TLS Policy

Look, it’s got a little lock, your communications are encrypted !
You’re secure !
AND THAT’S A BIG FAT LIE. Continue reading…
Password shenanigans

Passwords.
Love them, hate them, makes no difference.
Online tax payments, banking, insurance, travel, your e-mail account…
Your login and password secure access to all that, and every single one of them is subject to a different, arbitrary policy set by someone stuck in the 1980s.
Today, let’s take a look at a history of failed passwords, and what’s being done to address them. Continue reading…
PCI-DSS Common pitfalls for Merchants

As you can see in my barely updated linkedin page, I’ve been a CiSO for many years.
Since 2013, I’ve seen many different merchant profiles.
Sadly I also saw many data breaches, and more specifically Cardholder Data breaches.
Most of our customers back then got hacked through a variety of means, the most popular being unpatched CMSes.
They all shared a glaring, unforgiving trait : PCI-DSS requirements were not being followed. Continue reading…