maravis.com

A lot of popular websites like Twitter and Facebook use HTTPS for the login page, but switch to regular HTTP for the subsequent pages. This can result in session hijacking attacks where an someone else on the same network may be able to view all the traffic (including your photos and posts).

Back in July, in response to a number of queries, I wrote about what level of protection is required to meet PCI compliance requirements when other elements of cardholder data are stored with the PAN.

PA DSS requires vendors to ensure that the chain of trust is maintained for all installation and update files. These are primarily laid out in 7.2.a and 7.2.b PA-DSS 1.2 document. What this means is that customers should be able to verify that the files that they install/update are actually from you (authentication) and that they have not been modified (integrity).