maravis.com

Update: There is a more recent post on using MD5 and its impact on PCI DSS.

PCI-DSS 1.2 discourages the use of MD5, in favor of the newer and better SHA1 algorithm. But I keep getting questions on whether use of MD5 is a security threat or whether it will impact PCI compliance.

I wrote an article titled “Tips for secure session management” a few days ago. Today I was testing an application when I ran into a vulnerability that could compromise sessions. This had to do with the programmers using the session-id for other purposes.

Some office workers apparently got carried away during the New York Yankees victory parade. According to reports, when they could not get their hands on (more) confetti, they started throwing files and documents out of windows.