RC4 is an encryption algorithm designed by RSA in 1987. It was attractive then because it could be implemented in a few lines of code, and wasn’t computationally intensive. PC’s were 8088 or MC68000 based at the time, and 64K was enough RAM, remember? Even today RC4 has advantages. It runs fast on small devices,
DIY retail chain Home Depot might be the latest big company to be hit by a serious data breach, after suspicions started to circulate that hackers had broken into its systems and manage to steal credit and debit card data.
For understandable reasons, Home Depot is working hard to reassure consumers about the situation –
Customers who have used their credit cards at a US supermarket chain between June 22nd and July 17th 2014 are being warned to check their bank balances, after it was discovered that criminals had hacked their way into networks and potentially accessed shoppers’ private data.
Supervalu has published a security advisory on its website,
In the final analysis, it is going to be Target’s customers that pay the price for this winter’s breach. OK, CIO Beth Jacob has fallen on her sword and departed; but that could hardly be avoided, and “this is a good time for a change” is hardly contrition. Apart from that, the innocent will pay while the guilty will escape.
It’s Winter Olympics time. I love watching them, especially safely ensconced in the American Southwest where we don’t have to deal with the snow and ice associated with the winter sports. Speed skating, (real) Biathlon, Hockey, Downhill and XC skiing, and all the rest of it.
But my friend the sports curmudgeon complains about sports that rely on judges to determine the outcome.
It used to be the only thing you could count on was death and taxes. But these days, you can bet on hackers going after your organization’s data too. Motives may differ – consider the hackers who want to make a statement and the cyber criminals who look to make a buck – but in the end,
Q: PCI standards are designed to be a starting point to helping build a strong security posture. Are retailers/organisations aware that they need to do more than achieve PCI compliance to achieve full risk management? > Read More
By now, most of us have heard of the data breach that affected Heartland Payment Systems. It’s been front page news, and Heartland themselves went public with news of the breach in January 2009. What many people might not know is that Heartland’s QSA (Qualified Security Assessor) had declared them as PCI compliant shortly before the breach took place.
There’s no question about it, no matter the differences between line-of-business executives, CIOs and security practitioners, the one thing they all have in common these days is a shared dread of a ten-letter word: compliance.
As regulations of technology practices have mounted over the years, most companies have struggled simply to keep ahead of the latest requirements while still managing the risks most important to them.
Miscellaneous interesting news / tidbits I’ve run across whilst trying to keep up with/clean out my RSS feed …
[Yeah, I know it’s been a while … sorry, but it’s been a busy week at my day job … and anyhow, I never said it’d be weekly, just that I’d only do it once a week.]
PCI Certification Liability?
Willie Sutton is reputed to have said (although he didn’t, actually), when asked why he robbed banks, “Because that’s where the money is.” So, we’re not really surprised to learn that a new scam is on to liberate the contents of ATMs, and by more sophisticated means than the skimmers I’ve written about previously.
It’s been long discussed in the industry that the requirements for PCI compliance were woefully inadequate and some have gone as far as suggesting that PCI be replaced with some form of an independent governing body that would actually raise the standard rather than simply appeasing the vendors to become compliant.
One of the hot topics in PCI compliance discussed since 2006 was the PCI firewall requirement.
McAfee, one of the largest AV vendors in the security space, recently acquired Solidcore Systems, a company that sells dynamic whitelisting technology, in a $47 million dollar deal that would add whitelisting capabilities to McAfee’s current product portfolio. While this comes as no surprise, this move by McAfee is just the tipping point for the whitelisting application control market.