[lug] Letting folks pay from the web.
Bear Giles
bgiles at coyotesong.com
Tue Feb 2 14:49:48 MST 2010
On Tue, Feb 2, 2010 at 2:11 PM, Maxwell Spangler <
maxlists at maxwellspangler.com> wrote:
> After doing such, we went to the web site of a company that does PCI
> compliance to perform a web-based self-assessment. The website remotely
> did an nmap style scan of our IP address to determine if we had ports
> and services open and several firewalls I installed allowed us to pass
> that easily. As Landon suggests above, other requirements were vague
> and not very challenging. We answered a variety of questions like "What
> version of MICROS are you using" (which they verified was now secure),
> "Do you have firewalls on your network", and "Do you have anti-virus
> software installed."
>
Online merchants are easy. It's a lot more extensive if you're dealing with
retailers and restaurants, esp. the national chains. Think TJ Maxx with the
POS terminals, a couple systems supporting POS and inventory and a
printer/fax machine in the back. Sounds simple but most of them had
insecure wifi setups and were compromised by somebody sitting in a car in
the parking lot.
E.g., I remember one question that came up recently was what to do about a
printer that was running an embedded version of (samba? cups?). There was a
known vulnerability but the printer couldn't be updated. Would they have to
replace the printer? A compromised network printer is still attached to the
network and could be turned into a packet sniffer with the right software.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20100202/e7dc92a4/attachment.html>
More information about the LUG
mailing list