PCI DSS version 1.2 differences and updates
Wednesday, October 1st, 2008 Posted in Approved Scanning Vendor, Compensating Controls, Compliance, Merchant, PCI DSS, PCI SSC, Service Provider, Third-Parties, Web Applications, Wireless | 11 Comments »On October 1, 2008 the PCI SSC released version 1.2 of the PCI DSS requirements. There are a number of changes as outlined previously in the update document. The PCI SSC has established a life cycle process that will ensure ...
Wireless and PCI - executive dinner in Chicago and Columbus
Friday, July 25th, 2008 Posted in Conferences, Wireless | No Comments »I will be speaking at another two executive dinners on wireless security. They are being hosted by AirDefense and Motorola with Aegenis as the guest speaker. I did one of these in NYC and there was a good turnout and ...
iPhone to bring wave of wireless woes
Thursday, July 10th, 2008 Posted in Card Brands, PCI DSS, Wireless | 4 Comments »Tomorrow, like so many others around the world I'll be getting up early and waiting in line to purchase my new iPhone 3G when the stores open at 8 AM. And like so many other giddy users I'll head off ...
Wireless and PCI - executive dinner in NYC
Sunday, June 29th, 2008 Posted in Conferences, Wireless | 2 Comments »AirDefense and Motorola have partnered to hole an executive dinner on wireless security in NYC on July 17th, 2008. They invited us to present and I'll be talking about wireless security as it relates to PCI DSS compliance. I'll also ...
PCI DSS Wireless FAQ
Saturday, March 15th, 2008 Posted in PCI DSS, Wireless | 6 Comments »Many people think that Wireless only applies to three requirements within the PCI DSS (1.3.8, 2.1.1, 4.1.1) and that it only applies to companies that have implemented wireless, but this is not the case. The latest Aegenis whitepaper / FAQ on ...
60-Minutes Reviews Wireless Insecurity at Retail Stores
Monday, November 26th, 2007 Posted in Merchant, Wireless | 3 Comments »60-Minutes has a segment called "Hi-Tech Heist" that details how wireless insecurity can lead to credit card compromises. While I agree that wireless, remote access, and insecure integrated POS (IPOS) machines are a great risk to merchants, I strongly disagree ...
Wireless and other Emerging Compromises
Sunday, November 18th, 2007 Posted in Credit Card Fraud, Wireless | No Comments »The Associated Press covered the AirDefense study showing that many retailers are susceptible to data compromise. I have been saying this for many years now that the greatest risks to retail merchants are: insecure POS systems, remote management, and insecure ...
NIST 800-48 Revision 1: Wireless Network Security for IEEE 802.11a/b/g and Bluetooth
Tuesday, August 14th, 2007 Posted in PCI DSS, Third-Parties, Wireless | 1 Comment »NIST released 800-48-Rev1 on 2007.08.02. Given events some recent events, the relevance of wireless security to PCI is unquestionable. If you'd like to submit comments on 800-48, they're due by 2007.09.14. Simply send an e-mail to 800-48comments@nist.gov with "Comments ...
PCI DIY - Locating Rogue Wireless Access Points (Wired)
Tuesday, June 12th, 2007 Posted in PCI DIY, Wireless | 4 Comments »In addition to poorly protected wireless access points -- ala TJX -- rogue access points can be of great concern to a network administrator. Due to administration overhead, many environments are relatively lax in the preventative measures that would ...
TJX breach may have started with wireless access
Tuesday, May 8th, 2007 Posted in Credit Card Fraud, Merchant, Third-Parties, Wireless | 6 Comments »The WSJ reports: "The biggest known theft of credit-card numbers in history began two summers ago outside a Marshalls discount clothing store near St. Paul, Minn. There, investigators now believe, hackers pointed a telescope-shaped antenna toward the store and used a ...
