Paid Advertising
web application security lab
« A Funny Look Into Our Future
Join a Religion Via CSRF »

Scanless PCI

Well, today is the day. We can finally stop having discussions about the value of PCI, because there is a new product on the market that solves all the business needs without the pesky problems of wishy washy compliance regulations. It’s called Scanless PCI. The premise is pretty simple, go to the website, grab the code, throw it on your website and poof. You’re PCI certified. No fuss, no muss.

The beauty of this system is that everyone gets what they want. Awareness, certification, and of course, protection from PCI fines. We don’t have to sit around spinning yarns about what is and isn’t a secure web site, or what the definition of PCI 6.6 means or what have you. No more! I’m glad we can finally put this entire thing to bed. Not that I take credit cards, but I might just get it myself. It’s so easy!

This entry was posted on Tuesday, April 1st, 2008 at 8:11 am and is filed under General News. You can leave a response as well.

16 Responses to “Scanless PCI”

  1. Giorgio Maone Says:
    April 1st, 2008 at 10:06 am

    ROTFL!!! :D

  2. Ronald van den Heetkamp Says:
    April 1st, 2008 at 10:12 am

    Sounds like.. ehm.. “Hacker Safe” ? ;)

  3. donwalrus Says:
    April 1st, 2008 at 10:48 am

    looks like a great idiot-tracking system to me.

  4. Dave Ockwell-Jenner Says:
    April 1st, 2008 at 11:28 am

    Just… wow! The sad part is that I anticipate a number of people will actually fall for it :-)

  5. tancurrom Says:
    April 1st, 2008 at 12:07 pm

    I don’t trust anyone that uses Comic Sans.

  6. id Says:
    April 1st, 2008 at 12:30 pm

    I’m buying 2 at that price!

  7. Fraggeleh Says:
    April 1st, 2008 at 2:44 pm

    “In the event of a security breach during the certification period, Scanless PCI will pay damages according to industry averages, as determined in binding arbitration. Scanless PCI guarantees to meet or exceed the standards of our competitors.”

    Build a site, put their picture on it, and hack it. Then claim benefits and sue them in court. Way to cover their asses? It’s like setting a bottomless hole for them to step into

  8. RSnake Says:
    April 1st, 2008 at 3:32 pm

    http://en.wikipedia.org/wiki/April_Fools’_Day

  9. Awesome AnDrEw Says:
    April 1st, 2008 at 4:45 pm

    I figured this was an April Fool’s day prank, but I was still compelled to put the image on a remote site at first just to see whether or not any visits would actually take place.

    @tancurrom
    Great tactic!

  10. ehmo Says:
    April 1st, 2008 at 10:24 pm

    best idea ever :) i’m now PCI scanned and 100% safe :)

  11. TheHorse13 Says:
    April 2nd, 2008 at 11:06 am

    Following their “certification” link goes to a blocked Malicious Web Site (by Websense). lol. How surprising.

  12. Fraggeleh Says:
    April 2nd, 2008 at 10:08 pm

    I was kind of tipped off about the joke when I noticed huge js files from “roxer”, which turned out to be created by Jeremiah Grossman. :P

  13. id Says:
    April 2nd, 2008 at 10:47 pm

    Well if Jeremiah is selling I’m buying 12!

  14. Tom Says:
    April 6th, 2008 at 3:41 am

    In PCI 6.6 segment of the PCI standard there is a software called dotDefender that protect from web application attacks.
    You can download a 30 days trial to start using the software and watch how your attacks are being stopped.
    http://www.dotdefender.com or http://www.applicure.com

  15. RSnake Says:
    April 7th, 2008 at 11:48 am

    @Tom - are you sure you want to advertise your stuff on an April fool’s joke making fun of PCI?

  16. Lawrence Pingree Says:
    April 7th, 2008 at 1:59 pm

    So since when does complying with PCI mean you are “secure”? lol

Leave a Reply Or Discuss On the Forums