More holes found in Web’s SSL security protocol – Network World
Security researchers have found some serious flaws in software that uses the SSL (Secure Sockets Layer) encryption protocol used to secure communications on the Internet.
At the Black Hat conference in Las Vegas on Thursday, researchers unveiled a number of attacks that could be used to compromise secure traffic travelling between Web sites and browsers.
via More [...]
PCI breaches shed light on cloud securityi – Network World
Credit card numbers compromised in an attack against Web hosting provider Network Solutions exposes one of the security problems faced by cloud computing.The company says its infrastructure complied with payment card industry PCI standards when the data was possibly stolen via software installed on is servers.
via PCI breaches shed light on cloud securityi – [...]
Weak security enables credit card hacks – AP
Every time you swipe your credit card and wait for the transaction to be approved, sensitive data including your name and account number are ferried from store to bank through computer networks, each step a potential opening for hackers.
via The Associated Press: AP IMPACT: Weak security enables credit card hacks.
FISMA Efficacy Questioned – Federal CIO Vivek Kundra
Recent breaches at the Federal Aviation Administration and at the vendor that hosts USAjobs.gov demonstrate that the state of federal information security is not what citizens should expect, federal CIO Vivek Kundra testified before the House Committee on Oversight and Government Reform’s Subcommittee on Government Management, Organization and Procurement. He said the seven-year-old Federal Information [...]
Air traffic systems vulnerable, IG states
An audit of the Web applications connected to air-traffic control networks found hundreds of critical vulnerabilities in the software and documented dozens of cyber incidents that continue to be unresolved, auditors stated in a report to the Federal Aviation Administration released this week.
During the investigation, auditors from the Office of the Inspector General for the [...]
NIST Issues Draft Guide for Automating Computer Security Verification – 7thSpace Interactive
The National Institute of Standards and Technology (NIST) has issued for public comment a draft publication describing a new method to automate the task of verifying computer security settings. Known as the Security Content Automation Protocol (SCAP), the specification has recently been incorporated into software scanners for checking security settings in federal computers.
The new publication [...]
Call centres ‘failing on credit card security’
24 April 2009 04:20:00
Survey finds many companies are not complying with PCI standards.
Many UK call centres could be putting customers at risk of credit card fraud because of a failure to adhere to payment card industry (PCI) standards, according to new research.
Technology firm Sabio surveyed a number of call centre operators and found that more [...]
Unknown hackers steal details on U.S. Joint Strike Fighter project: Scientific American Blog
An unknown cyber criminal (or group of them) has broken into computer systems housing information about the U.S. Defense Department’s $300 billion Joint Strike Fighter project, the Wall Street Journal reports today, citing a number of “current and former government officials familiar with the attacks.”
It’s unclear how much damage the attacks have caused to the [...]
Visa leads effort at PCI conference to minimise payment information vulnerability
Visa opens PCI Dubai Conference
Dubai, UAE 14 April 2009: Visa International, the leading payment solutions provider, has participated in PCI Dubai, the leading payment industry conference and addressed stakeholders from across the GCC payment industry on various issues surrounding data security and payment card fraud. Participants also shared best practices, emerging technologies, and discussed ongoing [...]
Identity Theft – PCI Chiefs Defend Standards, Plans – eWeek Security Watch
It’s a gross oversimplification of an utterly staggering technical and social challenge, and he knows it as well as anyone, but it’s hard to argue with PCI Security Standards Council General Manager Bob Russo’s assertion that when it comes to improving electronic data security and related matters of individual privacy, “something is much better than [...]
