7 Security Warning Signals

2011 featured plenty of news about high-profile data loss and cybercriminal activity. And so did 2012. Any guesses for 2013? Some common causes emerge in all of these cases. Poorly managed infrastructure, insecure web applications, and a lack of attention to security procedures are often cited. But how do these conditions arise? How is it… Read more »

PA DSS Process Change

We’ve just been reading the monthly assessor newsletter as sent from the PCI SSC, and there’s an update in there that will affect a number of our PA DSS clients. It’s a process change relating to payment of the SSC’s invoice. To quote: “As soon as a ROV is submitted, we will invoice the application… Read more »

Risk Assessment Guidelines Information Supplement

You might be interested to read the recently published output from the PCI Risk Assessment SIG (Special Interest Group). There’s guidance in there on what constitutes a risk assessment process, and what it should cover. The document makes specific reference to PCI DSS requirement 12.1.2: “12.1.2 Includes an annual process that identifies threats, and vulnerabilities,… Read more »

Cut-off dates for Visa Europe web listing

PCI DSS compliance logo credit cards

This update concerns Level 1 Service Providers (member agents). We just had an update from Visa Europe regarding the final cut-off dates for the December web listing. Normally, this is the 15th of the month (for listing during the same month). However, to accommodate the Christmas holidays, the cut-off for December will be Friday 7th… Read more »

Terminology & Mastercard Service Provider Registration

PCI DSS compliance logo credit cards

If you’re a service provider, you’ll want to read this information from Mastercard about registering with them as a PCI compliant service provider. But before you read it, it’s worth having a brief tour around some relevant terminology. If you’re a Merchant, you may find this interesting anyway, especially if the PCI compliance and registration… Read more »

New: Mobile Payment Acceptance Guidelines

Fresh from the PCI SSC – Mobile Payment Acceptance Guidelines. These are guidelines on payment acceptance using smartphone apps, and will be interesting reading to many of our readers. Download from here. Useful links: https://www.ambersail.com/what-is-sequel-injection/ https://www.ambersail.com/pci-dss-penetration-test-policy/ https://www.ambersail.com/blocking-your-penetration-tester/ https://www.ambersail.com/gdpr-now-the-dust-has-settled/

Taming The BEAST

This is a follow-up post to our previous article on the subject. Here we offer technical assistance to those of you trying to fix the BEAST vulnerability, and offer some mitigation practices. The problem revolves around a vulnerability identified years ago in TLSv1 and SSLv3 protocol CBC mode ciphers (the stronger ciphers). This issue was fixed in… Read more »

ASV Reports: The BEAST Inside

Many of our ASV customers are seeing scan reports making reference to a “BEAST” attack susceptibility. But what is it, and more importantly, how can you fix it? The bad news is that our ASV scan report is informing you that the strong encryption on your “secure” web server could be rendered useless and your… Read more »

Apple iOS Security Guide

Apple has (somewhat quietly) published a guide to iOS security. If you’re building apps on the iOS platform then this document will certainly be of interest to you. For example there are details of the platform’s data protection and encryption mechanisms. Download the PDF from here. Useful links: https://www.ambersail.com/what-is-sequel-injection/