Monthly ArchivesSeptember 2013

PCI DSS and the Partial Vacuum standard

Earlier this week I posted some thoughts I had about the newly released draft. Unfortunately, I couldn’t give you guys the actual analysis that both I and folks in my company performed (though, if you become a customer of my company, and are already a PO I am certain we can present something to you). Why? Because the Council still is treating this as a pay-to-play community without thinking about the broader impact to the ecosystem. The folks who frame the standard are some smart, experienced people. I’ve met and worked with all of them in varying capacities, and their job is incredibly challenging while being completely thankless. If you think about how things work in their world, they are ...

Continue Reading

Managing Vulnerabilities to Closure standard

Edit: Merge.io is no longer, however, will keep this up as part of the discussion around vulnerability management. I’ve been known to say that vulnerability detection is easy—it’s vulnerability management that’s hard. There are too many tools available today that can tell you everything that is wrong with your security posture. The real work comes in finding the root cause of the issue, permanently eradicating it from your environment (as in changing configuration servers, patching gold builds, dealing with sleeping physical or virtual instances), and validating to everyone who wants to know that you were successful in doing so. Time and time again, my customers complain about the challenges associated with getting clean vulnerability scans. In fact, that might be ...

Continue Reading

First Impressions of the PCI DSS 3.0 Draft standard

OK folks, if you are a participating organization, or some other kind of stakeholder, you should now be able to grab the latest draft of the PCI DSS for the upcoming 3.0 revision. If you are not some kind of stakeholder, you can still get a copy but you have to be a little more sneaky. I have found copies outside already that are available if you know what to do. Now, before someone from the Council get’s all worried, I’m not at liberty to actually disclose what is inside PCI DSS 3.0. Even though I was given multiple copies outside of my current relationship with the Council, I’m going to stick by my agreement and only talk in general ...

Continue Reading

Mobile Payments Acceptance Security Best Practices Updated standard

Visa has a pretty extensive document library of stuff to help folks cope with some of the threats in the system, and yesterday they updated their Visa Best Practice, Mobile Payments Acceptance Solutions to v3.0. While these are still considered best practices, they are a great starting point for anyone with a mobile payment component to their business. One of my more popular posts is How to Make a Mobile Payment App Comply with PCI DSS, so I know many of you are looking at this. Take this in combination with the Starbucks app, and there is lots of interest. Keep in mind, my original post was really talking about the bare minimum as a way to get around the ...

Continue Reading

Introducing SlideZip! standard

Hello Internet! I had an idea for a product last summer to help with my presentations. I wanted to find a way to allow people to easily and quickly get access to the presentation materials (and other stuff) while keeping the conversation going after I left the stage. Gene Kim and I discussed a number of options, and within a few hours I had something crude cobbled together. Folks at my talks could get the slides by sending a quick text message to an address, and BAM! Slides in their inbox! It worked great for me, but required too much customization to be actually useful. In February after I left RSA, I decided that it was time to re-learn Ruby ...

Continue Reading

July/August 2013 Roundup standard

You forgot a month, yo! Yeah, sorry about that. So what was popular in July and August? It’s summer, but you know it’s been pretty mild over here! I’ve been traveling again as I have a new gig, and I met all of my classmates again as we are aiming to accelerate our programs (right now, I’m two quarters ahead!). It’s the kickoff of fall conference season soon, so I hope to see you guys on the road. Here are the five most popular posts from the last two months: How Starbucks is Revolutionizing Mobile (Micro) Payments. Guys, something is going on here. I don’t know if there is just a heavier push to mobile right now or what, but ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!