Irongeek.com - Hacking Illustrated Videos
Wednesday, June 13th, 2007 Posted in PCI DIY | 5 Comments »If you're interested in learning how to test the security of your network by attacking it, Irongeek.com has a number of flash/AVI videos that walk you through the mechanics of specific attacks. Notable entries: Using Cain and the AirPcap USB adapter ...
PCI DIY - Locating Rogue Wireless Access Points (Wired)
Tuesday, June 12th, 2007 Posted in PCI DIY, Wireless | 4 Comments »In addition to poorly protected wireless access points -- ala TJX -- rogue access points can be of great concern to a network administrator. Due to administration overhead, many environments are relatively lax in the preventative measures that would ...
NIST 800-44 Version 2 - Guidelines on Securing Public Web Servers
Monday, June 4th, 2007 Posted in PCI DIY, Third-Parties, Web Applications | 1 Comment »The newest revision to NIST 800-44 was released on June 1st. While it's not the complete answer, it's certainly a useful document in the battle for web-application security.
PCI DIY - Cross-Site Scripting
Friday, May 11th, 2007 Posted in Approved Scanning Vendor, PCI DIY, PCI DSS | 1 Comment »You're vulnerable. Really? Don't hold back or anything. How can you be so sure? Because your ASV said so, and if your ASV says so, there's a 99.999% chance that they're right. Pretty-much everyone is vulnerable to XSS in ...
PCI DIY - Checking for Weak SSL Encryption with OpenSSL
Tuesday, April 3rd, 2007 Posted in PCI DIY, PCI DSS | 4 Comments »This is the first of what will -- hopefully -- be many posts that will deal with the technical aspects of PCI compliance. The intention is to provide substantive information for validating commonly encountered vulnerabilities -- which is also ...