OK, if you are reading this, you’ve managed to find one of the most ‘remote’ security blogs out there - written by someone (me) that is not a security pro or an auditor.  I’m just a guy with a couple of decades of experience with retail, hospitality, and the relevant technologies that is now working for a very focused, very accomplished security consulting firm.  It’s been a good fit as my experiences working with retailers (from the very large to the very small) and their vendors marries up quite well …

So the council sat down in front of Congress today…
Cybersecurity hearing highlights inadequacy of PCI DSS.

Tim over at nCircle posted this blog entry on his blog (The Lens).  Pretty interesting thoughts on PCI and the situation with Coleman’s breach issues.
PCI and Politics (The Lens).

Quick statement from RBS in response to a request for information from the Office of Inadequate Security Blog.
RBS WorldPay statement | Office of Inadequate Security.

I’m glad to see that the Council is following through on their commitment to hold assessors to a certain level of work and expertise.
Sadly we run into low-balling competition all the time and it’s sometimes hard to explain to potential clients that there is, really, a difference between what NetSPI provides and what the low-balling competition is actually delivering.
PCI QSA assurance program penalizes assessors.

Visa and MasterCard Issue New Breach Warning | Threat Level from Wired.com.
I wonder who it’s going to be….

Continues to be interesting…
StorefrontBacktalk » Blog Archive » Heartland Sniffer Hid In Unallocated Portion Of Disk.

Yeah - this is just a post with other links in it again…….
Seurosis
Payment Systems Blog
Terminal23
Washington Post

Here’s another article on the Heartland breach - this one from the NYT.  It’s interesting as Heartland’s founder gave a presentation at the VeriFone payments conference in the fall pushing for some of the end-to-end encryption technology that companies (like VeriFone) are starting to implement.
I wonder if that solution would have successfully addressed this attack.
It is interesting how, at the end of this article, they start to call into question the effectiveness of the whole PCI effort.  Now, if you have read anything that I’ve put up on this blog, …

I haven’t posted about NRF as often as I wanted to but that was because from a work perspective I actually had far more to do than I expected and from a show perspective there was nothing all that impressive to see. I will do a summary post on what I did see at the show but that’s why I haven’t done anything yet. Thanks.
Powered by . Mp3
[audio http://dial2do.com/l/669476b4-444e-48af-a882-7a01f4dab55d.mp3 ]