Yet another PCI failure, Plesk 11/10/9/etc.

Discussion in 'Plesk 11.x for Linux' started by Hostasaurus.Com, Aug 17, 2012.

  1. Hostasaurus.Com

    Hostasaurus.Com Tera Poster

    Messages:
    436
    That's very odd considering their reason for failure was the version no longer being supported. Are you thinking SM decided to pass it because they're satisfied that Parallels is patching the 3.0.8 version even though the Courier author has abandoned it?
     
  2. IgorG

    IgorG Guru

    Messages:
    19,081
  3. Hostasaurus.Com

    Hostasaurus.Com Tera Poster

    Messages:
    436
  4. IgorG

    IgorG Guru

    Messages:
    19,081
    It is expected today.
     
  5. IgorG

    IgorG Guru

    Messages:
    19,081
  6. sergius

    sergius Guru

    Messages:
    1,911
    Hello, Gents. Any comment? Has it resolved your issue?
     
  7. DonSTN

    DonSTN Kilo Poster

    Messages:
    17
    Waiting for another SecurityMetrics scam to finish before we know the results, but I have a question:

    What did this update change to Courier? What version is Courier being upgraded to and where should we see the change once our panel has been upgraded? I got an e-mail this morning saying the upgrade was applied, but when looking at the RPM packages the version number is still the same for the PSA Courier package.

    Thanks!
     
  8. Hostasaurus.Com

    Hostasaurus.Com Tera Poster

    Messages:
    436
    I don't think the version has changed, still 3.0.8.
     
  9. sergius

    sergius Guru

    Messages:
    1,911
    The update makes something that PCI scanners should not fail on scanning Courier IMAP.

    Courier IMAP will be updated to 4.11 in Plesk in further updates. ETA Q4'12.
     
  10. DonSTN

    DonSTN Kilo Poster

    Messages:
    17
    What is the something?
     
  11. IgorG

    IgorG Guru

    Messages:
    19,081
    We can't share any information because it is security question and we do not want to give any hint to intruders.
     
  12. LarsenD

    LarsenD Mega Poster

    Messages:
    127
    Security by obscurity...
     
  13. sergius

    sergius Guru

    Messages:
    1,911
    Not quite. Plesk ships patched Courier IMAP 3.0.8 that is not vulnerable. So it's securely.

    SystemMetrics and some other PCI scanners don't actually check software for vulnerabilities but make decision based on indirect indicators. We have hidden these indicators.
     
    Last edited: Oct 17, 2012
  14. DonSTN

    DonSTN Kilo Poster

    Messages:
    17
    You describe security by obscurity in your response, which is:

    When can we expect information about the changes implemented in this release? Did you guys change a version number to make SecurityMetrics happy? The version number didn't change from any scans I've ran, but the SecurityMetrics scam is returning okay now. Something across the wire has changed, what is that something? Refusing to say what the change is makes no sense if there is no real security principle here.
     
  15. DonSTN

    DonSTN Kilo Poster

    Messages:
    17
    Time has passed are we allowed to know what changed?
     

Share This Page