Viewing posts tagged Information Security
pci-expanding-to-europe
Posted by: admin 16 years, 1 month ago
According to Security Fix Visa is going to enforce PCI DSS in Europe:
Visa Inc. on Monday dramatically expanded its credit and debit card security requirements to retailers in Europe, an unexpected move that could be a financial boon to security auditing companies, but a huge cost for European merchants already feeling the pinch from the global financial crisis.I'm fascinated that this is a surprise. My reaction was, "hmm I would have thought the PCI already applied in Europe".
more-on-teleworking-and-disaster-preparedness
Posted by: admin 16 years, 1 month ago
Echoing my last post, GovExec.com points out that federal plans for telework during disasters are sadly lacking.
The ability of federal agencies to continue critical operations during large-scale emergency situations would be significantly enhanced with widespread use of telework, but few have made the necessary preparations, officials told a congressional panel Thursday.
problems-with-the-pci-security-standard
Posted by: admin 16 years, 1 month ago
Mark Curphey has some thoughts about the problems with the PCI security standard and it looks like he is just getting started. I would like to also point out a comment left by an anonymous poster (probably because he or she makes a living doing PCI audits) in a previous post on PCI:
The problem with the Visa PCI standard is that Visa/MC have a vested interested in keeping the business flowing. The entity that is responsible for answering Visa is the issuing bank. The retailer is responisible to the issuing bank. The reports are filed with the issuing banks and shared with Visa. The problem with this structure is that all parties have a financial interest in keeping the business flowing. It takes a serious public violation, like card systems, for Visa/Issuing Banks to drop a vendor.
more-on-pci-security-random-pen-testing
Posted by: admin 16 years, 1 month ago
In thinking a bit more about PCI security since my post on PCI visibility. I think what Visa and Mastercard need to do is to hire independent 3rd party penetration testers to pen test merchants and processors.
The PCI Three are making a big switch in September, when they will start fining acquiring banks non-compliant merchants. However, there are two problems with the auditing procedures: Auditors are paid by the companies they are auditing and audits are static snapshots. I'm not insinuating anything here about the ethics of PCI auditors, just pointing out the agency conflict and that a company might get compliant for an audit, then lapse out of compliance.
more-on-de-perimeterization
Posted by: admin 16 years, 1 month ago
Having just posted on de-perimeterization, I thought that this quote from Scott Borg of the U.S. Cyber Consequences Unit on the consequences of breaches:
"We started seeing huge vulnerabilities," Borg said Wednesday at the GovSec conference in Washington, where the draft document was released. Most of the systems were compliant with current security checklists and best practices. "And portions of those systems were extraordinarily secure. But they were Maginot Lines," susceptible to being outflanked.
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)