If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
Re: How did we end up like this? ( PCI @ DEF CON )
So, I submitted a talk towards the end of the window last year regarding PCI compliance... and it made the first cut, and then it failed the second one -- probably because of the talk that did happen. The idea was, though, that it is candid discussion. As the years have gone, we've seen a lot of advances affect our world in DEFCON. WIFI was a revolution, and I remember all the fun that was wardriving a decade ago. The Internet became a bigger place with the whole "2.0" vogue. Marketing guys saw it as an amazing way to link things together and track us better, we saw it as XXXXXXXSS (and when we get a talk next year on "How I met your 7 girlfriends," you may understand).
PCI has become a real factor because it changes the technology we encounter and the rulesets we have. The unfortunate part we experience is that PCI opens new holes for the ones it closes (because our goal, of course, is to not be a sheep). Just like DEFCON needed the Social Engineering contest last year, I think DEFCON needs the PCI talk -- the one that you _don't_ get at Random Certification Company.
PCI -- how some places are finding two steps back from their one step forward. Bring that on, and show us the same things we see in every talk... how people got pwned by their image meta tags, weak wifi, lousy lock design, poor passwords, failure to sanitize input, and DEFINITELY by overlooking security because saying we're "compliant" isn't the same thing.