Everyone in the online payment industry has heard of the Payment Card Industry Data Security Standard, or PCI DSS for short. As a standard, it is not mandatory by [...]
In a nutshell New unauthenticated RCE in OpenSSL 3.0.x Much lower reach than initially thought Still warrants rapid patching if you’re in the vulnerable scenario Preamble The internet has [...]
Look, it’s got a little lock, your communications are encrypted ! You’re secure ! AND THAT’S A BIG FAT LIE.
Passwords. Love them, hate them, makes no difference. Online tax payments, banking, insurance, travel, your e-mail account… Your login and password secure access to all that, and every single one of them is subject to a different, arbitrary policy set by someone stuck in the 1980s. Today, let’s take a look at a history of failed passwords, and what’s being done to address them.
As you can see in my barely updated linkedin page, I’ve been a CiSO for many years. Since 2013, I’ve seen many different merchant profiles. Sadly I also saw many data breaches, and more specifically Cardholder Data breaches. Most of our customers back then got hacked through a variety of means, the most popular being unpatched CMSes. They all shared a glaring, unforgiving trait : PCI-DSS requirements were not being followed.