Skip to main content

The WiKID Blog

Viewing posts by admin

potential-xss-in-php-sample-page

Posted by: admin 16 years, 3 months ago

It has been brought to our attention by the team at ush.it that the sample.php page in our PHP Network Client has code that could have been exploited via an XSS attack. The sample page is not part of the network client itself, it is just provided as an example of how to add two-factor authentication to PHP applications.

read more / 0 comments

problems-with-the-pci-security-standard

Posted by: admin 16 years, 3 months ago

Mark Curphey has some thoughts about the problems with the PCI security standard and it looks like he is just getting started. I would like to also point out a comment left by an anonymous poster (probably because he or she makes a living doing PCI audits) in a previous post on PCI:

The problem with the Visa PCI standard is that Visa/MC have a vested interested in keeping the business flowing. The entity that is responsible for answering Visa is the issuing bank. The retailer is responisible to the issuing bank. The reports are filed with the issuing banks and shared with Visa. The problem with this structure is that all parties have a financial interest in keeping the business flowing. It takes a serious public violation, like card systems, for Visa/Issuing Banks to drop a vendor.

read more / 0 comments

banking-group-sues-tjx

Posted by: admin 16 years, 3 months ago

In an interesting development in the economics of information security and data breaches, a group of banks is suing TJX for "negligent misrepresentation". According to Massachusetts Bankers Association CEO Daniel Forte:

"Banks all across the nation re-issued debit cards as a result of the TJX data breach. Preliminary estimates of the costs vary from institution to institution, up to $25 dollars per card," MBA officials said in a statement. "This alone would run into many millions of dollars for banks throughout the country. Moreover, when fraud occurs, banks generally cover the entire fraud, replacing money in customer accounts to protect their customers."
The banks, which once owned Visa, the creator of the PCI data security standards, now recognize that there costs are an externality in that system. The tort system is a pretty good system for dealing with externalities. Unfortunately for those who like to have real data on these matters, if the case is settled out of court, we probably won't know how much it actually costs TJX. I continue to believe it will not affect their brand or sales , but it will hurt their stock price as would any expenses that do not generate revenue.

read more / 0 comments

more-on-biometrics

Posted by: admin 16 years, 3 months ago
Adam points to a recent academic work on reproducing fingerprints from the 'templates' of data points that most systems use (instead of a full image of the fingerprint).

read more / 0 comments

drive-neutral-the-economics-of-carbon-neutrality

Posted by: admin 16 years, 3 months ago
My wife and I have 3 kids and thus we have a big car. We bought the Suburban 5 years ago and the guilt has been building up. I'm a big believer in driving cars forever, so what do do?

read more / 0 comments

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom