Mika Rautio<p>PCI PTS 7.0 standard has been released. It is the de facto standard for payment terminals and their security requirements.</p><p>As a new requirement, third-party applications (e.g., appstore model) will be allowed. It's interesting to see how this affects use-cases and risks of payment terminals in the future as there will be more software available.</p><p><a href="https://infosec.exchange/tags/pcidss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pcidss</span></a> <a href="https://infosec.exchange/tags/pcipts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pcipts</span></a> <a href="https://infosec.exchange/tags/paymentterminals" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>paymentterminals</span></a></p>
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
269active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0
#pcidss
0 posts · 0 participants · 0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://toot.io/@hisold" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>hisold</span></a></span> My bank stopped issuing <a href="https://infosec.space/tags/girocard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>girocard</span></a> cards with <a href="https://infosec.space/tags/magstrip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>magstrip</span></a> 10+ years ago as magstrip was phased out and <a href="https://infosec.space/tags/NFC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NFC</span></a> was phased in as well as <a href="https://infosec.space/tags/PSD1" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD1</span></a> being introduced.</p><ul><li>Even before that merchants rarely accepted magstrips and those who did asked for <a href="https://infosec.space/tags/ID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ID</span></a> as soon as purchases [i.e. fuel at a gas station) exceeded like €100 because unlike <a href="https://infosec.space/tags/Chip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chip</span></a> + <a href="https://infosec.space/tags/PIN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PIN</span></a> the payment processor does not guarantee them that the payment will be accepted and the amount guaranteed.</li></ul><p>That's the main push factor: Alongside lower processing fees and faster processing, the Chip+PIN & <a href="https://infosec.space/tags/NFC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NFC</span></a> systems actually request a blockage of the amount and will automatically decline without incuring fees if the balance / limit is below that amount - sometimes even before the PIN has been entered (it'll just not show it until the PIN is entered so fraudsters can't just abuse this as a means to check balance.</p><ul><li>There's a nice <a href="https://www.youtube.com/watch?v=eFYrboLEx2I&t=2043" rel="nofollow noopener" target="_blank">podcast</a> with <a href="https://infosec.space/tags/JohnBoseak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JohnBoseak</span></a> where he explains how stuff used to [and allegeldy still does] work in the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA</span></a> re: <a href="https://infosec.space/tags/CreditCards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CreditCards</span></a>. Given that I worked for a <a href="https://infosec.space/tags/PaymentProcessor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PaymentProcessor</span></a> in the past this is some basic knowledge re: <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a>, because one needs to understand how stuff like CNP (<em>"Card not Present"</em>) works and how the system is architected to the point that even if someone were to hack the database of said payment processor, they'd never find any CCs or the CVVs stored there <em>at all</em>. </li></ul><p>It's also insightful because <a href="https://infosec.space/tags/fraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fraud</span></a> would be way more rampant if the card issuer, payment processor and card system operator [i.e. AMEX, VISA, MasterCard] didn't all run their own AFE [Anti-Fraud Engine] each automatically assessing risks within less than a second for every transaction.</p><ul><li>That's why one can get their <a href="https://infosec.space/tags/CC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CC</span></a> blocked when using a <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a> and why fraudsters need the location of their victims because if I had a CC and used it regularly and someone were to try to swipe a skilled copy of that at a Walmart or Best Buy on the East Coast of the USA less than 24 hours of my last use in Germany, that would automatically get declined as fraud and the person at the cashier will call security because noone is travelling that quickly that far.</li></ul><p>But that's just some cold OSINT based off <a href="https://infosec.space/tags/TechSupport" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechSupport</span></a> and peeking behind the curtains professionally...</p><ul><li>There's way more but I can't go into details on that. </li></ul><p>Rest assured if you have a CC you can be as certain that someone tried to abuse it as I'm certain my bank blocked fraudulent money orders against my account because of AFEs working - it's just > 99% of all fraud attempts get blocked instantly and merchants rate-limited or kicked off the system when they do something suspicious.