Branden R. Williams, Business Security Specialist

September 2015 Roundup standard

Cooler weather and horrible flooding seem to be topping the news lately. My thoughts are with any of you who are affected. For information on how you can help, and I urge you all to do so, check out this page on Weather.com. We just wrapped up the PCI North American Community Meeting in Vancouver last week. Some of you may have remember me saying that last year was my last year. Alas, I was mistaken. That said, I hope everyone who went sends in their feedback. Frankly, I found the content (with the exception of Tim Horton’s talk) mundane and rehashed, almost to the point of being insulting. Next year may provide some relief as it is a release ...

29th of September, 2015
In: Consumer Security, Enterprise Security
0
0

Samsung Pay is Here standard

The first major challenge to Apple Pay is now here (I’m not counting the Google Wallet as it predates Apple Pay). While I hate the name (seriously Samsung? You accuse Apple of copying you all the time), there is a very cool technology (Thanks LoopPay) that allows for some backwards compatibility that is not present with Apple Pay. These features are part of the Samsung Galaxy S6 and S6 Edge. Couple of key highlights: There are two method of payment, Contactless EMV using Near Field Communications (NFC) and Magnetic Secure Transmission (MST). MST is backwards compatible with (most) existing terminals and will transmit payment information by creating a field that the magnetic stripe reader can interpret. As far as the ...

On Self-Driving Cars standard

What could possibly disrupt the great wheeled livery disruptor Uber? Self-driving cars can certainly take a chunk of money away from them for those of us who have cars, but use Uber to take us around when we go out with friends. It won’t topple Uber like they have toppled taxis, but it will pull some share. Self-driving cars and other livery are the focus of much debate in a number of different circles. Unions, lawmakers, citizens, and technologists all have opinions on the viability of the technology. To be clear, I love the concept. I think the technology has a ton of promise, much like many other things that technology companies are contributing to the automotive industry. But much like other ...

August 2015 Roundup standard

Phew, summer is almost over. The kids are all going back to school and we’re getting back into our normal traffic patterns around our homes, schools, and favorite coffee shops. I got to do something extremely cool last month. I went to Space Camp—yes, the very same in Huntsville that every single kid who grew up in the 80s and was fascinated with rockets begged their parents to go to. It was amazing. If you get the opportunity to go as an adult for the weekend or as a family, take it! Even though the Shuttle is no longer in operation, it was so cool to sit on the flight deck and do missions. Here’s what you folks liked the ...

Pleeeeze Stop Exposing Weaknesses in my Code! standard

In the latest round of “I just don’t get it” moments from Mary Ann Davidson of Oracle, a blog post escaped the PR department that just explains how ridiculous her views on information security are. Thankfully, the Internet never forgets. Before going any further, go read that post. Then when you are done, enjoy this previous gem where she insults anyone who has ever performed an audit function. And here are my comments from 2011. Davidson really wants to be considered a security person. She reminds me of Jerry Jones wanting to be known as a Football Man. She ran for and sits on the ISSA International Board of Directors. She has keynoted several conferences as a security expert. Yet, based on ...

June-July 2015 Roundup standard

It finally happened last month. In May, North Texas set a record for being the wettest may on record. For those of you who have been watching from afar, check out this great infographic that shows how much 35 trillion gallons of water will cover. In other news, we had a major breach that is having bigger impacts than many realize, we are seeing the first reports and fall-out from PCI DSS 3.1, and key provisions of the Patriot Act expired. Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. Maybe the economy is heating up? Who knows why this one is still at the top. Regardless, more people inquiring about ...

The 50-Minute MBA for Sec Pros, Part Deux standard

James Adamson & I recently followed up our 50-Minute MBA for Information Security Professionals RSA session with a webcast to describe how to apply the concepts. The entire session was recorded and is available on-demand. We’re currently exploring more ways we can take this message to information security professionals. Would you all be interested in “office hours” every other week to call in and ask questions? How about smaller group sessions with lots of 1:1 interaction? Let us know in the comments below! Possibly Related Posts: Top Posts from 2015 October 2015 Roundup September 2015 Roundup August 2015 Roundup June-July 2015 Roundup

Is the Council Trying to Kill the QSA Program? standard

If you can believe, it has been nearly seven years since the last update to the Qualification Requirements for Qualified Security Assessors (QSAs). This document is the guide that assessors use in their business dealings with the Council. It explains how a firm can become a QSA Company, who is qualified to be a QSA employee, and how the ecosystem works around that whole group. The changes are quite substantial, as evidenced by the change log. The last entry, for 1.2, simply stated alignment issues with PCI DSS v1.2. This version has nineteen entries, including alignment with PCI DSS v3.1. I’m not going to review all the changes here, but I do want to highlight a couple of big changes. ...

May 2015 Roundup standard

Why the Adult Friend Finder Breach Should Concern You standard

Check out this great post by Dave Lewis over at CSO who reports on one of those face-palm realizations that many folks are having today. Adult Friend Finder is a social hookup site that fell victim to a breach with all kinds of data on its members now disclosed to the public. Why is that a big deal? Because an alarming number of users on that site signed up for the service using their corporate email accounts. HR nightmare aside, there is a ton of really great information now available to an attacker. If you use the service, you may have your own issues with your intimate details and preferences being publicly available. As a corporate CISO, you need to ...