LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

February 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS February 2014

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Exchange server alternative?
From:	ToddAndMargo <[log in to unmask]>
Reply To:	ToddAndMargo <[log in to unmask]>
Date:	Sat, 8 Feb 2014 17:02:47 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (67 lines)

On 02/08/2014 07:15 AM, Eero Volotinen wrote:
>
>
>
>
>     Also, he stores credit card information on his workstations
>     and server.  (PCI would freak out.)
>
>
> http://www.merchantuniversity.org/101-education/security-pci-101/pci-compliance-fines.aspx
>
> Please report this client to VISA.
>
> --
> Eero

Hi Eero,

You could always do it for me.  Tell them everyone, except
one or two in the entire state of Nevada has blown off
PCI.  It is the law in Nevada too.  First state to pass it.

I only have one client that follows the PCI paper chase.
The rest, when they get a hold of all the hoops, simply
pencil whip it.  It is less costly to risk a possible
breach and go into bankruptcy then jump through all the
impossible hoops, which are so designed that they never
will be able to pass an audit anyway.  So why jump through
the hoops?

Keep in mind that the largest exploit is the human
factor (human engineering viruses).  There is only
one question on the PCI questionnaire about it (employee
education).  There a hundreds of questions/hoops that
will be of very, very little help (but lots of expense).
Not all of them, fortunately.  PCI is all about shifting
liability to the merchant.

Now when I said "stores credit card data on their computers",
don't be confused.  They are indeed talking about the eventual
destination, but they are also talking about every step
in the path getting there.  So, if you enter a credit card
using a keyboard, a card swiper (also a keyboard), a
scanner, etc., the number is stored in memory in the operating
system well before it gets to its eventual destination.  As
these locations in memory are known locations and can be
harvested with a memory scrubber (the Target exploit) and/or
a keystroke logger, you "are" indeed storing them on your
computer.

Funny, on they link you sent, they kept mixing up "breached"
and "breeched".  "Breeched" is your rear end.  (Not that "I"
ever misspell anything!  Hey!  I went to publik skool.)

-T

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV