PCI DSS Compliance – The Slow Road to Progress
Our CEO, Tim Holman was recently interviewed by SC Magazine for his views on PCI DSS Compliance.
PCI DSS Compliance – The Slow Road to Progress Read More »
SC Magazine – Feb 2014
Our CEO Tim Holman was featured in SC Magazine today for his views on the Orange data breach.
SC Magazine – Feb 2014 Read More »
Orange Data Breach – they should have known better..
Orange recently suffered a data breach and around 3% of their user records in France were allegedly hacked. Â This amounts to around 800,000 users. The anatomy of the attack appears to be SQL injection, where a French version of their web application took users to a flawed My Accounts page that was vulnerable to some
Orange Data Breach – they should have known better.. Read More »
Latest data breach!!
Tragedy strikes yet again as a major retailer cannot account for over a million cardholder data records. If that last sentence still got your attention, then you are probably one of few that still finds data breaches and the over-the-top media response interesting. It only seems like a few days pass, and then we hear
Latest data breach!! Read More »
Cross Site Scripting (XSS) and why it needs fixing!
As seasoned penetration testers, it has to be said that the most common issue we come up with when testing public facing web applications, is cross site scripting (XSS). Â Trying to explain this issue, and it’s implications, to businesses is challenging at times, after all there are a thousand and one other issues that businesses
Cross Site Scripting (XSS) and why it needs fixing! Read More »
Host Security Module and PCI DSS 3.5.2
It was interesting to note in PCI DSS v3.0, when conducting one of our first v3.0 assessments, that section 3.5.2 refers to a host security module, with regards to protecting data encrypting keys: 3.5.2 Store secret and private keys used to encrypt/decrypt cardholder data in one (or more) of the following forms at all times:ï‚·
Host Security Module and PCI DSS 3.5.2 Read More »
Careless Talk Costs Jobs
Sat in the coffee shop today, as one does as CEO of a huge multinational corporation does (let me know if you see him!), and surprising to hear the number of different conversations that were going on. Â On my left were a couple – boss and employee, having a performance review. Â A group on another
Careless Talk Costs Jobs Read More »
Travel insurer Staysure warns customers over IT hack
In response to the recent BBC article (thanks to Robin Lee for sending this on) –Â http://www.bbc.co.uk/news/business-25591548, I wrote the BBC this: I run a company responsible for auditing firms on behalf of Visa, MasterCard, American Express et al, to ensure they are handling credit card details securely (we’re known as Qualified Security Assessors, or QSAs,
Travel insurer Staysure warns customers over IT hack Read More »
PCI DSS v3.0 – the marketing game
It seems a few service providers are jumping on the bandwagon, getting PCI DSS v3.0 compliant, and then pushing the message out to their potential and existing client bases saying v3.0 is better than v2.0 and that they’re obviously far more secure than other suppliers that only have v2.0 certification. PCI DSS v3.0 and PCI
PCI DSS v3.0 – the marketing game Read More »