EMV(Europay, MasterCard, Visa) is the standard with the pin and chip technology which the US has finally moved to on October 1st of this year. Since EMV history and about https://www.emvco.com/about_emv.aspx So it is good that we have gotten up to speed from our days of just mag stripe and pin number. But since the standard has … Read more
The Internet Storm Center has a great article on the most common vulnerabilities in web applications (XSS or Cross Site Scripting) https://isc.sans.edu/forums/diary/When+encoding+saves+the+day/20277/ This is where some data is attempted insertion into the web application somehow. So the unfortunate browser response from Internet explorer is Internet Explorer: GET /myform/action/post?myparam=”>%20Test So what you say I … Read more
David Krebs story: http://krebsonsecurity.com/2015/10/at-experian-security-attrition-amid-acquisitions/ I want to focus on Board of Directors decisions to grow through acquisition, wanting to do growth securely, but in practice has lots of problems. The term I like the most is Black Box Magic. (as if security is gotten with a black box magic) image from Martin’s Magic collection: http://www.martinsmagic.com/product-tag/wagoncollector/ … Read more
This is the problem with some security issues(complicated technical issues that require expertise to fix): http://www.kb.cert.org/vuls/id/361684 Home routers implementing the UPnP protocol do not sufficiently randomize UUIDs in UPnP control URLs, or implement other UPnP security measures. This attack has the beginnings of a potential problem, some vendors have sufficient protection built-in: “Some vendors have … Read more
Of the 7 black hat white papers I want to focus on the ones that can cause problems for the Cloud Computers. The above diagram is a general diagram of the amount of companies servicing different IT sectors. Security can affect both Cloud and Virtualization. I quickly outlined the problem yesterday near the … Read more
