Blogs and Podcasts

Evan Schuman of StoreFrontBackTalk reminds us that credit card compromises that result in fraudulent ATM use can mean only one thing: they had access to the cardholder's PIN.  In reference to... Read More

Many of you are aware and have read the detailed recounts of the recent indictment of many individuals involved in some of the most notorious credit card compromises.  (The BBC article mentions... Read More

Congratulations to Walter Conway for his CPISM certification.  If you are not subscribed to his blog, please do so, especially if you are interested in Higher Education.  Rob is also one of... Read More

If you are not already subscribed to Rob Newby's blog then maybe today is the day you do.  His is one of the few that is syndicated via the Society of Payment Security Professionals.  He... Read More

I will be speaking at another two executive dinners on wireless security.  They are being hosted by AirDefense and Motorola with Aegenis as the guest speaker.  I did one of these in NYC and... Read More

Fri, 11 Jul 2008 22:20:00 GMT

Michael Dahn discusses the Return on Investment (ROI) of Reporting a Data Compromise. Differentiate between security breach, exposure, and data compromise to understand how fraud occurs. Read More

Fri, 23 May 2008 21:55:00 GMT

Defining Cardholder Data and Sensitive Authentication Data and how they relate. Also what Sensitive Authentication Data is and business scenarios why people want to store it. This is an... Read More

Fri, 11 Apr 2008 18:05:00 GMT

Mike Dahn, CTO of The Aegenis Group discusses application layer security threats and secure coding practices. Read More

Thu, 10 Apr 2008 16:19:00 GMT

Chris Mark discusses the formation of the Society of Payment Security Professionals. Read More

Wed, 9 Apr 2008 21:11:00 GMT

Dr. Heather Mark discusses aspects of the Fair and Accurate Credit Transaction Act and its impact on the Payments Industry. Read More

Thu, 31 Jul 2008 04:41:00 PDT

I have been muddling through the "Hype"r-V blogs and emailing that have innundated me over the past couple weeks. I have also taken another look at the free ESXi server from VMWare, and the... Read More

Fri, 11 Jul 2008 10:56:00 PDT

An interesting discussion that I have been having of late, is the fact that many people do not really comprehend the difference between PCI-DSS compliance and validation requirements. Here it is in a... Read More

Wed, 25 Jun 2008 15:00:00 PDT

Having recently come from my annual QSA re-certification class, it was obvious to me that there are some very large chasms in the interpretation and service level of offerings by QSA vendors. There... Read More

Wed, 25 Jun 2008 14:58:00 PDT

I was reading a number of the recent Usenix papers on IPv6 transition, and the one thing that sparked a thought was the fact that there really is no "RFC 1918" space in the IPv6 world. I... Read More

Thu, 15 May 2008 08:16:00 PDT

The Payment Card Industry (PCI) has decided that organizations that transmit, store, or process credit card data, in particular, the Primary Account Number (PAN), be compliant with the PCI Data... Read More