“Hacker Safe” PCI Compliance in osCommerce?
Several weeks ago, I received a frantic call from an administrator of a site running a popular fork of osCommerce, saying he had 72 hours to fix dozens of vulnerabilities reported by ScanAlert–the company behind the “Hacker Safe” PCI compliance logo–or his right to display the Hacker Safe logo would be revoked. I ended up doing the job I was asked to do: I not only eliminated all of reported vulnerabilities, but in the eyes of ScanAlert, the site was now able to display the presumably more stringent Visa branded PCI compliance seal, which it hadn’t been able to do before. Although the customer was relieved and even downright ecstatic about the outcome, I was left with some very mixed feelings about ScanAlert, and the work I had done.