</p><ul><li>Same reason why one can't frame someone for a crime by just wiring obviously illicit funds to their account: AML (Anti-Money Laundering) will catch that and unless the account holder were to ask "Where's the money/transaction?" <a href="https://infosec.space/tags/FinCEN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FinCEN</span></a> et. al. won't even bother calling the account holder up simply because <em>"oops I wired money to the wrong account. Can you please send it back?"- <a href="https://infosec.space/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>scam</span></a></em> is a well-known method to turn unsuspecting people into money launderers.</li></ul><p>So yeah, that <em>"<a href="https://infosec.space/tags/magstrip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>magstrip</span></a>"</em> may be just lacquer but unless it's specifically advertised otherwise only holds the CC & CVV as well as <a href="https://www.youtube.com/watch?v=UHSFf0Lz1qc&t=320" rel="nofollow noopener" target="_blank">service codes</a> [i.e. chip+pin only] to tell the terminal <em>"Don't accept magstrip, mandate Chip+PIN"</em>]...</p><ul><li>Outside the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA</span></a>, this is the norm due to <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> exceeding <a href="https://infosec.space/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a> by quite a lot!</li></ul><p>Only <em>underdeveloped</em> countries like the <a href="https://infosec.space/tags/US" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>US</span></a> still use <a href="https://infosec.space/tags/Magstrips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Magstrips</span></a> and <a href="https://infosec.space/tags/credit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credit</span></a> and not Chip+PIN & <a href="https://infosec.space/tags/debit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>debit</span></a>!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.net2o.de/@forthy42" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>forthy42</span></a></span> doof nur dass es keine Alternativen abselts von <a href="https://infosec.space/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a>, <a href="https://infosec.space/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibreSSL</span></a> & <a href="https://infosec.space/tags/NSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSS</span></a> gibt - und wer <a href="https://infosec.space/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a> erfüllen muss, ist auf zertifizierte Binaries angewiesen!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mas.to/@spacewizard" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>spacewizard</span></a></span> <span class="h-card" translate="no"><a href="https://social.hackerspace.pl/@viq" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>viq</span></a></span> or being subject to <a href="https://infosec.space/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a>, <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GDPR</span></a>, <a href="https://infosec.space/tags/HIPAA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HIPAA</span></a> or <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BDSG</span></a> by intent or accident...</p>
Andrew 🌻 Brandt 🐇<p><a href="https://infosec.exchange/tags/Paypal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Paypal</span></a> is changing its privacy policy. If you have an account, here's what you need to do:</p><p>✅ Log in (you *are* using TOTP multifactor authentication, right?)<br>✅Click the Gear icon in the upper right corner.<br>✅Click "Data & Privacy"<br>Follow the link under that category to "Personalized Shopping"<br>✅Click the slider switch to disable data sharing with advertisers and retailers based on your purchase history.</p><p><a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://infosec.exchange/tags/dataprivacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dataprivacy</span></a> <a href="https://infosec.exchange/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a> <a href="https://infosec.exchange/tags/userprivacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>userprivacy</span></a> <a href="https://infosec.exchange/tags/venmo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>venmo</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.nz/@janef0421" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>janef0421</span></a></span> <span class="h-card" translate="no"><a href="https://tldr.nettime.org/@tante" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tante</span></a></span> yes, and I can attest that having regulators <em>breathe down the neck</em> of a company with the power to essentially <em>force them out of business due to license revocation</em> is the only way shit got improved.</p><ul><li>That's why the only <em>"<a href="https://infosec.space/tags/DataSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataSecurity</span></a>"</em> standards in the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA</span></a> [<em>outside the MIL/INTEL complex</em>] - <a href="https://infosec.space/tags/HIPAA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HIPAA</span></a> & <a href="https://infosec.space/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a> - got adopted.</li></ul><p>Because there [<em>de-facto</em>-] regulators say: <em>"You WILL implement THIS!"</em> and are <em>absolutely unwilling</em> to negotiate!</p><p><a href="https://infosec.space/@kkarhan/113880703925006779" translate="no" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.space/@kkarhan/1138807</span><span class="invisible">03925006779</span></a></p>
