Re: [Pauldotcom] PCI & Paper Documents

oopps... Looks like Chrs beat me to it :) On Dec 28, 2009, at 1:54 PM, Chris Merkel wrote: > https://www.pcisecuritystandards.org/security_standards/download.html?id=pci_dss_v1-2.pdf ___ Pauldotcom mailing list Pauldotcom@mail.pauldotcom.com http://mail

Re: [Pauldotcom] PCI & Paper Documents

Yes. Please see 9.6 PCI-DSS Standard 9.6 Physically secure all paper and electronic media that contain cardholder data. 9.6 Verify that procedures for protecting cardholder data include controls for physically securing paper and electronic media (including computers, removable electronic media, net

Re: [Pauldotcom] http://twitter.com/sotohide_log

Looks like they have a twitter list as well http://twitter.com/sotohide/misc On Mon, Dec 28, 2009 at 1:57 PM, Nicholas B. wrote: > I see this as being ripe for abuse provided you can determine which > system(s) are blocking the connections. Using twitter to enumerate > how they block ssh connec

Re: [Pauldotcom] PCI & Paper Documents

Well if it pertains to a Massachusetts resident MA 201 CMR 17 treats PI as in need of protection in any format- paper, electronic and recorded voice etc -Original Message- From: pauldotcom-boun...@mail.pauldotcom.com [mailto:pauldotcom-boun...@mail.pauldotcom.com] On Behalf Of Robert Mill

Re: [Pauldotcom] PCI & Paper Documents

Yes, PCI DSS requirements 7 and 9 includes paper records. On Mon, Dec 28, 2009 at 3:26 PM, Robert Miller wrote: > Hello Everyone, > > Do you know if PCI covers credit card numbers printed on paper and the > protections of those said documents? > > For example a customer order form that has been

Re: [Pauldotcom] PCI & Paper Documents

Yes, it wouldn't be very complete if it didn't cover paper and other media as well as electronic storage. The PCI DSS is found https://www.pcisecuritystandards.org/ Section 9 cover physical security, and 9.6 is particularly relevant, but typically other PCI DSS requirements are likely to ap

Re: [Pauldotcom] PCI & Paper Documents

I don't believe the PCI DSS specifically states either way, however I'd suggest that it doesn't matter for 2 reasons. 1. PCI compliance isn't a law, it's just a contractual obligation between the merchant & the payment brand. And I would guess that the same contract includes language about the

Re: [Pauldotcom] PCI & Paper Documents

Yes - PCI-DSS (1.2) section 9.6 https://www.pcisecuritystandards.org/security_standards/download.html?id=pci_dss_v1-2.pdf - Chris Merkel On Mon, Dec 28, 2009 at 1:26 PM, Robert Miller wrote: > Hello Everyone, > > Do you know if PCI covers credit card numbers printed on paper and the > protecti

Re: [Pauldotcom] http://twitter.com/sotohide_log

I must say this is a very interesting concept, one were I wish I had some spare time to dive deeper into it! Looking at the account it appears 5 "twitter" people are following this account which would indicate to me these are the people who give a monkeys butt as to the results of this brute f

Re: [Pauldotcom] http://twitter.com/sotohide_log

I'm interested in who's following that account. Someone should follow/DM them. On Mon, Dec 28, 2009 at 12:12 PM, Scott Webster wrote: > Its been running from 10/9/2009, using perl net. And not very productive, > the times seem random. > > > > *From:* pauldotcom-boun...@mail.pauldotcom.com [mailt

Re: [Pauldotcom] http://twitter.com/sotohide_log

I see this as being ripe for abuse provided you can determine which system(s) are blocking the connections. Using twitter to enumerate how they block ssh connection attempts and then working around these. On Mon, Dec 28, 2009 at 1:12 PM, Scott Webster wrote: > Its been running from 10/9/2009, us

Re: [Pauldotcom] http://twitter.com/sotohide_log

Hey John, seems like an awesome list of vulnerable.. I mean compromised hosts. ;-) -- Rob Fuller | Mubix Room362.com | Hak5.org | TheAcademyPro.com On Mon, Dec 28, 2009 at 12:11 PM, John Strand wrote: > I like his/her tweets! > > sshd[]: refused connect from 94.198.49.185 (94.198.49.185) Russi

