Originally posted by ILoveHostasaurus
View Post
-
Re: PCI vulnerabilities
David, Thanks for the quick response. You are right, I would not want a quick fix. -
Re: PCI vulnerabilities
This issue only affects McAfee customers currently; they've chosen to interpret Visa's PCI guidelines in a way that no other vendor currently does, which affects Miva Merchant and several other shopping carts. It could be argued that they have singled out Merchant for some reason since 90% of shopping carts on the market function the same way and they are only flagging a few for this for whatever reason; they won't provide more detailed information.
5.07 will fix the issue but fundamentally changing the way Merchant handles its cookies and basket/session tracking is not a quick fix nor one that you would want released quickly since it could affect your customers' ability to check out which means lost revenue; Miva is working on it though and has already provided some hosts with test-only versions of 5.07.Leave a comment:
-
PCI vulnerabilities
I use hacker safe (mcafee) and have been getting the following error:
Device Reason
www.stop-crime.com Potential Sensitive Persistent Cookie Sent Over a Non-Encrypted (SSL) Channel
SSL Protocol Version 2 Detection
I was told this by my host:
The persistent cookie issue is a known item, and unfortunately not something we can fix at this point. It's something that Miva is working on and will provide a fix by means of an updated MivaVM v5.07. Until that new version is made available, there's no way to fix this particular item. Best advice I have is to just wait until Miva released VM 5.07 and then re-submit your site to be scanned again.
Has this fix ever came out? Are we supposed to just run a non PCI compliant site or what?
Leave a comment: