Wednesday 24 September 2014

Fun with PCI DSS

Once again, some meddling children have discovered an obscure bug in SSL that could mean a data leakage. So I (and umpteen million other people) are suddenly not compliant woth the PCI DSS (payment card industry data security standard) and I have to update my software.

This time, it went easily. I downloaded, compiled and installed the latest version of SSL, recompiled apache, restarted apache, got the server retested and all is now cool. We're compliant. I would guess that 99% of all other servers, are not compliant, I would further guess that more than 90% won't be compliant by Christmas.

If it weren't for those meddling children, I would never have known.

And oh what fun! Version 3.0 of the PCI DSS will go into effect on January 1 2015.

Meanwhile, back in reality. A Verizon report says that in 2013, 89% of companies are not PCI DSS compliant.

No comments:

Post a Comment