Just for fun I wanted to make the headline to be “Make Software Secure Again” But when was software secure? Never, as we assumed it was secure but actually SW was never tested and security problems started as people hacked software and thus it was never secure we were just ignorant or naive in the … Read more
Compliance standards have similar goals (PCI – HIPAA – SOX – e-discovery) and the question is what should your password policy be to fulfill compliance and your own security risk profile. images from PCI standards doc, Adobe images site(HIPAA), Forbes (SOX), and aos.com (ediscovery) How many characters? Should there be special characters besides alphanumeric? Capital … Read more
Did you want to set up your own Intrusion Analysis department? Or at least give a framework for creating a method to understand a breach. Then read this document at threatconnect.com¹ by Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. This document goes into the details of what the attacker/adversary can do to your infrastructure and … Read more
I’m always scouring the net for interesting presentations and this is an interesting one, from Bsides Detroit By Gordon MacKay¹ which have been put on the Net by Adrian Crenshaw (irongeek.com)² The presentation is about a flaw in vulnerability management systems which also happens to be what Gordon MacKay programs now for Digital Defense Inc. … Read more
We know EMV should be installed in your credit card acceptance machines by October of 2015 (so already 9 months past) as per PCI compliance standard. The New Pin and Chip cards are also called EMV cards (Europay Mastercard and Visa). Pin and Chip logo above is from UK site http://www.chipandpin.co.uk/ – and it looks good. Above … Read more