Viewing posts tagged Security and Economics
more-on-pci-security-random-pen-testing
Posted by: admin 16 years, 1 month ago
In thinking a bit more about PCI security since my post on PCI visibility. I think what Visa and Mastercard need to do is to hire independent 3rd party penetration testers to pen test merchants and processors.
The PCI Three are making a big switch in September, when they will start fining acquiring banks non-compliant merchants. However, there are two problems with the auditing procedures: Auditors are paid by the companies they are auditing and audits are static snapshots. I'm not insinuating anything here about the ethics of PCI auditors, just pointing out the agency conflict and that a company might get compliant for an audit, then lapse out of compliance.
networkworld-on-pci-conflicts-of-interest
Posted by: admin 16 years, 1 month ago
NetworkWorld has an article on the potential for conflicts of interest in the PCI world. In sum:
- There are only 60 qualified security assessors (QSAs).
- Many QSAs also sell products.
new-non-profit-educational-discounts-plus-pay-what
Posted by: admin 16 years, 1 month ago
Today we announced a new pricing program for home users: pay what you want. This variable payment plan for home users is based on the recent bands that have tested this system (Radiohead and NIN). But the trigger was also the free for home use offer for SSL-Explorer>. I have, of course, seen a lot of free for home use enterprise software and we may yet go there. But I also believe that this should be an interesting experiment.
new-incentives-for-pci-compliance-from-visa
Posted by: admin 16 years, 1 month ago
Visa's CEO hinted during a keynote speach that Visa may be looking at increasing incentives for PCI compliance.
Coghlan’s reference to incentives for compliance with the Payment Card Industry data-security standard follows a year that saw major hacker breaches of databases containing sensitive card information, including PINs for debit cards. “We need to do a better job with data security,” Coghlan said.
open-source-momentum-and-spending-during-the
Posted by: admin 16 years, 1 month ago
Hat Tip: Slashdot, From ComputerWorld:
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)