Skip to main content

The WiKID Blog

Viewing posts tagged Information Security

not-bad-for-a-cubicle-on-strong-authentication

Not Bad for a Cubicle has a post on strong authentication - more blogging driven by Bruce Schneier's posts. It's well balanced and insightful.

pci-expanding-to-europe

According to Security Fix Visa is going to enforce PCI DSS in Europe:

Visa Inc. on Monday dramatically expanded its credit and debit card security requirements to retailers in Europe, an unexpected move that could be a financial boon to security auditing companies, but a huge cost for European merchants already feeling the pinch from the global financial crisis.
I'm fascinated that this is a surprise. My reaction was, "hmm I would have thought the PCI already applied in Europe".

problems-with-the-pci-security-standard

Mark Curphey has some thoughts about the problems with the PCI security standard and it looks like he is just getting started. I would like to also point out a comment left by an anonymous poster (probably because he or she makes a living doing PCI audits) in a previous post on PCI:

The problem with the Visa PCI standard is that Visa/MC have a vested interested in keeping the business flowing. The entity that is responsible for answering Visa is the issuing bank. The retailer is responisible to the issuing bank. The reports are filed with the issuing banks and shared with Visa. The problem with this structure is that all parties have a financial interest in keeping the business flowing. It takes a serious public violation, like card systems, for Visa/Issuing Banks to drop a vendor.

securing-webdav-with-ssl-and-two-factor

One reason for the lack of posts recently has been that I have written a how-to on securing WebDAV with SSL and two-factor authentication. Dealing with WebDAV was more of a pain than I anticipated. First, there seems to be a bug in recent versions of apache that breaks mod_auth_radius and mod_auth_xradis. Second, I spent a lot of time figuring out the ways that WebDAV does not work on Windows ;).

shame-ostracism-blogs-and-xss-flaws

There is an excellent post on Security Fix Blog about cross-site scripting flaws at major financial institutions pointed out by Lance James (author Phising Exposed.

Recent Posts

Archive

2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom