-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 30/04/14 17:30, valdis.kletni...@vt.edu wrote:
> ...
> Anybody got recommendations on how to make sure the company you engage
> for the audit ends up sending you critters that actually have a clue? (Not
> necessarily PCI, but in general)
If more au
Well,
Right now, 1/2 my day$ are spend doing PCI auditing, technical side,
not as a QSA.
There is not shortage of horror stories about my customers previous
QSA...
Best one to date... Firewalling the FC SANs from the pool of
VMWares servers.
Bill & Telnet...
I hope
On Thu, May 1, 2014 at 6:29 AM, Alain Hebert wrote:
> Bill & Telnet...
>
> I hope that QSA didn't let you keep that telnet facing any
> public interface without any protection.
Hi Alain,
The point I made, successfully, was that it was outside the firewall
hence out of scope for the a
Bill - anything that puts another routable network alongside of the card
processing info is in scope. The real; issue is that the PCI-SSC decided
to formally create a policy to hold the auditors harmless in their
actions and that is about to change.
Todd
On 5/1/2014 8:52 AM, William Herrin w
On May 1, 2014, at 2:01 AM, John Souter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 30/04/14 17:30, valdis.kletni...@vt.edu wrote:
>> ...
>> Anybody got recommendations on how to make sure the company you engage
>> for the audit ends up sending you critters that actually hav
On 01/05/14 17:41, Owen DeLong wrote:
> The problem with this theory is that if auditors can be so easily put to the
> street, you run into the risk of auditors altering behavior to increase
> customer
> satisfaction in ways that prevent them from providing the controls that are
> the
> reason au
On May 1, 2014, at 11:07 AM, John Souter wrote:
> On 01/05/14 17:41, Owen DeLong wrote:
>> The problem with this theory is that if auditors can be so easily put to the
>> street, you run into the risk of auditors altering behavior to increase
>> customer
>> satisfaction in ways that prevent the
Hey,
I worked for them (AA) in the early 90's =D
-
Alain Hebertaheb...@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443
On 05/01/14 1
Can someone from YouTube/Google give me a shout off list? The HTML5 player
is getting a "204 No Content" error when it sends the stream request via
IPv6...but works fine on IPv4.
Confirmed from multiple locations in the US.
Specifically:
- 2001:4860:400b:c01::64 returns a 204
- 2607:f8b0:4002:10::8 is about 50/50 between a 204 and 200
On Thu, May 1, 2014 at 3:55 PM, Blair Trosper wrote:
> Can someone from YouTube/Google give me a shout off list? The HTML5
> player is getting a "204 No Content" error when it sends
On 4/29/2014 10:54 PM, Jeff Kell wrote:
Yeah, just when we thought Slammer / Blaster / Nachi / Welchia / etc /
etc had been eliminated by process of "can't get there from here"... we
expose millions more endpoints...
/me ducks too (but you know *I* had to say it)
Slammer actually caused many
Care to comment on how you feel about the COI that developed between AA
Consulting business at Enron and AA auditing Enron?
Not asking you to disclose anything confidential, but if you have wisdom to
impart about any sort of generic lessons learned, etc. that might be relevant
to this discussio
On 14-05-01 14:34, Owen DeLong wrote:
> Believe me, I cringe every time I hear “our auditors require NAT as a
> security mechanism”
Pardon my ignorance here. But in a carrier-grade NAT implementation that
serves say 5000 users, when happens when someone from the outside tries
to connect to port
On 5/1/2014 7:10 PM, Jean-Francois Mezei wrote:
Pardon my ignorance here. But in a carrier-grade NAT implementation that
serves say 5000 users, when happens when someone from the outside tries
to connect to port 80 of the shared routable IP ? you still need to
have explicit port forwarding to
On May 1, 2014, at 4:10 PM, Jean-Francois Mezei
wrote:
> Pardon my ignorance here. But in a carrier-grade NAT implementation that
> serves say 5000 users, when happens when someone from the outside tries
> to connect to port 80 of the shared routable IP ?
More to the point, your trust boundar
On Fri, May 2, 2014 11:57 am, Fred Baker (fred) wrote:
>
> On May 1, 2014, at 4:10 PM, Jean-Francois Mezei
> wrote:
>
>> Pardon my ignorance here. But in a carrier-grade NAT implementation that
>> serves say 5000 users, when happens when someone from the outside tries
>> to connect to port 80 of t
On May 1, 2014, at 4:57 PM, Fred Baker (fred) wrote:
>
> On May 1, 2014, at 4:10 PM, Jean-Francois Mezei
> wrote:
>
>> Pardon my ignorance here. But in a carrier-grade NAT implementation that
>> serves say 5000 users, when happens when someone from the outside tries
>> to connect to port 80
17 matches
Mail list logo
