Tag Archives: software

PA-DSS ‘Guidance’ for Mobile Apps Likely to Come This Year, PCI Council Says

Top officials with the Wakefield, Mass.-based organization tell Digital Transactions News the Council is working on what it calls a “technology evaluation” to craft new validation procedures that more clearly suit the software used by mobile merchants

via .

Privacy software: Who are the early leaders? – software, security, privacy, ControlCase, Consult2Comply, brinQa, Avior Computing, Archer, applications, Agiliance – Security & Email – PC World Business

Together they form what I’d call the “privacy GRC” market, where GRC stands for “governance, risk and compliance.” GRC makes up most of what privacy people do.

It’s not a big market. To put things into perspective, Gartner is only in its third year of analyzing the nascent IT GRC market. The privacy GRC market is at the moment no more than just a subset of that.

via Privacy software: Who are the early leaders? – software, security, privacy, ControlCase, Consult2Comply, brinQa, Avior Computing, Archer, applications, Agiliance – Security & Email – PC World Business.

Windows DLL load hijacking exploits go wild

Less than 24 hours after Microsoft said it couldn’t patch Windows to fix a systemic problem, attack code appeared Tuesday to exploit the company’s software.

Also on Tuesday, a security firm that’s been researching the issue for the last nine months said 41 of Microsoft’s own programs can be remotely exploited using DLL load hijacking, and named two of them.

via Windows DLL load hijacking exploits go wild.

Do You Have What It Takes To Pass Your Payment Card Industry Audit? #PCI

With every company reliant on software to run its business, an alarming rise in data breach incidents across industries, but especially credit card processing, means application security is becoming an increasingly critical part of any organisation’s overall IT security strategy. For organisations that store, transmit or process credit card information, it is vital as they must be able to demonstrate compliance with the Payment Card Industry Data Security Standards (PCI DSS).

via Do You Have What It Takes To Pass Your Payment Card Industry Audit? – Banking Business Review.

Lawsuit Brewing Against Popular POS Software Provider and Reseller

With evidence mounting of flagrant abuses of PCI-DSS security standards, two attorneys are on the verge of announcing the official filing of a national lawsuit against one of the hospitality industry’s biggest point-of-sale (POS) technology providers and one of its system resellers. The targets of the upcoming legal action will be Restaurant Data Concepts, Inc. of Warwick, Rhode Island – creators of the POSitouch™ system – and CC Productions of Hoboken, New Jersey, the reseller. POSitouch technology is installed in more than 20,000 restaurants nationwide.

via Lawsuit Brewing Against Popular POS Software Provider and Reseller.

OWASP Top10 2010 Released

Today, OWASP has released an updated report capturing the top ten risks associated with the use of web applications in an enterprise. This colorful 22 page report is packed with examples and details that explain these risks to software developers, managers, and anyone interested in the future of web security. Everything at OWASP is free and open to everyone, and you can download the latest OWASP Top 10 report for free at:

http://www.owasp.org/index.php/Top_10

via OWASPTop10-2010-PressRelease – OWASP.

CloudAudit targets automated risk assessment, management

CloudAudit, launched in January 2010, brings together cloud computing providers, integrators and consultants in an effort to create a common interface and namespace. The volunteer initiative aims to help with an automated risk assessment and audit of Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) or Infrastructure-as-a-Service (IaaS) environments.

via Q&A: CloudAudit targets automated risk assessment, management.

Internal data breaches a rarity

In 85 percent of the cases, 7Safe found that the compromised information was payment and card data, and the main attack route was through the sort of unsophisticated SQL injection attacks databases are supposed to be able to resist. Shared hosting was a common theme, whereby an attacker undermines one website and uses the same vulnerability to attack others on the same host.

“The analysis proves that many organisations who declare themselves compliant with the PCI Data Security Standards are not even close,” the report concludes.

via Internal data breaches a rarity, study finds ( – Software – Security ).

NIST Updates Automated Computer Security Validation Guidelines

The National Institute of Standards and Technology (NIST) has issued a draft publication for public comment that describes changes to the Security Content Automation Protocol (SCAP). SCAP is a suite of specifications that use the eXtensible Markup Language (XML) to standardize how software products exchange information about software flaws and security configurations.

via NIST Updates Automated Computer Security Validation Guidelines.