Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
social.tchncs.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
A friendly server from Germany – which tends to attract techy people, but welcomes everybody. This is one of the oldest Mastodon instances.

Administered by:

Server stats:

3.8K
active users

social.tchncs.de: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#PCIDSS

0 posts0 participants0 posts today
Public
Graylog

The deadline for PCI DSS 4.0 compliance is March 31, 2025! 😮 Are you ready? 😨 Maybe you have questions about monitoring for PCI DSS 4.0 compliance? 🤔 Well, we've got answers. 😃

Get information about:
🗓️ Which updates are effective March 31, 2025 for all entities
💳 Which updates are applicable to service providers only
🔍 Monitoring, detection, and incident response for PCI DSS 4.0
...and more.

When considering PCI DSS 4.0 scope, orgs need to implement controls around the following types of account data:
👉 Cardholder Data: Primary Account Number (PAN), Cardholder Name, Expiration Date, Service Code
👉 Sensitive Authentication Data (SAD): Full track data (magnetic stripe or chip equivalent), card verification code, Personal Identification Numbers (PINs)/PIN blocks.

Learn more:
graylog.org/post/monitoring-fo #PCIDSS #payments #finserv

Public *
Andrew 🌻 Brandt 🐇

#Paypal is changing its privacy policy. If you have an account, here's what you need to do:

✅ Log in (you *are* using TOTP multifactor authentication, right?)
✅Click the Gear icon in the upper right corner.
✅Click "Data & Privacy"
Follow the link under that category to "Personalized Shopping"
✅Click the slider switch to disable data sharing with advertisers and retailers based on your purchase history.

here's what you need to do: ✅ Log in (you *are* using TOTP multifactor authentication, right?) ✅Click the Gear icon in the upper right corner. ✅Click "Data & Privacy" Follow the link under that category to "Personalized Shopping" ✅Click the slider switch to disable data sharing with advertisers and retailers based on your purchase history.
#privacy#dataprivacy#PCIDSS
Replied in thread
Public *
Kevin Karhan :verified:

@janef0421 @tante yes, and I can attest that having regulators breathe down the neck of a company with the power to essentially force them out of business due to license revocation is the only way shit got improved.

Because there [de-facto-] regulators say: "You WILL implement THIS!" and are absolutely unwilling to negotiate!

infosec.space/@kkarhan/1138807

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@tante@tldr.nettime.org problem is that almost all #employers don't want #sustainability, #accessibility and refuse to acknowledge #DueDiligence and #security as well as proper #testing and #auditing as features unless their #CLO literally threatens to resign and sue them personally. - Because #developing *properly* takes time, time equals billable personnel hours. Seen that in real life, no I cannot elaborate for legal reasons!
Public *
Gary Parker :party_porg:

Has anyone working with #msTeams and #PCIDSS managed to convince a credit card company that the public key encryption used to secure #teamsVoice calls is suitable to exempt a corporate network from being in-scope when taking CHD over a telephone call?

pcisecuritystandards.org/faq/a

PCI Security Standards Council · Frequently Asked QuestionBy mobeenx
#infosec#finance#pci
Public
ISMS-Blog

Ihr Leitfaden zu den kryptografischen Anforderungen von PCI DSS 4.0

all-about-security.de/ihr-leit

PCI DSS 4.0.1 ist die neueste Aktualisierung des Standards und ersetzt die seit 2016 geltende Version 3.2. Die Aktualisierung enthält wesentliche Änderungen, die aufgrund fortgeschrittener Cyber-Bedrohungen und komplexerer Zahlungssysteme erforderlich sind.

All About Security · Ihr Leitfaden zu den kryptografischen Anforderungen von PCI DSS 4.0 - All About SecurityDer Payment Card Industry Data Security Standard (PCI DSS) ist ein weltweit anerkannter Rahmen, der dazu dient, die Daten von Karteninhabern während der Verarbeitung, Speicherung und Übertragung durch Händler und Dienstleister zu schützen. PCI DSS legt eine Reihe strenger Sicherheitskontrollen fest, die Organisationen, die mit Zahlungskarteninformationen umgehen, umsetzen müssen, um das Risiko von Datenschutzverletzungen und unbefugtem Zugriff zu minimieren. Diese ... Read More
#ISMSBlog#PCIDSS
Replied in thread
Public *
Kevin Karhan :verified:

@Zugschlus @Cappyjax @WB2EEE @elly well, I'd rather not take or stay in a job than commit what I call "Professional #Malpractice"!

