-
Posts Archive
This page contains links to all the posts on this site. If you are looking for tutorials and articles, they are in the articles and tutorials section.
Storing PAN with other cardholder data
Clarification on whether cardholder name, expiration date, etc. need to be rendered unreadable if stored in conjunction with the PAN (Primary Account Number)
iTunes user accounts hacked
Apple iTunes user accounts were hacked over the July 4th holidays and unauthorized purchases made.
Does PA-DSS apply to you?
A few tips on when PA-DSS applies and when it does not apply to a payment application.
Why I prefer Microsoft Security Essentials
One more reason I prefer Microsoft Security Essentials over others for anti-virus/anti-malware solution.
Secure web search with Google
Overview of Google's new secure web search; what it does and what it does not do.
Lessons from the BP oil leak
The BP oil leak and what organizations can learn from this disaster.
GMail geolocation to alert about account hacks
GMail introduces geolocation to alert against account hacks.
Another Twitter hack
An unemployed Frenchman has hacked into Obama's Twitter account.
Wyndham hotels hacked again
Wyndham hotels hacked and card data stolen..again..
Malware in Firefox add-ons
Malware found in Firefox add-ons in the official repository.
More problems for Twitter
Twitter authentication credentials compromised, leading Twitter to push password resets for some users.
France wants to do away with passwords
France proposes to do away with passwords to keep the internet secure.
Poor online password practices
Lessons on password strength and password security from the RockYou breach.
Heartland settles for $60 Million
Heartland Payment Systems to pay Visa $60 million in damages related to the breach in 2008.
Twitter DNS attack
More information on how the Twitter DNS redirection happened.
Search engine results and security
A look at search engine results and how they can be manipulated to compromise your security.
Massive debit-card fraud in BC
Massive fraud hits debit-card users in British Columbia, Canada
Insider threat: T-Mobile staff sold customer data
T-Mobile employees reportedly sold customer data to brokers who in turn sold the data to competing phone firms.
MD5, PCI-DSS and Security
Clarification on the use of MD5 hashing algorithm, and how it impacts PCI compliance and security.
Misuse of session tokens by programmers
How programmers promote session hijacking vulnerabilities by misusing session-ids
Files and documents as confetti
Workers toss files, documents during Yankee victory parade.
NASA IT security vulnerability report
Some details from a GAO report that says NASA IT security is inadequate
Using a LiveCD/USB for safe online banking
Pros and cons of using a Linux LiveCD/USB to ensure security for online banking.
Update on stolen webmail accounts
Update on the Hotmail account compromise that revealed an interesting fact about passwords
Phishing attack compromises Hotmail accounts
Microsoft Hotmail accounts have been compromised by a phishing attack.
Logo for PCI Compliance?
Opinion on the calls for a PCI compliance logo.
PCI Compliance does not equal security
Why being PCI compliant does not mean you are secure.
Using device fingerprints for security
A look at device fingerprinting, its strengths and weaknesses and uses in security
Tapping Skype VoIP calls
A program that intercepts Skype VoIP calls is finally here. A trojan program intercepts Skype calls, records them as mp3 files and uploads them to pre-defined locations.
A look at Spyglass Software Surveyor Enterprise
An overview of Spyglass Software's Surveyor Enterprise, a tool that can help you identify sensitive data within a network.
Data security in development and testing
A quick look at a report on data security in development and testing from the Ponemon Institute
Stealing Credit Card Numbers
Man arrested for stealing 130 Million credit card numbers using SQL Injection attack.
OWASP Security Summit Update
Photos from the OWASP Security Summit at Stanford University.
Speaking at OWASP Security Summit
Siva Ram is speaking at the OWASP Application Security Summit on security of web application sessions.
Risk from shortened URLs
A look at why shortened URLs can cause problems and what you can do about it.
Wireless keylogger – Keykeriki
A keylogger for wireless keyboards has been developed. This will have an impact on privacy and possibly compliance.
Problems with identifying breaches
Some of the reasons that data breaches are not identified as soon as they happen.
Social networks and (in)security
Social networking sites such as Facebook and LinkedIn can be more effectively used to launch attacks against organizations.
Domino’s gives away pizzas
Domino's gave away 11000 free pizzas because a customer who ordered online put in the word "bailout" as a coupon code.
Cyber spying network unearthed
A major cyber-spying operation has been unearthed involving about 1295 computers belonging to government agencies, embassies and others in 103 countries.
BBC botnet controversy
A lot of people are outraged at the BBC using a botnet to show how easy it is to takeover computers and launch attacks. Are they justified?
Caught within the PCI-DSS box
PCI-DSS compliance can dominate an organization's security posture. Learn to look outside the PCI-DSS box.
Misconceptions about PCI-DSS
An attempt to clarify some of the misconceptions about PCI-DSS
QSA Training and ISACA Winter Conference
A general news update: Attended QSA training and the ISACA Winter Conference
Data breaches in 2008
A quick look at data breaches that happened in 2008 and the most obvious causes.
Is the Web Application Firewall (WAF) a silver bullet?
An overview of web application firewalls (WAF) and why they cannot replace secure coding practices.
Obama’s new phone
Obama's new hi-tech phone: One of the perks of being President of the USA.
Heartland data breach
Heartland Payment Systems, a process of credit card transactions has disclosed that its systems have been broken into, resulting in millions of cards being compromised.
Top programming errors
The top 25 programming error that lead to security breaches in web applications/sites.
A peek at AppScan Developer Edition
A quick overview of IBM Rational's new application vulnerability scanning tool for developers.
The need to follow good practices
Blogging service JournalSpace is no more because they did not follow good practices. What happened here?
Is it “goodbye MD5″?
Real life exploits showing two different messages resulting in the same MD5 hash value seem to suggest an end to the use of MD5 for all practical purposes.
Web app security – Where do I start?
You have been tasked with making your applications secure. Where and how do you start?
Giving away sensitive information
The pitfalls of not removing data from your phone before throwing them away..
Malware on Mac?
Did Apple remove an advisory about Mac users using anti-virus software for selfish reasons?
Obama’s cellphone records breached
Every organization is worried about hackers breaking into the network from outside. What about insider threats?
Alan Greenspan shocked
Why was Alan Greenspan shocked that all the financial companies that failed did not regulate themselves?
Does compliance mean anything?
Does compliance mean anything? Or is it just something companies do because they have to?
