maybe they're just so smart that they encode messages in all of their posts and the misspellings and bad grammar are a way to decipher the key.

Started using linux back in 95 because it was able to do some cool networking stuff that windows couldn't do (don't remember what that was any more). Used it for about a year until i got a new computer that had a win modem. Used it off and on for a few years after that. Got a job as a windows/novell sysadmin. Talked my bosses into letting me replace our broken sonic wall router with a linux based one. Started going into a linux help channel on irc and helping other people. Someone I helped came back a few months later asking if I wanted a job working from home on their linux based network. Eventually took their three shared hosted linux servers into a large, high availability network using nothing but linux devices (and a couple switches). Decided I had conquered linux and moved into software development which is what I had really been interested in all along.

i swear stone (forget which one) tastes like you're drinking a pine tree (needles included). stone is at the top of my list for horrible beers.

pci compliance standards aren't really that good, especially for determining web application security.

that's only based on revenue. top 10 by market cap is apple, quanta, microsoft, google, ibm, asus, oracle, samsung, intel, cisco. 3 of the top 4 have a heavily vested interest in this. Even ibm, asus, intel and cisco have a slightly vested interest in it. Oh also, Sony only has about 12% of the market cap that apple has.

section 6.6 isn't a penetration test. section 6.6 requires an automated scan of your network to find out what software and version is running and verify that there are no listed vulnerabilities for that version of the software in nvd. As for sony, i've heard people say that prior to this whole fiasco, their card wouldn't go through on PSN because the credit card company had them on the list of untrusted merchants. This would mean that sony probably wasn't pci certified.

since it's a streaming service, the riaa is trying to claim that google needs to pay licensing fees. amazon and google have been saying they don't need to.

i've just thrown them in the trash immediately for the past 12 years. The first time i got a notice i was supposed to call in every day during some week to find out if i had to come in or not so i called for the first 2 days then quit calling. Never got any sort of warrant or notice of failure to show or anything. I have been planning on attending the next one I get, but it's been maybe 4 years since i got my last notice to appear.

why would you even hire pen testers to point them at systems that don't contain the same software as your production? it's not like that's part of pci. As for the cost I can't really find anywhere that gives any cost of fines (though i have seen $500,000 per incident). I did however find an article saying it costs businesses on average $204 per customer for a data breach in the US (ranges from $750,000 to $31 million for total costs to companies).

http://www.securityprivacyandthelaw.com/2010/05/articles/cybersecurity-cybercrime/ponemon-study-finds-average-cost-of-data-breach-was-34-million-in-2009/

it shows that the company wasn't concerned with security. If a company was doing everything in it's power to keep it's networks/data secure it would be hard to fault them... if there is proof that they knowingly ignored security problems then they would have more liability for any security failures.

yes. they have proven that they only care to protect their own intellectual property not the intellectual property they force their users to give them.

if it was "unpatched" that generally means that there were security bugs in the version of apache that was running (otherwise they would have just said it wasn't up to date which wouldn't matter). If this web server was within the same scope as their cc processing system that would probably be a pci failure (not sure what vulnerability was). No one is saying that this was some vulnerability that would have allowed an attacker to run arbitrary code as root on the server however it may have given an attacker information on how their network was set up allowing them to find a more dangerous security vulnerability. Also apache httpd server doesn't have a good record of being immune to attacks, it's just not known to have more than expected.

The following is a list of security vulnerabilities that have been fixed in just apache httpd server 2.2
http://httpd.apache.org/security/vulnerabilities_22.html

i didn't see anything you just said mentioned in the article.

while i'm hear though, i might as well add that the reason i finally switched away from slackware after 15 years of use was that I just didn't have the time any more for the package management on it. Slackware really needs to introduce some sort of dependency setup for the packages along with repositories.

i just switched from att uverse to cox internet service because of the new bandwidth caps on uverse. In the process I ended up getting double the speed i had with uverse for only $30 more.

yeah, it would be interesting to inject some code into the device to cause it to tell phones to send all data it gathers to some email/website.