PCI is just so damn interesting - it’s like a soap opera…  Seriously - if you don’t have to deal with it everyday, I’m sure (as a retailer) that you count yourself lucky, but honestly it’s a hoot.
The game at hand is a combination of punishment and liability avoidance - the case of Hannaford is a good example.  Just when you think it’s all over and Hannaford gets to pick up the pieces and move on, everything takes a new twist.  Now the Maine Supreme Court is getting involved and …

Lawsuit: Heartland Knew Data Security Standard was ‘Insufficient’ | Office of Inadequate Security.

OK - I’ve got a couple of posts that I’ll be putting up shortly - one on some feedback from the PCI Community Meeting and one on that list of questions on PA-DSS.  I’ll try to get them up this weekend (work has been crazy and I just haven’t found/committed the time to get these written), but here’s a link to a post this morning from Deke George on the NetSPI blog regarding acquisitions in the security space.
NetSPI Blog - Mergers & Acquisitions

This is a pretty funny list - although maybe more sad than funny due to the fact that it’s pretty dead-on…
Anton Chuvakin Blog - “Security Warrior”: Top PCI DSS Security Marketing Annoyances.

OK - so I’m not very ‘with-it’ apparently and didn’t really know what Squidoo was, but someone explained it to me and then convinced me to put up a PA-DSS compliance ‘lens’ on Squidoo.  If you aren’t familiar with the site, it’s a collection of mini websites each of which provides some background, insight, education, whatever on specific topics as defined by the builder.  In this case it’s some overview information on basic PA-DSS compliance and a centralized location for PA-DSS feeds and search results that keeps itself up-to-date without …

This was actually the first time that I saw Bruce speak (which is odd since we live in the same metro area) and I must say that I’ve somewhat avoided him as I’m not a big fan of the whole celebrity-like, hyped-up thing (I still haven’t seen Forrest Gump and probably never will), but I thought this was a really good talk and I found myself pleasantly surprised.

Bruce Schneier: The Future of the Security Industry: IT is Rapidly Becoming a Commodity from David Bryan on Vimeo.

Thanks to David Bryan for getting these up!  Here’s another video from the event - this one is the presentation on OpenSAMM - interesting and also very much geared towards development of security applications.  I think this is a great approach, but I have to admit that the practicality is something that I wonder about…

Pravir Chandra: Software Assurance Maturity Model (OpenSAMM) from David Bryan on Vimeo.

ShackF00 » Your Hardest Infosec Problem: Getting People to Give a $@%&.

Sorry - I have been a bit out-of-pocket lately and I haven’t been able to post as frequently as I would like (I’m shooting for basically once per week at least and hopefully a good bit more.)
That being said- this isn’t going to be much of a post - just a quick note to mention that NetSPI’s corporate blog is finally up!   Yeah!
It went live this week, so the volume of content is minimal, but the first posts that are up are very informative and will help to provide some …

Seth Peter, NetSPI’s CTO participated in a webinar on Preventing Multi-Vector Attacks with Eric Schultze from Shavlik.  When two very technical security CTOs get together there is a concern (a legitimate concern) that things are going to be unmanageably technical, but it actually turned out to be a great event.  It was very conversational and did a very good job of highlighting some of the concerns involved in dealing with sophisticated attacks.
With that said, it might not be the sort of content that you are going to want to ask …