+44 (0)20 7877 0060 contact@2-sec.com
Select Page

Archive

The PCI Security Standards Council has released brand new guidance to advise businesses how they should use penetration testing to identify network vulnerabilities that could be exploited for malicious activity. However, a recent article has been published online by  BankInfoSecurity.com (BIS) that appeared to flag up a difference of opinion as to the effectiveness of the new guidance. Whilst one […]

Why is POODLE and SSL v3 a problem?

Why is POODLE and SSL v3 a problem?

As I’m sure you already know, PCI DSS v3.1 introduces a single change to replace “SSL” with “strong cryptography” in section 4.x. Whilst it might be a single change in PCI DSS, it literally means hundreds of thousands of HTTPS web pages...
Third Party Security Assurance for PCI DSS

Third Party Security Assurance for PCI DSS

Almost 2 years ago, 2-sec founded the PCI SSC’s Third Party Security Assurance SIG, following the PCI SSC Community Meeting in Dublin. The aim of the SIG was to incorporate third party security assurance guidance into PCI DSS v3.0 and to produce an information...
Target and Trustwave sued over data breach

Target and Trustwave sued over data breach

News hit the wire today that Target’s acquiring banks have issued another lawsuit against Target, including Trustwave as a co-defendant.  This time the banks are trying to recover some costs incurred from Target’s managed data security services provider,...
The SAQ-A-EP Apocalypse

The SAQ-A-EP Apocalypse

The PCI SSC recently announced the new PCI DSS v3.0 Self Assessment Questionnaires (SAQs).  Of particular interest was SAQ-A-EP, that has enshrined Visa Europe’s original guidance on securing Hosted Payment Pages (HPPs) into PCI DSS v3.0. This of course is a...