bl00b Posted April 24, 2010 Share Posted April 24, 2010 I've read some stories online about big companies getting hacked, that were supposedly 'PCI Compliant' -- how does this happen? Isn't the requirement of PCI to have routine scans probe your site for vulnerabilities? Link to comment Share on other sites More sharing options...
germ Posted April 24, 2010 Share Posted April 24, 2010 I'm no expert on the subject, but sometimes vulnerabilities aren't realized until after they've been exploited (at least once)... >_< If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
MrPhil Posted April 25, 2010 Share Posted April 25, 2010 A lock on the door is no guarantee that someone won't break in some way (smash the lock or go through a window). A site may be PCI compliant, but that's like trying to scare ants away from your picnic by throwing food at them. Hackers are determined to get in, and will try all sorts of measures to do so, including "social engineering" (tricking customers or people on the inside into handing over passwords, etc.). It's a never-ending battle to secure sites, and there will always be intrusion attempts, and once in a while one will succeed. As @germ said, PCI compliance means that known vulnerabilities are sealed up (to certain standards), but hackers are creative and will constantly come up with new means to break in. I may have burglar bars on my windows, but someone sooner or later is going to try to wiggle down the chimney flue. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.