I was visiting an airline site today, and when prompted to enter my credit card details to book the flight, and whether or not I wanted to store my card details for future transactions, saw the note: “It’s safer to store your payment card details in our secure vault than it is to send them […]
Your data’s safe with us… Read More »
The general manager of the PCI SSC, Bob Russo, and CTO Troy Leach were recently invited to present to the US Congress, on the subcommittee “Protecting Consumer Information: Can Data Breaches be Prevented?”. Their statements can be found here: https://www.pcisecuritystandards.org/documents/140202_PCI_SSC.pdf https://www.pcisecuritystandards.org/documents/HMTG-113-IF17-Wstate-RussoB-20140205.pdf Whilst the statements did a good job at supporting the PCI SSC and its
The PCI SSC vs the US Congress Read More »
Our CEO, Tim Holman was recently interviewed by SC Magazine for his views on PCI DSS Compliance.
PCI DSS Compliance – The Slow Road to Progress Read More »
Our CEO Tim Holman was featured in SC Magazine today for his views on the Orange data breach.
SC Magazine – Feb 2014 Read More »
Orange recently suffered a data breach and around 3% of their user records in France were allegedly hacked. Â This amounts to around 800,000 users. The anatomy of the attack appears to be SQL injection, where a French version of their web application took users to a flawed My Accounts page that was vulnerable to some
Orange Data Breach – they should have known better.. Read More »
Tragedy strikes yet again as a major retailer cannot account for over a million cardholder data records. If that last sentence still got your attention, then you are probably one of few that still finds data breaches and the over-the-top media response interesting. It only seems like a few days pass, and then we hear
Latest data breach!! Read More »
As seasoned penetration testers, it has to be said that the most common issue we come up with when testing public facing web applications, is cross site scripting (XSS). Â Trying to explain this issue, and it’s implications, to businesses is challenging at times, after all there are a thousand and one other issues that businesses
Cross Site Scripting (XSS) and why it needs fixing! Read More »
It was interesting to note in PCI DSS v3.0, when conducting one of our first v3.0 assessments, that section 3.5.2 refers to a host security module, with regards to protecting data encrypting keys: 3.5.2 Store secret and private keys used to encrypt/decrypt cardholder data in one (or more) of the following forms at all times:ï‚·
Host Security Module and PCI DSS 3.5.2 Read More »