Mika Rautio<p>5 million U.S. credit cards and personal details leaked online via an unsecured Amazon S3 bucket</p><p><a href="https://leakd.com/leaks/christmas-at-risk-for-millions-of-americans-as-credit-card-details-leaked/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">leakd.com/leaks/christmas-at-r</span><span class="invisible">isk-for-millions-of-americans-as-credit-card-details-leaked/</span></a></p><p><a href="https://infosec.exchange/tags/pcidss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pcidss</span></a> <a href="https://infosec.exchange/tags/payments" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>payments</span></a> <a href="https://infosec.exchange/tags/fraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fraud</span></a></p>
Gary Parker :party_porg:<p>Has anyone working with <a href="https://cyberplace.social/tags/msTeams" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>msTeams</span></a> and <a href="https://cyberplace.social/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a> managed to convince a credit card company that the public key encryption used to secure <a href="https://cyberplace.social/tags/teamsVoice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>teamsVoice</span></a> calls is suitable to exempt a corporate network from being in-scope when taking CHD over a telephone call?</p><p><a href="https://www.pcisecuritystandards.org/faq/articles/Frequently_Asked_Question/is-voip-in-scope-for-pci-dss/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pcisecuritystandards.org/faq/a</span><span class="invisible">rticles/Frequently_Asked_Question/is-voip-in-scope-for-pci-dss/</span></a></p><p><a href="https://cyberplace.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://cyberplace.social/tags/finance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>finance</span></a> <a href="https://cyberplace.social/tags/pci" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pci</span></a> <a href="https://cyberplace.social/tags/dss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dss</span></a> <a href="https://cyberplace.social/tags/pki" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pki</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.heiber.im/@moritz" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>moritz</span></a></span> the fact that your bank even has a password lenght limitation is a clear indicazor they violate <a href="https://infosec.space/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a> and store <a href="https://infosec.space/tags/plaintext" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>plaintext</span></a> passwords...</p><ul><li>Just saying so as IT spechalist and someone who worked at enough firms to know this fact.</li></ul>
Mika Rautio<p>Payment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals. The company says that hackers had access to its network for nearly a year, between August 2023 and June 2024.</p><p><a href="https://www.bleepingcomputer.com/news/security/payment-gateway-data-breach-affects-17-million-credit-card-owners/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/payment-gateway-data-breach-affects-17-million-credit-card-owners/</span></a></p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/pcidss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pcidss</span></a> <a href="https://infosec.exchange/tags/slimcd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>slimcd</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GrapheneOS</span></a></span> +9001%</p><p>The sheer amount of <em>liabilities</em> if not legal through <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GDPR</span></a> & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BDSG</span></a>, but indirectly through.mandated <a href="https://infosec.space/tags/standards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>standards</span></a> like <a href="https://infosec.space/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a> & <a href="https://infosec.space/tags/PSD2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSD2</span></a> are the reason one should avoid storing them at all costs!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://zug.network/@Zugschlus" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Zugschlus</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@Cappyjax" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Cappyjax</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.radio/@WB2EEE" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>WB2EEE</span></a></span> <span class="h-card" translate="no"><a href="https://donotsta.re/users/elly" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>elly</span></a></span> well, I'd rather not take or stay in a job than commit what I call <em>"Professional <a href="https://infosec.space/tags/Malpractice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malpractice</span></a>"</em>!</p><ul><li>I know this makes me an outlier, but the fact that I did my job so well that everything I deployed runs like clockwork to this day amd that I'm not short of offers tells me that being a <em>honest <a href="https://infosec.space/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sysadmin</span></a></em> is the way to go morally instead of being a <a href="https://infosec.space/tags/bootlicker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bootlicker</span></a>!</li></ul><p>Again: We have this entire shitshow because we allow <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterates</span></a> and other dipshits to make up regulations on the spot.