[funsec] Former Hannaford CIO: Avoid Microsoft and Change PCI'sEncryption Rule s

Alex Eckelberry AlexE at sunbelt-software.com
Fri Jul 11 08:37:45 CDT 2008


Retailers have problems with secuirity?  Naaahhh


-----Original Message-----
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org]
On Behalf Of Paul Ferguson
Sent: Friday, July 11, 2008 2:00 AM
To: funsec at linuxbox.org
Subject: [funsec] Former Hannaford CIO: Avoid Microsoft and Change
PCI'sEncryption Rule s

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via StorefrontBacktalk.

[snip]

Bill Homa, who just stepped down July 1 as the CIO for the 165-store
Hannaford grocery chain, considers Microsoft's OS to be "so full of
holes"
and describes the fact that current PCI regs do not require end-to-end
encryption as "astonishing."

But Homa's key point is that most retailers handle security backwards:
Don't pour everything in protecting the frontdoor. Assume they'll get
through and have a plan to control them once they're inside.

One of the most frustrating IT security realities in retail today is the
quintessential oxymoron: the more serious the CIO is about keeping data
secure and the more sophisticated a defense is deployed, the more points
of vulnerability emerge.

[snip]

More:
http://storefrontbacktalk.com/story/071108homa

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIdvbwq1pz9mNUZTMRApgsAKDlDkp5kdPjRIVIxqx81RMRvJTH0ACeJ95Q
wTtu/veg+jTQTJY1fJ/ETmw=
=2PZw
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet  fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



More information about the funsec mailing list