Blog

Welcome to This Week’s [in]Security. PCI and payments: Remote Assessment, PA-DSS/SSF transition. CPE Maintenance, P2PE v3.1, PIN Program, Technical FAQ, DSS FAQ, Neiman Marcus card breach, ApplePay/Visa Express Travel vulnerability. New breaches: Meet...

Cryptographic change is a reality. Since 2006, we have seen the sunset of WEP, SSLv2, RSA-1024, SSLv3 and early TLS. We know that Triple DES and other 64-bit blocked ciphers are on the way out. RSA will likely follow, and our current pre-quantum public...

Welcome to This Week’s [in]Security. Union Pay and PCI, New FAQ, Magecart. UI Rant. New breaches, New Ransomware: Ports. Blood Services, gangs. Follow-ups & Fall-out. Privacy: Deanonymizing, Android. Laws & Regs: Backdoors, Fines, Pegasus, Data...

Welcome to This Week’s [in]Security. SIGS. FAQ. New breaches: 220M, GOAT Breach? UScellular. EU. Mensa. New Ransomware. SkipTheDishes. Remote Proctoring. Facebook Oversight Board. catfishing. Credential Stuffing Liability. Crypto-wars. NIST&ISO....

Welcome to This Week’s [in]Security. SolarWinds. Riot fallout. New PCI FAQs. SPoC Unsupported O/S RFC. New breaches. New Ransomware. Mining AI. WhatsApp & Facebook. Telegram. Old SSL/TLS. Selfies vs. Fraud. Browsers. Android. reCAPTCHA. Titan. Fortinet...

Welcome to This Week’s [in]Security. This week: PCI DSS 4 Comment Period. New PCI Contactless on COTS standard. EMVco and 3D Secure. A PCI Horror Story. Magecart. Carders. Breaches at top domain registrars, UniCredit (3rd times a charm), Bed Bath&...