</p><ul><li>Also yes, there are means to harden <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> on Sesktops amd Servers beyond the already existing <a href="https://infosec.space/tags/CommonCriteria" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CommonCriteria</span></a> and <a href="https://infosec.space/tags/CIS2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CIS2</span></a> as well as beyond <a href="https://infosec.space/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a> compliance and good Distros will even offer a warranty and assurance for that directly - something <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> just won't do for <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> no matter the amount of money one shoves down their throat!</li></ul><p>The fact that we even allow that <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Govware</span></a> and <a href="https://infosec.space/tags/Scareware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Scareware</span></a> [to even exist, espechally] in <a href="https://infosec.space/tags/CriticalInfrastructure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CriticalInfrastructure</span></a> when in <em>both</em> cases their <a href="https://infosec.space/tags/EULA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EULA</span></a> explicitly bans that use-case is a testiment for the false priorities of regulators and their rules.</p><ul><li>So yeah, if a concrete-headed <a href="https://infosec.space/tags/TechIlliterate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterate</span></a> wants that they can have it - but not from or with me!</li></ul><p>And then they all whine about why noone wants to work for them... What a shitshow.</p> <p>Tell you what, I'd rather <a href="https://zug.network/@Zugschlus/112822635158064785" rel="nofollow noopener" target="_blank">welcome such meetings</a>, because the last time some CEO did that (with an absurd office mandate forcing a colleague into a 500km [one-way!] commute twice a week) they basically mobbed out the two best colleagues I had and subsequently imploded the Linux Infrastructure team.</p><ul><li>Last time I checked that company hadn't filled the vacancies and once Recruiters hear the story, they tend to fire said company as a client.</li></ul><p><a href="https://infosec.space/tags/Sarcasm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sarcasm</span></a> <a href="https://infosec.space/tags/venting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>venting</span></a> <a href="https://infosec.space/tags/CrowdStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CrowdStrike</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://tailswish.industries/users/lightspill" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lightspill</span></a></span> Personally, I think that depends...</p><p>Certain things are matters of taste (i.e. <a href="https://infosec.space/tags/vi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vi</span></a>, <a href="https://infosec.space/tags/vim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vim</span></a>, <a href="https://infosec.space/tags/neovim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>neovim</span></a>, <a href="https://infosec.space/tags/nano" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nano</span></a>, <a href="https://infosec.space/tags/ne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ne</span></a> or <a href="https://infosec.space/tags/kilo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kilo</span></a> as <a href="https://infosec.space/tags/editors" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>editors</span></a>) and certain things are just objectively correct things to do (i.e. <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME encryption on <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eMail</span></a>, using <a href="https://infosec.space/tags/MutiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MutiVendor</span></a> & <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> <a href="https://infosec.space/tags/OpenStandads" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenStandads</span></a> instead of <a href="https://infosec.space/tags/proprietary" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proprietary</span></a> <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleVendor</span></a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleProvider</span></a> <em>"solutions"</em>...)</p><ul><li>But as <span class="h-card" translate="no"><a href="https://indieweb.social/@tantacrul" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tantacrul</span></a></span> once said: <em>"It's okay to be wrong!"</em> </li></ul><p>As a <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> & <a href="https://infosec.space/tags/Unix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Unix</span></a>-esque <a href="https://infosec.space/tags/Sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sysadmin</span></a> I'd rather be disliked as <a href="https://infosec.space/tags/BenevolentDictator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BenevolentDictator</span></a> than to deliver or even maintain subpar, substandard, insecure and unmaintainable solutions, because like an <a href="https://infosec.space/tags/electrician" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>electrician</span></a>, people / businesses or rather clients / employers expect me to plan and deliver solutions that are <em>'up to code'</em> and by <em>'code'</em> I mean the relevant laws and standards ranging from <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GDPR</span></a> & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BDSG</span></a> to <a href="https://infosec.space/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a> & <a href="https://infosec.space/tags/BSI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSI</span></a>... </p><ul><li><em>EVERYTHING ELSE is secondary!</em></li></ul>
