Forgot your password?

Close
typodupeerror

Submission Summary: 0 pending, 8 declined, 1 accepted (9 total, 11.11% accepted)

Security

Amazon confirms EC2/S3 not PCI Level 1 compliant

Submitted by Jason
Jason writes "After months of digging though speculation and polar opposite opinions from PCI experts, I finally sent a direct request to Amazon's AWS sales team asking if they are in fact PCI compliant and will provide documentation attesting that they are as is required by PCI guidlines. I fully expecting them to dodge the question and refer me to a QSA, but to my relief, they replied with a refreshingly honest and absolute confirmation that it is currently impossible to meet PCI level 1 compliance using AWS services for card data storage. They also very strong suggest that cardnumbers never be stored on EC2 or S3 as those services are inherently noncompliant. For now at least, the official verdict is if you need to process credit cards, the Amazon cloud platform is off the table."
Security

Are cloud services PCI Compliant?

Submitted by fooey
fooey writes "The company I work for is very strongly considering moving our business which handles millions of credit cards a year to an Amazon EC2 based platform. I've been digging everywhere but can't seem to find a definitive answer on whether or not public cloud services can actually meet PCI Compliance. Different PCI consultants are falling on both sides of the issue, with some taking the stance that it's no different than running on physical machines. While others point out that since cloud services are fundamentally shared storage, memory and processing on shared hardware there's no way cloud architectures could ever be considered PCI complaint. Does anyone with experience on the cloud frontier have advice? or has there been any public rulings from the PCI Council, Visa or Mastercard on where they stand?"
Censorship

Digg losing control of their site

Submitted by Fo0eY
Fo0eY writes "The folks at Digg.com have let the social news genie out of the bottle, and now they can't control it. Since the HD-DVD encryption code was discovered and published, readers at Digg have been repeatedly submitting stories with the 16 digit hex code in the titles and bodies. Just as quickly as these posts crawl up the Digg charts, admins seem to be deleting them."

The reason why worry kills more people than work is that more people worry than work.