliant before removing the "Non Compliance Fines" from my bill??? How safe is a Modem calling their server? not my problem it's their kit I rent so why the Fines? and Don't ask about "Customer Not Present"!! On Thu, 2010-03-18 at 11:30 +0000, Gordon Henderson wrote: > Any webby hostys here put their sites through this whole PCI testing > thing? > > My of my clients just did without mentioning it to me, then are jumping up > and down because it unsurprisingly failed... > > However, while I can push all the buttons to make the testing house happy > (well most of them - they're whinging about some "possible" SQL injections > that the client's own code is responsible for), I feel that they're > missing a few vital things - the site is on a shared server and although > it has it's own IP address (ssl site), there are dozens of other sites > there too - so having an open FTP server scores 3 points - sure, I could > block it for their own IP address, but it still leaves it open on the > 'base' server and all other sites. > > Same for other trivial things like POP and so on. > > One annoying thing it failed on was not having a virus checker - they sent > EICARs to postmaster@it and expected it to fail - well, it won't as it > doesn't have a virus checker, it's a Linux host (which they correctly > identified!) > > And interestingly, reading the documentation the client sent me, it seems > that they (the testing house) wanted me to remove all firewalling and > allow full access from the testing houses IP range before they started the > test!) > > So it seems to me that this whole PCI testing thing is really a pile of > junk, and people are paying good money for a 'scan' which really isn't > showing anything significant at all... Or even if it pases, then the > server itself is still not "secure" as it's hosting other sites, etc. > > So where can I sign up to be a PCI testing house??? > > Gordon > Regards Kevin Lucas Minions Post Master(Sub) Po House, Minions, Liskeard Cornwall PL14 5LE 01579363386 -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html