Reply to post: Pci compliance failure failure

Sysadmin cracked military PC’s security by reading the manual

Nolveys Silver badge

Pci compliance failure failure

I used to subcontract to someone who did pci compliance tests. One time a bunch of issues came up and we worked to patch them. As we patched things and modified configs the issues went away one by one until only one remained.

Supposedly the remaining issue should have been covered by a software upgrade we did, but it persisted. My boss had to go do other things and left me to investigate. I downloaded the exploit reference code and ran it against the server...nothing. I mucked around with the code and still nothing.

After hours and hours of trying to get the exploit to work my boss called me. Turned out he hadn't quite scrolled to the end of the pci scan list and was looking at the second last report in the list, the one right before the service in question had been upgraded.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019