[funsec] Former Hannaford CIO: Avoid Microsoft and Change PCI'sEncryption Rule s
AlexE at sunbelt-software.com
Fri Jul 11 08:37:45 CDT 2008
Retailers have problems with secuirity? Naaahhh
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org]
On Behalf Of Paul Ferguson
Sent: Friday, July 11, 2008 2:00 AM
To: funsec at linuxbox.org
Subject: [funsec] Former Hannaford CIO: Avoid Microsoft and Change
PCI'sEncryption Rule s
-----BEGIN PGP SIGNED MESSAGE-----
Bill Homa, who just stepped down July 1 as the CIO for the 165-store
Hannaford grocery chain, considers Microsoft's OS to be "so full of
and describes the fact that current PCI regs do not require end-to-end
encryption as "astonishing."
But Homa's key point is that most retailers handle security backwards:
Don't pour everything in protecting the frontdoor. Assume they'll get
through and have a plan to control them once they're inside.
One of the most frustrating IT security realities in retail today is the
quintessential oxymoron: the more serious the CIO is about keeping data
secure and the more sophisticated a defense is deployed, the more points
of vulnerability emerge.
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
-----END PGP SIGNATURE-----
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
Fun and Misc security discussion for OT posts.
Note: funsec is a public and open mailing list.
More information about the funsec