Stunnel, an application that provides secure ‘tunneling’ for commonly used, insecure protocols (e.g. SMTP, POP3, etc.) has issued a security bulletin. There is a known flaw that could be utilized to inject arbitrary code and ultimately control where the connection goes. Imagine the emails you’re trying to send to consignors and/or customers being intercepted.
If you think this is being hyper-sensitive, you don’t internets enough.
Any applications installed on your systems must be justified, as per the PCI DSS v2.0:
2.2.2 Enable only necessary and secure services, protocols, daemons, etc., as required for the function of the system.
2.2.2.b Identify any enabled insecure services, daemons, or protocols. Verify they are justified and that security features are documented and implemented.
2.2.3.a Interview system administrators and/or security managers to verify that they have knowledge of common security parameter settings for system components.
2.2.4 Remove all unnecessary functionality, such as scripts, drivers, features, subsystems, file systems, and unnecessary web servers. Examples of insecure services, protocols, or ports include but are not limited to FTP, Telnet, POP3, IMAP, and SNMP.
If someone is going to install 3rd party software on your computer, be sure to ask them if they are going to maintain and patch that software on a daily basis. As a business bound by PCI DSS, applications must be patched on at least a monthly basis. For systems storing/processing/connected-to sensitive data, applications should be patched more-frequently – i.e. daily.
Without even considering PCI DSS, it’s common sense. An application installed with good intentions, can easily backfire on you if not properly maintained.
Dean
I am a Software Developer, System Administrator, and consignment software specialist. I currently manage hundreds of consignment workstations, point of sale systems, and database servers all across North America and I am the developer of Peeps' Software, Peeps2Go, and Peeps' Consignor Login for iOS and Android. I've been helping consignment & resale store-owners since 2003. I started The Computer Peeps in February of 2010. Peeps' Software launched in 2016 and is now on hundreds of systems all across North America. I have successfully converted dozens of stores from all of the major consignment software systems. After 20 years of working with consignment stores, I understand the unique challenges consignment & resale store-owners face. From electrical issues in old buildings or strip malls, to advocating for them when their old consignment software keeps crashing.