Sep 28 2009
It’s Monday morning, time to write up a quick cluster of notes from some of the reading I’ve accumulated over the last week or so. My reading continues in its normal PCI-related theme, though there are a couple additional articles to review. Pay special attention to Catching the Unicorn by Jennifer Jabbusch!
- Prepare Ye List of PCI Grievances – I don’t agree with many of David Taylor’s criticisms. His first request, asking for more guidance from the PCI Council, is a double-edged sword; merchants are going to complain if the guidance is too prescriptive as well. In fact, many already are. One thing I agree with David on, I’d like to see the whole PCI chain of information under the same or very similar rules.
- Infotec 2010 – April 13-14, 2010, Omaha’s annual security convention
- Catching the Unicorn: A technical exploration of why NAC is failing – I’m still working my way through this paper. It’s technical enough to be challenging for me, but not so dry as to put me to sleep.
- Rescue CD 3.11 – F-Secure’s latest bootable recovery CD (or USB key)
- Free backup and recovery for Windows – I’m testing this out but haven’t been terribly impressed so far; it’s backup is not quite as automatic or as easy as I’d like and the synchronization options are minimal.
- First Data, RSA push tokenization for payment processing – I’m glad to see more players are getting into this space, I’d like to see a few good products come to market.
- 5 tips to protect your business from online banking fraud – These are all good ideas, whether your talking about your company’s banking or your own.
- PCI Virtualization SIG closer to proposing changes to standard – If these can get put in the proposed changes for PCI 1.3/2.0 early next year, we could see them incorporated next August or so when we’re due for a new revision of the PCI standards.
- Drudge, other sites flooded with malicious ads – Why go after the big companies that have some experience at protecting their networks when you can go after a secondary provider and have even better reach?
- Microsoft: Google Chrome Frame makes IE less secure – In the grand scheme of things, the Chrome Frame probably does introduce additional attack vectors, but not enough to draw the picture Microsoft is trying to make.