Neil Craig<p>Does anyone know if a website which does not take payment details itself but links to one (separate domain & operator) which does (and is therefore somewhat related) is subject to PCI DSS compliance?<br>Feels weird if it would be, as that could mean that search engines etc. were subject to PCI DSS.<br><a href="https://mastodon.social/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@Em0nM4stodon" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Em0nM4stodon</span></a></span> it is basically <em>illegal</em> in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Germany</span></a> because not only would it require one to have written <a href="https://infosec.space/tags/consent" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>consent</span></a> by everyone who's featured or who's data is being processed but also one cannot comply effectively with <em>"requests for correction or deletion.of data"</em> so it's inherently unable to comply with <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GDPR</span></a> & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BDSG</span></a>.</p><ul><li>And don't even get me started that in financial (<a href="https://infosec.space/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a>) and medical (German dataprotection exceeds <a href="https://infosec.space/tags/HIPAA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HIPAA</span></a> by a few moon orbits!) data this is essentially a no-go.</li></ul><p>I sincerely hope <span class="h-card" translate="no"><a href="https://social.bund.de/@bsi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bsi</span></a></span> and other regulators will <a href="https://infosec.space/tags/ban" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ban</span></a> <a href="https://infosec.space/tags/Recall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Recall</span></a> sooner than later even i they do not have tge balls to ban <a href="https://infosec.space/tags/Wondows11" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wondows11</span></a> or <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> in general...</p>
Jeff Man<p><span class="h-card"><a href="https://infosec.exchange/@jbhall56" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jbhall56</span></a></span> in the future (after 31 March 2025) will entities need to perform both an unauthenticated and authenticated internal vulnerability scan or just an authenticated scan according to <a href="https://infosec.exchange/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a> <a href="https://infosec.exchange/tags/v4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>v4</span></a>.0???</p>
Mike Thompson<p>Argos UK point of sale in... we I don't need to tell you. You can assume this is 'the way' across most other stores.</p><p><a href="https://infosec.exchange/tags/EPOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EPOS</span></a> <a href="https://infosec.exchange/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a></p>
Kristian Glass<p>Hi all! I'm Kristian (he/him), based in the UK</p><p>I work in <a href="https://chaos.social/tags/technical" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technical</span></a> orgs on <a href="https://chaos.social/tags/teams" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>teams</span></a>, <a href="https://chaos.social/tags/infrastructure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infrastructure</span></a>, <a href="https://chaos.social/tags/architecture" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>architecture</span></a>, <a href="https://chaos.social/tags/hiring" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hiring</span></a>, <a href="https://chaos.social/tags/people" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>people</span></a>, <a href="https://chaos.social/tags/GDPR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GDPR</span></a>, <a href="https://chaos.social/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a>, and more</p><p>I've been running <a href="https://chaos.social/tags/distributed" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>distributed</span></a> orgs since 2015 and writing <a href="https://chaos.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> on <a href="https://chaos.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> and working with <a href="https://chaos.social/tags/AWS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AWS</span></a> for even longer. I don't get to write as much <a href="https://chaos.social/tags/Haskell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Haskell</span></a> as I'd like.</p><p>I'm a <a href="https://chaos.social/tags/PSF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSF</span></a> Fellow, <a href="https://chaos.social/tags/PyConUK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyConUK</span></a> treasurer, <a href="https://chaos.social/tags/UKPythonAssociation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UKPythonAssociation</span></a> trustee, and more.</p><p><a href="https://chaos.social/tags/TransRightsAreHumanRights" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TransRightsAreHumanRights</span></a> <a href="https://chaos.social/tags/BlackLivesMatter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlackLivesMatter</span></a> <a href="https://chaos.social/tags/Inclusivity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Inclusivity</span></a> <a href="https://chaos.social/tags/introduction" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>introduction</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload