Cloud providers seem very fallible recent with two major catastrophes within the last week.
Clear Skies Security has just posted an advisory for users of SlideShowPro Director. Anyone using this product that has not upgraded in the last 2 weeks is strongly urged to do so. Versions prior to 1.3.9 (released 7/23) can be exploited to access files directly through the web server. This issue was found during a [...]
An interesting twist in the legal battle regarding the breach at CardSystems now has the PCI auditor on trial.
DHS’ “Build Security In” effort is a great example of a government initiative that has a lot of potential to improve software security everywhere. They are providing a lot of great resources you can use, regardless of your business.
Insecure ciphers and protocols are still supported on a very large percentage servers we assess. We strongly advocate removing all insecure ciphers and protocols. The PCI Council nearly made it a requirement to disable SSLv2 – In the words of Maxwell Smart, “They missed it by THAT much”.
New Payment Processor System Hacked
Review of the FTC compliance deadline for the Red Flag Rule regulation.
Observations and strategies for dealing with the recent Conficker/Downadup worm. What exposes companies and what can they do to strategically prevent problems in the future.