Jason Bouwmeester reports: The Payment Card Industry Security Standards Council has released a bulletin regarding the use of SSL for data protection on the Internet. In the bulletin, the Council states that SSL – a protocol for providing secure communications – is no longer acceptable for secure transactions. This has left many people wondering what…
Category: Commentaries and Analyses
The Target and Other Financial Data Breaches: Frequently Asked Questions
Sabrina I. Pacifici writes: The Target and Other Financial Data Breaches: Frequently Asked Questions “In November and December of 2013, cybercriminals breached the data security of Target, one of the largest U.S. retail chains, stealing the personal and financial information of millions of customers. On December 19, 2013, Target confirmed that some 40 million credit…
They’re victims of identity theft, but who’s to blame?
One of the frustrations identity theft victims experience is that they often have no idea how their identity information was compromised. Some of this site’s readers may have figured it out for themselves in looking into breach notification letters they got from CICS, but for all too many people, there are no answers. Consider some folks…
Tens of thousands MongoDB databases easily accessible from the Internet
Help Net Security reports: A group of students from Saarland University’s Center for IT-Security, Privacy and Accountability (CISPA) have discovered tens of thousands MongoDB databases accessible to remote attackers, including a couple belonging to big companies and containing personal and financial information of millions of their users. MongoDB is a popular cross-platform, document-oriented NoSQL database,…
More Than 30% of Big Merchants Are Not PCI-Compliant – Study
Jim Daly reports: Fudging the numbers about their merchants’ compliance with the Payment Card Industry data-security standard (PCI) may be a common practice by merchant acquirers if findings from a new study about payment card data security are to be believed. The study by the Merchant Acquirers’ Committee, an association of more than 500…
Is It Time for a Wall of Shame for the Education Sector?
Over the past few months, SLC Security has been noting a lot of malware and botnet activity in the education sector – problems, they say, that the entities often don’t acknowledge when SLC Security attempts to alert them to problems. Yesterday, SLC Security wrote that they were seeing traffic from: New York University -Malicious Activity Princeton University – Malicious…