2010 PCI SSC Community Meeting in Orlando

I just got back from the PCI SSC Community meetings in Orlando, Florida and not only was it good to see colleagues that i haven’t seen in a while, a lot of the information that was shared with everyone at the meetings was great.

If you have to comply with the Payment Card Industry Data Security Standard (PCI DSS), you should already be aware that the PCI Security Council is issuing version 2 of the standard by the end of this October. Be on the look out here for more information regarding the new version as soon as the PCI SSC releases it to the public.

PCI Data Security Standards Video

This short animated video provides an overview of the PCI Data Security Standard. This standard applies to any entity that stores, process or transmits cardholder data.

Today's security landscape: Threats, data breaches and privacy

In this video recorded at the IBM Innovate 2010 conference, Jack Danahy, the Worldwide Security Executive, IBM/Rational at IBM, talks about current threats, data breaches and privacy.

Source: HelpNetSecurity

Stolen Credit Card Data Is Worth $1.50

When you’re shopping for stolen credit and debit cards online, there are so many choices these days. A glut of stolen data — combined with innovation and cutthroat competition among vendors — is conspiring to keep prices for stolen account numbers exceptionally low. Even so, many readers probably have no idea that their credit card information is worth only about $1.50 on the black market.

Check out this article from KrebsonSecurity

Zeus botnets' Achilles' Heel makes infiltration easy

A security researcher has discovered a potentially crippling vulnerability in one of the most widely used botnet toolkits, a finding that makes it easy for blackhats and whitehats alike to take control of huge networks of infected PCs.

The flaw in the Zeus crimeware kit makes it trivial to hijack the C&C, or command and control, channels used to send instructions and software updates to compromised computers that often number in the hundreds of thousands. There are in turn thousands or tens of thousands of botnets that are spawned from Zeus, and the vast majority are susceptible to the technique.

Check out the article - The Register

WTF worm makes Twitterers declare goat lust

Another malicious worm hit Twitter over the weekend, days after the micro-blogging site reached near-meltdown from a technically similar attack.

This time around the danger came from clicking links contained in micro-blogging messages beginning “WTF [URL]“. Last week’s more serious onMouseOver problem struck when users moved their mouse cursor over an infected tweet. These messages contained hidden JavaScript code that exploited a cross-site scripting problem – in the case of the WTF worm a CSRF (cross-site request forgery) technique is in play.

Check out the article – The Register

Adobe Cautions Users About Installing Unofficial Reader Patch

Adobe is cautioning its users about installing an unofficial patch for the Reader CoolType.dll bug that was released on Wednesday, saying that although the patch appears to prevent the crash in Reader, installing it could have some unintended consequences.

Check out the full article – [ThreatPost]

The Security Pub

Random Thoughts About Security

Monthly Archives: September 2010