Re: [Pauldotcom] http://twitter.com/sotohide_log

Its listed by someone named Sotohide (http://twitter.com/sotohide/misc) on twitter, probably using it as a combination programming project / IDS type system... def looks like his logs consists mosty of blocking SSH bruteforce attempts On Mon, Dec 28, 2009 at 12:38 PM, Dennis Lavrinenko wrote: > S

Re: [Pauldotcom] http://twitter.com/sotohide_log

I sense a tech segment coming up in this, more reason why its important to check your logs. www.twitter.com/infolookup -Original Message- From: "Scott Webster" Date: Mon, 28 Dec 2009 10:12:16 To: 'PaulDotCom Security Weekly Mailing List' Subject: Re: [Pauldotcom] http://twitter.com/sot

Re: [Pauldotcom] http://twitter.com/sotohide_log

I just got a shiver up and down my spine. On Mon, Dec 28, 2009 at 1:38 PM, Dennis Lavrinenko < dennis.lavrine...@gmail.com> wrote: > Some IDS that logs to twitter? > > On Mon, Dec 28, 2009 at 11:46 AM, xgermx wrote: > >> So I was checking some of my web server logs and I ran across an SHH brute

Re: [Pauldotcom] http://twitter.com/sotohide_log

p://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com __ Information from ESET NOD32 Antivirus, version of virus signature database 4723 (20091228) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ I

[Pauldotcom] PCI & Paper Documents

Hello Everyone, Do you know if PCI covers credit card numbers printed on paper and the protections of those said documents? For example a customer order form that has been printed out, does this need to be under lock and key or is this not covered by PCI and we should lock it up for our own pr

Re: [Pauldotcom] http://twitter.com/sotohide_log

Its been running from 10/9/2009, using perl net. And not very productive, the times seem random. From: pauldotcom-boun...@mail.pauldotcom.com [mailto:pauldotcom-boun...@mail.pauldotcom.com] On Behalf Of xgermx Sent: Monday, December 28, 2009 8:46 AM To: PaulDotCom Security Weekly Mailing List

Re: [Pauldotcom] http://twitter.com/sotohide_log

I like his/her tweets! 1. sshd[]: refused connect from 94.198.49.185 (94.198.49.185) Russian Federation about 9 hours ago from Perl Net::Twitter So. Very... Cool On Mon, Dec 28, 20

Re: [Pauldotcom] http://twitter.com/sotohide_log

That's really interesting. Seems that someone is using Twitter to track the success or failure of their automated attack attempts. Neat concept. From: pauldotcom-boun...@mail.pauldotcom.com [mailto:pauldotcom-boun...@mail.pauldotcom.com] On Behalf Of xgerm

Re: [Pauldotcom] http://twitter.com/sotohide_log

insight as to getting you're issue resolved or why someone would twitter ssh logs? -mmiller On Mon, Dec 28, 2009 at 8:46 AM, xgermx wrote: > So I was checking some of my web server logs and I ran across an SHH brute > force attack coming from a Chinese IP. Upon googling the IP I find this > http

Re: [Pauldotcom] http://twitter.com/sotohide_log

Some IDS that logs to twitter? On Mon, Dec 28, 2009 at 11:46 AM, xgermx wrote: > So I was checking some of my web server logs and I ran across an SHH brute > force attack coming from a Chinese IP. Upon googling the IP I find this > http://twitter.com/sotohide_log > Does anyone have any insight?

[Pauldotcom] http://twitter.com/sotohide_log

So I was checking some of my web server logs and I ran across an SHH brute force attack coming from a Chinese IP. Upon googling the IP I find this http://twitter.com/sotohide_log Does anyone have any insight? ___ Pauldotcom mailing list Pauldotcom@mail.pa

Re: [Pauldotcom] ShmooCon Slugs - Ride Sharing

I'm going to be leaving from the Canton, Ohio area if anyone is looking for a ride. - Robert (arch3angel) On 12/27/2009 8:26 PM, Rob Fuller wrote: > ShmooCon Slugs was created to help facilitate people getting together > for rides to ShmooCon 2010. > http://shmooslugs.pbworks.com/ > > We already