  • I know this makes me an outlier, but the fact that I did my job so well that everything I deployed runs like clockwork to this day amd that I'm not short of offers tells me that being a honest #sysadmin is the way to go morally instead of being a #bootlicker!

Again: We have this entire shitshow because we allow #TechIlliterates and other dipshits to make up regulations on the spot.

  • Also yes, there are means to harden #Linux on Sesktops amd Servers beyond the already existing #CommonCriteria and #CIS2 as well as beyond #PCIDSS compliance and good Distros will even offer a warranty and assurance for that directly - something #Microsoft just won't do for #Windows no matter the amount of money one shoves down their throat!

The fact that we even allow that #Govware and #Scareware [to even exist, espechally] in #CriticalInfrastructure when in both cases their #EULA explicitly bans that use-case is a testiment for the false priorities of regulators and their rules.

  • So yeah, if a concrete-headed #TechIlliterate wants that they can have it - but not from or with me!

And then they all whine about why noone wants to work for them... What a shitshow.

Tell you what, I'd rather welcome such meetings, because the last time some CEO did that (with an absurd office mandate forcing a colleague into a 500km [one-way!] commute twice a week) they basically mobbed out the two best colleagues I had and subsequently imploded the Linux Infrastructure team.

  • Last time I checked that company hadn't filled the vacancies and once Recruiters hear the story, they tend to fire said company as a client.
Zug.NetworkMarc Haber (@Zugschlus@zug.network)@kkarhan@infosec.space @Cappyjax@mastodon.social @WB2EEE@mastodon.radio @elly@donotsta.re If your company's policy tells you to install that stuff, then you install that stuff or are out of a job. In sad reality, auditors expect some kind of "endpoint protection" to give you the compliance certificate that the company needs, , and most companies decide to buy that instead of implementing it youself. And it is also in your "best" interest to accept that as a system administrator. If the bought software fscks up, people shrug it away and continue (including continuing to use said software). If your home-built solution fscks up, you're at least in for some very uncomfortable appointments in your own C-suite, if not immediately out of a job. That's sad reality, and I regret writing that. But.
#Sarcasm#venting#CrowdStrike
Replied in thread
Public
Kevin Karhan :verified:

@MichalBryxi yeah...

As much as I'm still angry at #Microsoft, #Apple and #Mozilla for blocking #CACert to this day, @letsencrypt is a net positive.

  • Tho I've had to deal with more "serious business" where that wouldn't cut it. #PCIDSS demands #EV-#SSL for #PaymentProcessors and that is a process in that they actually do #KYC a company and #ID #CEO & #CFO (cuz I was in charge of updating said cert and had to wait for that to complete)...

And for the upper triple digits that cert costs per year, the process went quite fast and it took like 5 mins tops.

#letsencrypt
Public *
Kevin Karhan :verified:

@lightspill Personally, I think that depends...

Certain things are matters of taste (i.e. #vi, #vim, #neovim, #nano, #ne or #kilo as #editors) and certain things are just objectively correct things to do (i.e. #PGP/MIME encryption on #eMail, using #MutiVendor & #MultiProvider #OpenStandads instead of #proprietary #SingleVendor & #SingleProvider "solutions"...)

  • But as @tantacrul once said: "It's okay to be wrong!"

As a #Linux & #Unix-esque #Sysadmin I'd rather be disliked as #BenevolentDictator than to deliver or even maintain subpar, substandard, insecure and unmaintainable solutions, because like an #electrician, people / businesses or rather clients / employers expect me to plan and deliver solutions that are 'up to code' and by 'code' I mean the relevant laws and standards ranging from #GDPR & #BDSG to #PCIDSS & #BSI...

  • EVERYTHING ELSE is secondary!
Replied in thread
Public
Kevin Karhan :verified:

@ryebread8403 @michael it's not a matter of flavour, but an #InconvenientTruth that #Windows and #windowsServer are #InsecureInEveryConfiguration, can't comply with #GDPR, #BDSG & #PCIDSS and thus are a "can't use and won't use" for me since I live in a juristiction where actual #privacy and #DataProtection laws exist and no insurance would cover the costs if that were to explode in my face even if doing so wasn't a literal felony ["endorsing or rewarding of a felony"] itself.

  • I hope this clarifies the #facts that in fact I'm not some "Microsoft Hater", but instead just someone making ends meet doing IT and keeping both employers' / clients' asses as well as myself out of jail!
#facts
ExploreLive feeds
About