TLS Policy

Look, it’s got a little lock, your communications are encrypted !

You’re secure !

AND THAT’S A BIG FAT LIE. Continue reading…

Password shenanigans

Love them, hate them, makes no difference.

Online tax payments, banking, insurance, travel, your e-mail account…
Your login and password secure access to all that, and every single one of them is subject to a different, arbitrary policy set by someone stuck in the 1980s.

Today, let’s take a look at a history of failed passwords, and what’s being done to address them. Continue reading…

PCI-DSS Common pitfalls for Merchants

As you can see in my barely updated linkedin page, I’ve been a CiSO for many years.
Since 2013, I’ve seen many different merchant profiles.
Sadly I also saw many data breaches, and more specifically Cardholder Data breaches.

Most of our customers back then got hacked through a variety of means, the most popular being unpatched CMSes.

They all shared a glaring, unforgiving trait : PCI-DSS requirements were not being followed. Continue reading…