Monthly Archives: February 2013

Security News Roundup: Chinese Take-away

The biggest story this week. Chinese military unit behind ‘prolific and sustained hacking’ says security report.  A highly-skilled team of intelligence gatherers working systematically to steal confidential information from organisations around the globe?  Shocking stuff – we can’t imagine for a moment that our government is doing the same thing. But things move fast in the murky… Read more »

Logging & Top 20 Default Username Attempts

 It’s true to say that default or weak passwords remain a significant cause of compromise and data loss for many organisations. For years, lists of default usernames and passwords have been widely available (and indeed are a useful resource for penetration testers as well as the less ethically motivated). Whilst it’s great to focus on… Read more »

PCI DSS Cloud Computing Guidelines

A new guidance document from the PCI SSC provides useful information about the use of Cloud Service Providers (CSPs) and how this may affect PCI compliance. Although cloud computing feels like a new thing, the issues about responsibility for cardholder data are certainly not new. Related issues, such as nebulous (pun intended) statements about PCI… Read more »

ATM & E-Commerce Security Guidelines

A couple of new information supplements have been released by the PCI SSC, covering E-commerce and ATM PIN security. “PCI DSS E-commerce Guidelines”  contains a nice summary of common E-commerce models, vulnerabilities and some recommendations too. From the intro: “This Information Supplement is intended for merchants who use or are considering the use of e-commerce technologies in… Read more »