{"id":283,"date":"2013-01-09T12:38:09","date_gmt":"2013-01-09T12:38:09","guid":{"rendered":"http:\/\/www.gironsec.com\/blog\/?p=283"},"modified":"2013-01-09T12:38:09","modified_gmt":"2013-01-09T12:38:09","slug":"the-problem-with-pci-compliance","status":"publish","type":"post","link":"https:\/\/www.gironsec.com\/blog\/2013\/01\/the-problem-with-pci-compliance\/","title":{"rendered":"The problem with PCI compliance"},"content":{"rendered":"<p>Hello everyone and happy new year.<\/p>\n<p>PCI compliance requires CC&#8217;s be encrypted, yet every other online store I&#8217;ve encountered STORES the ENCRYPTION KEY on the box, usually somewhere in the store&#8217;s code. What&#8217;s the point? Who does this deter? <\/p>\n<p>Even if the CC&#8217;s are encrypted, what&#8217;s to stop someone from just grabbing the CC&#8217;s and all the payment info entered before its sent to the database? Does PCI compliance protect against this? No. <\/p>\n<p>The problem with PCI compliance is people blindly trust that it&#8217;s good enough for their needs. Good enough to protect them from the boogy man. Its not.<\/p>\n<p>That&#8217;s my 2 cents on that.<\/p>\n<p>What I&#8217;m working on:<br \/>\nFinishing Brutus 2 &#8211; Electric Boogaloo<br \/>\nFinishing a web services fuzzer<br \/>\nFinishing cracking a .net managed assembly for a copy protection scheme used by a well known company (will definitely make a blog post out of it)<br \/>\nFinding things to do to keep my sanity.<\/p>\n<p>Check back soon.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hello everyone and happy new year. PCI compliance requires CC&#8217;s be encrypted, yet every other online store I&#8217;ve encountered STORES the ENCRYPTION KEY on the box, usually somewhere in the store&#8217;s code. What&#8217;s the point? Who does this deter? Even if the CC&#8217;s are encrypted, what&#8217;s to stop someone from just grabbing the CC&#8217;s and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[35],"_links":{"self":[{"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/posts\/283"}],"collection":[{"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/comments?post=283"}],"version-history":[{"count":1,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/posts\/283\/revisions"}],"predecessor-version":[{"id":284,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/posts\/283\/revisions\/284"}],"wp:attachment":[{"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/media?parent=283"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/categories?post=283"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gironsec.com\/blog\/wp-json\/wp\/v2\/tags?post=283"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}