2|SEC Cyber Security Blog

The Cyber Sentinel

Stay on top of the latest news and updates to stay ahead of the latest threats


Debate on the New Guidance from PCI Council – does it go far enough?

The PCI Security Standards Council has released brand new guidance to advise businesses how they should use penetration testing to identify network vulnerabilities that could be exploited for malicious activity. However, a recent article has been published online by  BankInfoSecurity.com (BIS) that appeared to flag up a difference of opinion as to the effectiveness of the new guidance. Whilst one […]

Debate on the New Guidance from PCI Council – does it go far enough? Read More »

Why is POODLE and SSL v3 a problem?

As I’m sure you already know, PCI DSS v3.1 introduces a single change to replace “SSL” with “strong cryptography” in section 4.x. Whilst it might be a single change in PCI DSS, it literally means hundreds of thousands of HTTPS web pages around the world need their underlying web servers reconfiguring to use strong encryption.

Why is POODLE and SSL v3 a problem? Read More »

The SAQ-A-EP Apocalypse

The PCI SSC recently announced the new PCI DSS v3.0 Self Assessment Questionnaires (SAQs).  Of particular interest was SAQ-A-EP, that has enshrined Visa Europe’s original guidance on securing Hosted Payment Pages (HPPs) into PCI DSS v3.0. This of course is a great move for card data security as a whole, but generally bad news to

The SAQ-A-EP Apocalypse Read More »

Your data’s safe with us…

I was visiting an airline site today, and when prompted to enter my credit card details to book the flight, and whether or not I wanted to store my card details for future transactions, saw the note: “It’s safer to store your payment card details in our secure vault than it is to send them

Your data’s safe with us… Read More »

The PCI SSC vs the US Congress

The general manager of the PCI SSC, Bob Russo, and CTO Troy Leach were recently invited to present to the US Congress, on the subcommittee “Protecting Consumer Information: Can Data Breaches be Prevented?”. Their statements can be found here: https://www.pcisecuritystandards.org/documents/140202_PCI_SSC.pdf https://www.pcisecuritystandards.org/documents/HMTG-113-IF17-Wstate-RussoB-20140205.pdf Whilst the statements did a good job at supporting the PCI SSC and its

The PCI SSC vs the US Congress Read More »

Scroll to Top