Monthly ArchivesNovember 2013

Hosed by Codeshares AGAIN standard

Yep, a little bit off topic, but that’s why I have a Diversions file! Some of you may remember a post I did for all of your frequent fliers a couple of years ago about some travel trouble I was having with airline tickets purchased as codeshares. In all fairness, this isn’t just an issue with one particular airline (although I did discuss my experience with AA/BA). Here’s what happened today. I was finishing up my tour of Ireland a bit early and wanted to stand by on an earlier flight. With BA, you can do this if you have any status at all including honoring OneWorld levels. BUT! Only if you have a BA marketed & operated ticket. So ...

Continue Reading

Missing Mobile is Like Watching the Puck Fly By standard

Thanks to Andrew Hay for a retweet that I happened upon last night! Keli at Bluebox Security did a post entitled PCI DSS Ignoring Mobile Security is Irresponsible that discusses some of the implications of the Council’s lack of guidance and standards around this emerged (it was emerging five years ago) technology. While many security professionals agree that leaving mobile problems alone to fester is irresponsible and doesn’t do any service to the merchant implementing it, I wanted to take a slightly different take. To me, a better metaphor describing the situation is someone holding on to their VHS player because they might find that one tape of Dirty Dancing they bought twenty-five years ago. Everyone loves that scene where ...

Continue Reading

PCI DSS 3.0: The Good, The Bad, The Confusing standard

If you have not grabbed your copy yet (or had one emailed to you, as it were), go here to get your very own. As we expected, there are a number of important changes that companies will be dealing with over the next several months as they begin to prepare for PCI DSS 3.0. In this post, I wanted to do a quick highlight of some of the more critical changes now that they are public. If you want to read some of my earlier reservations, they all stand with the final version. Let’s dive in. Periodics and shoulds: Yes, these are now a massive shift in the Council’s position toward ambiguity in the standard. Periodic now appears 20 times ...

Continue Reading

September/October 2013 Roundup standard

Again, with the forgetting of the months. So what was popular in September and October? Wow, lots of crazy stuff. First, we had the PCI Community Meeting for North America in Vegas. My company threw a great party on Wednesday night, and given it is a release year there was a ton of activity around the event. I would argue that not nearly enough time was spent on the Q/A portion (1 hour each day for 2 days). Then we had RSA Europe in Amsterdam and the PCI EU meeting in Nice. Josh Corman gave a great keynote at RSAC reinvigorating the focus on DevOps and information security. I also gave a talk on leveraging Lean & Kanban in information ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!