- Trend Micro threat analysts recently unearthed spammed messages that purported to have come from Trend Micro. Targeting trusted organizations is not an uncommon technique, used by cybercriminals when carrying out spam campaigns. In (continue reading...)
- We often associate Halloween with pumpkins and costumes but for cybercriminals it’s merely another avenue to exploit, steal, and trick users into giving away their personal identities. Treats are fun but we all need to (continue reading...)
- Visa just released its Cardholder Data Security Best Practices for VisaNet Processors. I think there are some things in this document that you as merchants can use, too. Here are a few (continue reading...)
- Microsoft’s new OS, Windows 7, was made available to the general public earlier today. To say that this was eagerly anticipated is an understatement, however, as in the United Kingdom, pre-orders on Amazon for copies exceeded both (continue reading...)
- The Web Application Security Consortium (WASC) today announced the findings of its WASC Web Application Security Statistics Project 2008. Their objective was to pool data from a number of sources to assess (continue reading...)
- Branden Williams writes that Visa and MasterCard have pulled the "reciprocity" from their merchant level definitions (see here). For those of you not up on all the details, I'll try and explain (continue reading...)
- I have been working with and talking to a number of schools recently that operate hotels on campus. These hotel operations face particular PCI compliance challenges due to the nature of the hotel business. (continue reading...)
- A quick heads-up to all users of Microsoft’s Windows Live Hotmail email service: a list of at least 10,000 user names (and the corresponding passwords) of the second-largest email service after (continue reading...)
- Those of you with PIN-entry devices (PEDs) at your point of sale (POS) should take a look at Visa's POS PIN Entry Device Vulnerabilities white paper out today. Visa reports on the (continue reading...)
- Day 2 of the PCI Community Meeting is just concluded. We heard from former Representative Tom Davis about the prospects for federal legislation addressing cyber security. My take from the presentation is (continue reading...)
- I'm here in Las Vegas with 650 of my closest PCI friends, including Tom Davis of Indiana Univeristy (For those of you who forgot, we represent NACUBO which is a Participating Organization). The PCI (continue reading...)
- I previously referenced an article on how to select a QSA. Now there is another article (4 Ways to Get the Most From your PCI QSAs) at Computerworld with similarly good advice. (continue reading...)
- There is a standard benchmark used to calculate the cost of a security breach: about $200 per account compromised. But often the compromise is not based on, say, compromised payment cards. Sometimes (continue reading...)
- OK, time for a little personal news here... Today it became official: I'm a QSA (Qualified Security Assessor). Until I joined 403 Labs, I could be a PCI consultant, but not a (continue reading...)
- The recent breaches and indictments have generated a lot of comments about PCI, many of them unfavorable. On one side are those that say they were "certified" as PCI compliant, but got breached anyway; (continue reading...)
- Today's required reading is an opinion piece in the New York Times "Time to be Afraid of theWeb" The article assesses the current state of Internet security and concludes that you don't have (continue reading...)
- It can be really tough staying on top of developments in PCI DSS, card brand rules, risks, threats, and everything else we are supposed to know about but don't have the time to follow. (continue reading...)
- Nearly all schools validate their PCI compliance using a Self-Assessment Questionnaire (SAQ). Nevertheless, many schools also hire a QSA to help them in the process, either with training, conducting a PCI gap analysis, designing (continue reading...)
- Holidays are almost always the target of significant spam and malware attacks, and this Fourth of July is turning out to be little different. A new WALEDAC variant – detected as WORM_WALEDAC.DU – has (continue reading...)