Archive for September, 2007

Watch out for this hacker

Alright, so… I logged into Facebook (yes I know.. and probably easy to find as well, whatever), checked my messages and noticed I received an invitation to a group called “watch out for this hacker.” From the description:
If somebody called bm_tnoo7@hotmail.com adds you to their facebook account DONT accept it because its a hacker. Tell […]

Stop Wordpress 2.3 “phoning home”

A new release of Wordpress 2.3 was shipped last night. One of the features it sports is:
Our new update notification lets you know when there is a new release of WordPress or when any of the plugins you use has an update available. It works by sending your blog URL, plugins, and version information to […]

PCI DSS questions left unanswered

Chris Eng of Veracode, attended the first PCI Community Meeting in Toronto, an organized panel that brings QSAs, ASVs and those subject to PCI together with the PCI DSS council, and lives to blog about it. Several days ago, I posted some thoughts on the PCI DSS and several of it’s ambiguous requirements. Chris is […]

New Uninformed Journal - Vol 8

Get it here. Papers include:

Real-time Steganography with RTP
PatchGuard Reloaded: A Brief Analysis of PatchGuard Version 3
Getting out of Jail: Escaping Internet Explorer Protected Mode
OS X Kernel-mode Exploitation in a Weekend
A Catalog of Windows Local Kernel-mode Backdoors
Generalizing Data Flow Information

More on Ambiguous Security Standards

When I finished reading through PCI DSS v1.1 the other night (for like the fifth time), several requirements continue to jump out at me. To understand the PCI requirements, we first need to understand what is subject to PCI.
From the standard, PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed […]