Branden R. Williams, Business Security Specialist

The Blame Game standard

First off, I want to apologize for the lack of posting. Travel across the date line is one of those things that looks like a productivity enhancer, at FIRST. Then the realization slowly sets in. One of the articles I wanted to post on was Bill Homa (Edit: Sorry, got the spelling wrong!), the former CIO of Hannaford, who is changing his tune a little bit. Apparently, the PCI Standard is not his problem, but now he blames Microsoft for the breach that occurred on his watch. I don’t know if you are like me, but I can’t wait for the lawsuits to start flying so that all of the speculation on this incident can end. Legal discovery can be ...

Thank you SYDNEY! standard

No, not my niece, but the great city in Australia! I’ve finally made it back state side. I’m a little tired, but more so when I start working through the email! Thanks to everyone who joined our event in Sydney! I hope to talk to you all in the coming months. Possibly Related Posts: PCI DSS 4.0 Released plus BOOK DETAILS! PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Orfei Steps Down Should you be a PCI Participating Organization?

Thank you Brisbane & Melbourne! standard

We’ve been true road warriors this week, and so far have done briefings in Brisbane and Melbourne, Australia! We are heading back to Sydney tonight to do our last PCI briefing of the trip tomorrow. Thanks for the hospitality Brisbane & Melbourne! I look forward to seeing you again soon! Possibly Related Posts: PCI DSS 4.0 Released plus BOOK DETAILS! PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Orfei Steps Down Should you be a PCI Participating Organization?

Where’s Brando? standard

Down Undero! Finally made it down here and nobody down here has said “G’day Mate!” or offered me shrimp on the barbie. So disappointed. Anyway… If you are in Sydney, shoot me an email and we’ll do a pub crawl! Possibly Related Posts: Top Posts from 2015 October 2015 Roundup September 2015 Roundup August 2015 Roundup June-July 2015 Roundup

Timing is everything standard

So you all know (well the three of you that read this… Hi Mom!) that I am headed to Australia this week. I was doing my traditional pre-flight checklists to make sure that I had everything I needed before I started packing. Power converter? Check. Power supplies for devices? Check. Remove things that just add weight that you won’t need? Check. Log into my credit card account to make sure we’re good? DOH! My card has been compromised AGAIN! The DAY BEFORE I am headed to Oz. The new one is on its way (overnight now) but good gracious, talk about skidding across the finish line. Upside down. On fire. In eighteenth place. This is the only piece that annoys ...

August’s Herding Cats is now live! standard

Entitled, The Carl Method to Security, I compare CIOs to our lovable friend Carl Spackler when it comes to reacting from a breach. If you read this and don’t believe me, just troll the news for recent CIOs responding to breaches. I don’t need to make this stuff up, people do it quite nicely on their own. Just like that time I was in the Las Vegas airport and a TSA agent came over the PA and said, “To the person who left your dentures and hearing aid at the security checkpoint, if you can hear me, please return to claim your items.” See? Don’t need to make it up. Anyway, go check it out! Possibly Related Posts: Equifax is ...

Low Tech Security System Hacking standard

When I was flipping through some RSS feeds and saw this fantastic post from Gizmodo, I HAD to bring it here for discussion. Now keep in mind, this is a photographer’s artistic work, but it sure does open the door to other low tech ways to subvert security systems. One of my personal favorites is the McGuyver style (sans chewing gum and dental floss) method of defeating magnetic lock doors with a balloon, tape, and a straw. Convenience says that we should not badge in AND out. Just on the way in is fine. On the way out, we’ll put sensors there so that the door will magically unlock for you. It’s the high tech version of the black treadmill ...

DNS, Schmee-enn-ess standard

OK, yeah, that was a reach. As long as it makes me giggle, things will be just fine. I assume most of you are away from your RSS readers this week because you are furiously patching your DNS servers. The attack is actually quite genius, and continues to demonstrate the inordinate amount of trust we place in servers and data that should not be trusted. The details of how the attack works can be read in the above linked article if you are interested. You probably don’t have the time right now because you are rushing to patch though. Bruce Schneier takes this opportunity to lash out at the patching process. While some security pundits don’t take Bruce seriously, he’s ...

Oracle Zero Day standard

ZDNet is reporting that Oracle has released an emergency patch today, the first of which that has been released since their quarterly update cycle. I can just hear the Oracle DBAs of the world screaming and bitching about this. I know the Oracle code base is mammoth, but wouldn’t it be nice for them to do a full security code review (which VeriSign’s Enterprise Security Services group offers) to shore up some of these things. I don’t think anyone at Oracle is delusional enough to believe that they are extinction proof, but something like this may go a long way to ensure that the tusky software giant remains in play well into the future. Possibly Related Posts: Equifax is only ...

The Land of Oz standard

No, Toto is not coming. I’m referring to Australia! I’ll be making a trek down under in August to discuss PCI with banks and merchants alike. If you are in the area and want to meet up, please drop me an email! Hope to see you there! Possibly Related Posts: Top Posts from 2015 October 2015 Roundup September 2015 Roundup August 2015 Roundup June-July 2015 Roundup