Cyber Sentinel Cyber Security Blog

The PCI SSC vs the US Congress

The general manager of the PCI SSC, Bob Russo, and CTO Troy Leach were recently invited to present to the US Congress, on the subcommittee “Protecting Consumer Information: Can Data Breaches be Prevented?”. Their statements can be found here: https://www.pcisecuritystandards.org/documents/140202_PCI_SSC.pdf https://www.pcisecuritystandards.org/documents/HMTG-113-IF17-Wstate-RussoB-20140205.pdf Whilst the statements did a good job at supporting the PCI SSC and its […]

The PCI SSC vs the US Congress Read More »

PCI DSS Compliance – The Slow Road to Progress

Our CEO, Tim Holman was recently interviewed by SC Magazine for his views on PCI DSS Compliance.

PCI DSS Compliance – The Slow Road to Progress Read More »

SC Magazine – Feb 2014

Our CEO Tim Holman was featured in SC Magazine today for his views on the Orange data breach.

SC Magazine – Feb 2014 Read More »

Orange Data Breach – they should have known better..

Orange recently suffered a data breach and around 3% of their user records in France were allegedly hacked. This amounts to around 800,000 users. The anatomy of the attack appears to be SQL injection, where a French version of their web application took users to a flawed My Accounts page that was vulnerable to some

Orange Data Breach – they should have known better.. Read More »

Latest data breach!!

Tragedy strikes yet again as a major retailer cannot account for over a million cardholder data records. If that last sentence still got your attention, then you are probably one of few that still finds data breaches and the over-the-top media response interesting. It only seems like a few days pass, and then we hear

Latest data breach!! Read More »

Cross Site Scripting (XSS) and why it needs fixing!

As seasoned penetration testers, it has to be said that the most common issue we come up with when testing public facing web applications, is cross site scripting (XSS). Trying to explain this issue, and it’s implications, to businesses is challenging at times, after all there are a thousand and one other issues that businesses

Cross Site Scripting (XSS) and why it needs fixing! Read More »

Host Security Module and PCI DSS 3.5.2

It was interesting to note in PCI DSS v3.0, when conducting one of our first v3.0 assessments, that section 3.5.2 refers to a host security module, with regards to protecting data encrypting keys: 3.5.2 Store secret and private keys used to encrypt/decrypt cardholder data in one (or more) of the following forms at all times:

Host Security Module and PCI DSS 3.5.2 Read More »

Careless Talk Costs Jobs

Sat in the coffee shop today, as one does as CEO of a huge multinational corporation does (let me know if you see him!), and surprising to hear the number of different conversations that were going on. On my left were a couple – boss and employee, having a performance review. A group on another

Careless Talk Costs Jobs Read More »

Travel insurer Staysure warns customers over IT hack

In response to the recent BBC article (thanks to Robin Lee for sending this on) – http://www.bbc.co.uk/news/business-25591548, I wrote the BBC this: I run a company responsible for auditing firms on behalf of Visa, MasterCard, American Express et al, to ensure they are handling credit card details securely (we’re known as Qualified Security Assessors, or QSAs,

Travel insurer Staysure warns customers over IT hack Read More »

The Cyber Sentinel

Start typing and press enter to search