FOAK: An interesting little challenge

Highly developed desire for sleep

--
Catman MIB#14 SKoGA#6 TEAR#4 BOTAFOF#38 Apostle#21 COSOC#3
Tyger, Tyger Burning Bright (Remove rust to reply)
116 Giulietta 3.0l Sprint 1.7 GTV TS GT 3.2 V6
Triumph Sprint ST 1050: It's blue, see.
#www.cuore-sportivo.co.uk

 

Uh? If there are command line options how hard could it be to knock up a
menu script?

I expect by the end of 2011 I'll know more about SCO than I want to, as
I'm supposed to be "making some systems PCI 11.5 compliant".


Somebody we deployed some data loss software for hacked the eval license
into a permie license that passed the MD5 hash check (due to vendor
delays in shipping the proper license). Neither I nor the vendor have
any clue how he did it.

 

Welcome to the heat death of the universe

--
Catman MIB#14 SKoGA#6 TEAR#4 BOTAFOF#38 Apostle#21 COSOC#3
Tyger, Tyger Burning Bright (Remove rust to reply)
116 Giulietta 3.0l Sprint 1.7 GTV TS GT 3.2 V6
Triumph Sprint ST 1050: It's blue, see.
#www.cuore-sportivo.co.uk

 

Using the patented Mavis Beacon "Hunt&Peck" Technique, Mike Buckley

Several hundred options, access level control, etc, etc. It's a pain,
and we don't want to spend time and money on an unsupported system. At
the same time we don't want to piss punters off.

 

Install tripwire, retreat to safe distance, drink beer.

 

Nope, Tripwire doesn't support SCO - well not directly. In fact none of
the vendors we're looking at do, there are various fiddles around
virtual agents and monitoring via shares or remote access but they'll
all require me gaining some understanding of SCO.

 

Oh dear.

I had three hours in a meeting about PCI compliance earlier. It made me
wish I was dead.

 

<nod>

Fortunately I only run up against File Integrity Monitoring and Logging
requirements, neither of which are too taxing, well, not until you run
up against SCO, IBM 4690 and various other systems that don't support
agent installs.

 

Are you lot in the UK starting to take PCI seriously? In France, people still
ain't interested as yet. The fact that the Bank of France protects all
transactions (electronic or otherwise) has something to do with it. It's still
not taken off in quite a few other European countries either.

Saying that, quite a few of the products my Co sells are now being developed
with PCI compliance in mind (specifically DSS, IIRC).

 

Short answer "Yes". I know of cases where credit card companies are
threatening to withdraw services unless PCI requirements are met (or at
least shown to be on track).

We've got more compliance work than we can cope with, unfortunately
there's a big skills shortage in this area, so not only are we stacked
out but we can't recruit anybody to hit the ground running. Good from
an employee point of view though

 

You wish. /me is off next year to be PCI certified, or whatever it is.

--
Catman MIB#14 SKoGA#6 TEAR#4 BOTAFOF#38 Apostle#21 COSOC#3
Tyger, Tyger Burning Bright (Remove rust to reply)
116 Giulietta 3.0l Sprint 1.7 GTV TS GT 3.2 V6
Triumph Sprint ST 1050: It's blue, see.
#www.cuore-sportivo.co.uk

 

Our clients are required to be compliant, and they are beginning to ask
us some pointed questions.

--
Catman MIB#14 SKoGA#6 TEAR#4 BOTAFOF#38 Apostle#21 COSOC#3
Tyger, Tyger Burning Bright (Remove rust to reply)
116 Giulietta 3.0l Sprint 1.7 GTV TS GT 3.2 V6
Triumph Sprint ST 1050: It's blue, see.
#www.cuore-sportivo.co.uk

 

Recommendations for training?

--
Catman MIB#14 SKoGA#6 TEAR#4 BOTAFOF#38 Apostle#21 COSOC#3
Tyger, Tyger Burning Bright (Remove rust to reply)
116 Giulietta 3.0l Sprint 1.7 GTV TS GT 3.2 V6
Triumph Sprint ST 1050: It's blue, see.
#www.cuore-sportivo.co.uk

 

Is the email address in your header valid?

 

As I understand it, Visa and Mastercard focus their attention on those
territories where credit card fraud is most rife. Which is, primarily,
the US and UK. As those territories are locked down via enforcement of
PCI compliance, the fraud targets head east. So, while France and Spain
may not go long on PCI compliance as yet, that'll almost certainly
change over time.

To be fair, most of what's required is just best practice, and it only
really matters for systems and devices that have access to in-the-clear
card details, so it's not like every single system has to be compliant.

But it's a big pain in the backside making the ones that do, be.

 

I do the overall architecture, so have to make sure every relevant link
in the chain is compliant. Firewalls, load balancers, storage, servers,
the whole lot.

Shoot me.

 

We've got experts in the field too, so if you need any subcontracting work,
lemme know.

 

You're quite right. It's taking bloody ages though. I reckon it'll take a
European directive before people pull their fingers out.

Not sure I've understood totally. Basically anything (network, hardware or
software) that has an electronic transaction associated with it needs to be
compliant.

Tell me about it. Where you'd expect some retailers in France to be level 1,
they're not; as they're franchises and would never hit the number of
transactions required to be level 1. From a professional viewpoint, even though
a lot of the retailers aren't too bothered over here, there has been occasional
spurts of interest from some of the international retailers.

 

You're going to be encrypted? Cool.

 

Subcontract it out to SWK. It's too much grief doing it yourself.