Tags ArchivesMonthly Roundup

October 2010 Roundup standard

What was popular in October? We saw the PCI Security Standards Council release PCI 2.0, I became a shill for Chevrolet (ending Nov 8) and posted a link to my flying blog, I am cooking at #BSidesDFW, and I was on TV! Running around D/FW doing missions for Chevy in the Silverado was fun, but alas, I return the truck on Friday. Here are the five most popular posts from last month: PCI DSS 2.0 Release and Review. This one is two years in the making, and the next one won’t happen for three more years. I threw together a few notes along with links to the document. Full Review of the 2010 PCI Community Meeting. This one held the ...

Continue Reading

September 2010 Roundup standard

What was popular in September? We had the PCI 2010 Community Meeting in Orlando, embargoed documents from the Council, some posts that poked a little fun, and a cloudy experience with Desktop as a Service! On that last one, apologies for the incorrect link to the VMWare release. At least you guys know what I was wondering about when I worked on that edited post. Yes, I was concerned about that fungus.  It’s benign tho, so don’t worry. Here are the five most popular posts from last month: Review of the 2010 ____ ____ Meeting. Sometimes the most popular posts only have a few days to percolate.  That would be the case with my initial review of the PCI Community ...

Continue Reading

August 2010 Roundup standard

What was popular in August? I personally closed out the month with a huge milestone, corrective surgery that should hopefully remove my requirement for glasses and contacts. I am in recovery, and can SORTA see this post, so I disclaim any responsibility for the content herein.  Actually, should probably do that for the whole blog. Here are the five most popular posts from last month: Why QSAs Should Not Be Your Security Partner. That’s right, folks. It’s time to separate your consultants from your assessors. Do you know what motivates QSAs?  Here is an inside scoop on what goes on inside your QSAs head, and why he doesn’t have your best interests in mind. Where’s the Breach? Is this the ...

Continue Reading

July 2010 Roundup standard

What was popular in July? We wrapped the month with some fantastic presentations at Blackhat, Defcon, and BSides. I am enamored with the fun stuff browsers can do (and not so fun things to the people that ineptly run them), and approaching application security with a renewed vigor. Here are the five most popular posts from last month: PCI Security Standards go to Three Year Lifecycle. More than twice as popular as its nearest challenger, this post details some of the pros and cons to the new three year lifecycle that all of the standards will adopt starting with the pending release. Tokenization and Chargebacks. The NRF making is more waves, and Visa released new guidelines. Check out this post ...

Continue Reading

June 2010 Roundup standard

What was popular in June? Would it shock you to know that my most popular post by far this month was the review on the Hoffacino?  It’s second all-time to my post on Upgrading to Snow Leopard. So if any other prominent information security pros want to have me try and review their crazy Starbucks creations, bring it on! Here are the five most popular posts from last month: Pwn3d by the Hoffacino. As @Beaker says, another one bites the dust.  I did it.  I rode the carmel colored, caffeine loaded pony known as the Hoffacino.  Who says living life through chemical stimulants isn’t fun? This was BY FAR the most popular post. Why ISAs are Good for QSAs. This ...

Continue Reading

May 2010 Roundup standard

What was popular in May? Lots of fun with PCI and Facebook. I’m noticing more and more commenters on my posts… keep it coming! Here are the five most popular posts from last month: A Facebook Reality Check. Even though this was posted on 5/21, it was by far the most popular post last month.  There are a few good comments on the post, and what you DIDN’T see was a rather heated exchange with a reader about some of the opinions in the post.  I would love to get that individual on a podcast to debate the topic as I think both viewpoints are valid. PCI SSC Launches Internal Security Assessor Program. An interesting new concept by the Council ...

Continue Reading

April 2010 Roundup standard

What was popular in April? Consumer security and various news posts topped the list! I’m also working out the kinks on getting my daily links posted here. Here are the five most popular posts from last month: What’s a Token? This post is inspired mostly by the “vendor marketing machine” as we as security professionals try to break through the FUD to get to an apples to apples comparison ((Ran out of space before I could throw in another cliché.)).  This post tries to put a little bit of sanity back into our lives by offering up a definition of what we can call a token. Avoid Looking Like a Rookie. History was created with this one as I finally ...

Continue Reading

February 2010 Roundup standard

What was popular in February? Healthcare seems to be a popular topic and I’ll be posting more on it as the new security requirements mature. Here are the five most popular posts from last month: Personal Liability for QSAs. I had a colleague ask me if he should take out personal liability insurance in case something bad happened on one of his assessments after he left his company.  Check out what I found out from Dave Navetta! Healthcare Security, the New Front. Boy, what a mess I caused.  After watching my doctor type in a four digit numeric password to access all of my medical records, I sent a letter over complaining about the lack of security and poor standard ...

Continue Reading

December 2009 Roundup standard

What was popular in December? There sure was a lot to talk about.  MasterCard Here are the five most popular posts from last month: MasterCard’s Got Its Flippy-Floppies. OK guys, I’m not picking on them.  Seriously.  It’s just been a newsworthy year from MasterCard.  This was a hot topic for companies faced with PCI DSS, including the multitude of new QSAs that started based on their original announcement. The Book, It’s Out Baby! See!  I wasn’t kidding when I said I was working on a book with Anton Chuvakin.  It’s finally out, and we’re really proud of it!  Click the link above to figure out how you could win a $30 Amazon.com gift card! Hackers Love Social Media. Social media ...

Continue Reading

November 2009 Roundup standard

Taking a hint from Anton Chuvakin’s blog, I thought I’d start posting the five most popular posts from the previous month. If you have not had a chance to read everything here, give these five a try! Here are the five most popular posts from last month: To New Beginnings. It was an epic run.  Six years with the same company, seeing it through two acquisitions/divestitures, and working with some of the best in the industry to build a world class consulting organization makes you nostalgic.  It was time to move on, and lots of folks were interested! Will PCI Mandate the Use of Data Discovery Tools? Some views on the ups and downs that DLP and data discovery tools ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!