Jul 20 2009
Life has been crazy busy lately, between recovering from the FIRST conference, preparing for Black Hat and Defcon, camping with the Cub Scouts and this little thing called work. For most of the last two weeks I’ve been running from task to task with barely a few minutes between and my blogging has suffered greatly as a result. I wish I could say it was all going to slow down, but the reality of it is, I don’t see any end to my hectic schedule for at least a month. The good thing is that there will be more FIRST podcasts coming out, a slew of Black Hat and Defcon interviews and then maybe a little bit of a rest from the podcast point of view at least. Speaking of which, I have to find the time for another pre-Black Hat interview tonight.
First off this morning, three stories about PCI:
- The Man Behind the Standard – Troy Leach gives training to QSA’s on behalf of the PCI Council, so he probably has just a little bit of insight into what’s going on.
- PCI DSS: What Do You Know, Where Do You Stand? – Some interesting statistics on how merchants percieve their own PCI compliance.
- PCI-DSS compliance remains difficult for retailers – This is the real reason we need PCI: Too many merchants have said ‘security is hard’ and used this as an excuse to ignore it.
If you own a pair of budding geek kids like I do, you’ll want to check out the following pair of high-level programming languages your kids can use to create their own games:
- Scratch – From MIT, my son was refered to this site by one of his teachers. He and his brother have spent countless hours animating stick figures and making them say things that weren’t always appropriate. Scratch is free and has an active community.
- Kodu – Another security professional with a geek kid suggested this one to me last week. One of the things I like about it is that it is that it’s playable on the Xbox 360. There is a trial version and a full version, but the full version is only $4 through Xbox Marketplace. We haven’t tried this one yet.
- Hello World – A Slashdot review of a book on computer programming for kids (and other beginners). The book uses Python and I’m tempted to get them a copy just to see what they’d do with it. Would they take it and become budding hackers or would the book become shelfware?
Finally some miscellaneous stories about vulnerabilities, the Twitter compromise and something to feed my own paranoia:
- The anatomy of the Twitter attack – TechCrunch’s story of how the Twitter compromise happened. Repeat after me: “‘Password’ is never an acceptable password!”
- Report: Hacker broke into Twitter e-mail with help from Hotmail – Didn’t we learn from Sarah Palin that the answers to your security questions really aren’t that far away thanks to the power of the Internet?
- The Firefox vulnerability that may not be – Firefox 3.5.1 is vulnerable! No it’s not! eEye reported a vulnerabilty in FF, but the folks at Mozilla say the information is inaccurate and there is no vulnerability. They’d better be right or they’ll lose a lot of credibility.
- Report: NSA surveillance program too secret for it’s own good – Waitaminute!! You mean they really have been spying on us for the last seven years and lying to Congress, not to mention lying to the public??