Reply to post:

Verizon: Just 25% of global businesses comply fully with the Payment Card Industry Data Security Standard


The PCI industry has only itself to blame. The bureaucratic rules are vague enough to drive a truck through, and they accept worthless trash as a security scan to certify compliance.

Want to know how to pass a Trustwave scan? Suppress web server version strings. That's it. If you let it grab the version, it'll list EVERY vulnerability against that version of the software as if you're vulnerable, never-mind whether you're running a version that's patched the vulns, the vulnerable features are all disabled, and it's duly harded. But disable the version reporting, and you can have loads of unpatched vulnerabilities and rootkits everywhere. There is no ATTEMPT to check. That would cut into their profits, which then cuts into the kickbacks...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon