Another bit of news landed in my Inbox this morning, where a retailer claims to be subject to a security breach and as such has completely retired their website. The retailer is well known and has a shop on every high street. A spectacular piece of PR appears on their website now, saying they’ve taken […]
Lush Cosmetics breach Read More ยป
Oh I do love this. Apple have come out with another screw to help deter hardware hackers from getting inside MacBooks and iPhone 4s. It’s called a pentalobe, which looks like a Torx screw on first looks, but actually has rounded edges. So what you might say. Well, Apple have been kind enough to uses
Screwed over by Apple? Read More ยป
I’m still coming across a number of brick and mortar merchants whom have been advised by their QSA to put their store environments into scope of PCI DSS and spend millions of pounds implementing end-point security and network monitoring solutions. Exactly what benefit does this give? Not even high street banks go to this level
Stores still in scope? Read More ยป
Don’t forget to check those security alerts that come in over the Christmas period, as regardless what your festive mood might tell you, Christmas presents a prime opportunity for criminals to launch attacks on your systems in the hope they get unnoticed. I recollect vividly my work in the gaming industry a few years back
Merry Christmas and a Happy New Year Read More ยป
Well, the webcast I just did was a fantastic example of cloud computing at it’s finest. I’ve just gone through it and the audio was terrible and I can’t even hear myself speaking at times. Sorry if you’d dialled in and didn’t quite get what you expected.
Cloud Computing – The Year Ahead! Read More ยป
If you’re going through a PCI DSS assessment and hit point 12.8, you might think of a Service Provider with whom you share card data with to be a bank or payment processor. After all, any other company with whom you have a relationship surely couldn’t impose a risk to you customer’s card data? You
Due Diligence and Service Providers Read More ยป
I was at Visa Europe’s QSA Briefing yesterday, and one question that cropped up was whether or not a Concierge style service would bring that Concierge into scope as a Service Provider. By Concierge, I mean an entity that keeps Consumer’s card numbers on file so it can book things like flights or hotels on
Does PCI DSS apply to Corporate Credit Cards? Read More ยป
Fresh back from the conference, an interesting few days, but still came back with the feeling that I was trying to be sold something. Not a problem if I’m brave enough to head to Infosec 2011 as that’s what you’d expect, but where some people would have paid ยฃ975 for a conference ticket I’m not
RSA Conference Europe 2010 Read More ยป
We’re all hearing a lot about end to end encryption as a security solution for the payments industry at the moment. The message that’s been pushed out is that merchants all need to change their PEDs and introduce more recent, encryption-capable models, so that as soon as card details hit the PED, the PED encrypts
End to end encryption – the panacea for payment security or just another commodity? Read More ยป
