Telefonica Digital interviews Tim Holman
Telefonica Digital interviews Tim Holman Read More »
The PCI SSC vs the US Congress
The general manager of the PCI SSC, Bob Russo, and CTO Troy Leach were recently invited to present to the US Congress, on the subcommittee “Protecting Consumer Information: Can Data Breaches be Prevented?”. Their statements can be found here: https://www.pcisecuritystandards.org/documents/140202_PCI_SSC.pdf https://www.pcisecuritystandards.org/documents/HMTG-113-IF17-Wstate-RussoB-20140205.pdf Whilst the statements did a good job at supporting the PCI SSC and its
The PCI SSC vs the US Congress Read More »
PCI DSS Compliance – The Slow Road to Progress
Our CEO, Tim Holman was recently interviewed by SC Magazine for his views on PCI DSS Compliance.
PCI DSS Compliance – The Slow Road to Progress Read More »
SC Magazine – Feb 2014
Our CEO Tim Holman was featured in SC Magazine today for his views on the Orange data breach.
SC Magazine – Feb 2014 Read More »
Orange Data Breach – they should have known better..
Orange recently suffered a data breach and around 3% of their user records in France were allegedly hacked. This amounts to around 800,000 users. The anatomy of the attack appears to be SQL injection, where a French version of their web application took users to a flawed My Accounts page that was vulnerable to some
Orange Data Breach – they should have known better.. Read More »
Latest data breach!!
Tragedy strikes yet again as a major retailer cannot account for over a million cardholder data records. If that last sentence still got your attention, then you are probably one of few that still finds data breaches and the over-the-top media response interesting. It only seems like a few days pass, and then we hear
Latest data breach!! Read More »
Cross Site Scripting (XSS) and why it needs fixing!
As seasoned penetration testers, it has to be said that the most common issue we come up with when testing public facing web applications, is cross site scripting (XSS). Trying to explain this issue, and it’s implications, to businesses is challenging at times, after all there are a thousand and one other issues that businesses
Cross Site Scripting (XSS) and why it needs fixing! Read More »
Host Security Module and PCI DSS 3.5.2
It was interesting to note in PCI DSS v3.0, when conducting one of our first v3.0 assessments, that section 3.5.2 refers to a host security module, with regards to protecting data encrypting keys: 3.5.2 Store secret and private keys used to encrypt/decrypt cardholder data in one (or more) of the following forms at all times:
Host Security Module and PCI DSS 3.5.2 Read More »
Careless Talk Costs Jobs
Sat in the coffee shop today, as one does as CEO of a huge multinational corporation does (let me know if you see him!), and surprising to hear the number of different conversations that were going on. On my left were a couple – boss and employee, having a performance review. A group on another
Careless Talk Costs Jobs Read More »