ByronM - 2:26 pm on Jan 8, 2008 (gmt 0)

The "hacker safe" logo is nothing but a picture. When I talked to them they told me there will be nothing installed on a server. Only small html will need to be placed in each page to display the logo. All they do is scanning well known ports for vulnerability and that is it. They would not even know if i have all patches installed or not. No test made for SQL injection or any other types of security holes.

I beg to differ. "Hacker Safe" is a LOGO PROGRAM but it is *NOT* just a logo. If you call and get a good deal (which you can) you can get scanning & auditing for 3-400/year which is a BARGAIN for "self auditing" vs paying a 3rd party to do it.

I say its a bargain because the scanning itself is so-so, it will find immediate known concerns and report them but the self-audit report that you use for PCI compliance is worth every penny because it gets the right people involved in knowing what aspects of the business they need to secure (and how) to accept credit card payments.

My guess is "geeks.com" simply took it for granted and didn't keep up with the audits nor the provisions they accepted in self audit and let some loose ends slide.

Yes, in many ways "Hacker Safe" is sort of like falling for DNB "Credit Builder" - you can do without it and in itself it doesn't guarantee anything however if you get an affordable deal on it and actually use the plethora of information and resources they provide it *IS* a good value.

Of course with a little intuition you can lower your fees to nill by using your credit card processor or gateway to get PCI compliance self audit checks and they will low-ball a rate for hacker safe as well.