An Apache DSO Module that has to be installed in the Apache Software directly.
http://www.net-secur..._news.php?id=2364
Ummm, yeah, already we've been tagged to "ensure" no unknown "modules" are loaded... and proof with PNG/Configs/in-memory references... etc.
These people can't even get it through their heads we haven't had a single unlogged intrusion attempt nor a single successful (and proven with our IDS that logs ALL traffic) intrusion.
There is the pervasive: "But what if they did"... since its Windows based "what if"
GAH, get over it.
Well, if they did, our APIs wouldn't work properly, when dealing with Credit Cards... and I'd be able to see the module being loaded and the compiled module in a location that is wrong or the location its loading from is wrong.
They "PCI auditors" just don't friggin get it. External Scanners are now dinging for it.
Must!!!! get!!!! out!!!! of!!!! doing/dealing!!!! with!!!! PCI!!!!
!1!!!!!1!!!!1!!!!!!!!!!!!!111!!!!!!!!1!!!!!!!!1!!!1!!1!1!11!!!!1!!1