Falling clouds
Cloud providers seem very fallible recent with two major catastrophes within the last week.
Severe issue in SlideShowPro Director
Clear Skies Security has just posted an advisory for users of SlideShowPro Director. Anyone using this product that has not upgraded in the last 2 weeks is strongly urged to do so. Versions prior to 1.3.9 (released 7/23) can be exploited to access files directly through the web server. This issue was found during a [...]
PCI Auditor becomes PCI Defendant
An interesting twist in the legal battle regarding the breach at CardSystems now has the PCI auditor on trial.
DHS’ Software Assurance Efforts Can Help You
DHS’ “Build Security In” effort is a great example of a government initiative that has a lot of potential to improve software security everywhere. They are providing a lot of great resources you can use, regardless of your business.
Insecure SSL and How PCI “Nearly” gets it Right
Insecure ciphers and protocols are still supported on a very large percentage servers we assess. We strongly advocate removing all insecure ciphers and protocols. The PCI Council nearly made it a requirement to disable SSLv2 – In the words of Maxwell Smart, “They missed it by THAT much”.
Honey…What’s This Charge For?
New Payment Processor System Hacked
Here a Flag, There a Flag, Every Where a Red Flag
Review of the FTC compliance deadline for the Red Flag Rule regulation.
Conficker/Downadup Worm: How Prepared are you?
Observations and strategies for dealing with the recent Conficker/Downadup worm. What exposes companies and what can they do to strategically prevent problems in the future.
