Network Security Blog
Click 'Connect with Facebook' to join NetworkedBlogs. NetworkedBlogs is a community of bloggers and blog lovers. Join the fun, add your blog, and connect with others who read and write about subjects you like.
Information
| Blog Name: | Network Security Blog |
| Url: | http://www.mckeay.net |
| Language: | English |
| Topics: | security, PCI, privacy |
| Description: | The views of one man on security, privacy and anything else that catches his attention |
| Popularity: | 10 Followers |
Blog Feed
No podcast this week
We worked at it, we really did. I made special arrangements to be able to Skype in from my hotel room, Zach called in from home and Rich recorded everything at his home office. It all worked out. Or so we thought. When Rich went back to edit the podcast he found that his software had failed without warning and all he had recorded was his own audio, which might be interesting as a funny aside some day, but hardly makes for a satisfying podcast. We’ll back next week. I’m still on the road, Rich will be doing the recording again, but this time he’ll be recording to a secondary device. Which is something I’ll be doing in the future as well so don’
We worked at it, we really did. I made special arrangements to be able to Skype in from my hotel room, Zach called in from home and Rich recorded everything at his home office. It all worked out. Or so we thought. When Rich went back to edit the podcast he found that his software had failed without warning and all he had recorded was his own audio, which might be interesting as a funny aside some day, but hardly makes for a satisfying podcast. We’ll back next week. I’m still on the road, Rich will be doing the recording again, but this time he’ll be recording to a secondary device. Which is something I’ll be doing in the future as well so don’
Masking vs. Truncating
I don’t get a ton of questions about PCI sent to me, but from time to time someone asks a question that deserves a blog post. Earlier today I received a question from a reader, Michele, that reflects a common misunderstanding in the PCI sphere: I was reviewing the PCI DSS 1.2 section 3.4 yesterday, and was surprised to see that “masking” was not an option for PAN at rest / storage. Am I interpreting it correctly that it must be encrypted while stored, but upon display it would be decrypted and masked? To further that thought, if we receive PAN already masked and then store it, does that fall under PCI DSS? My thinking is that technical
I don’t get a ton of questions about PCI sent to me, but from time to time someone asks a question that deserves a blog post. Earlier today I received a question from a reader, Michele, that reflects a common misunderstanding in the PCI sphere: I was reviewing the PCI DSS 1.2 section 3.4 yesterday, and was surprised to see that “masking” was not an option for PAN at rest / storage. Am I interpreting it correctly that it must be encrypted while stored, but upon display it would be decrypted and masked? To further that thought, if we receive PAN already masked and then store it, does that fall under PCI DSS? My thinking is that technical
Network Security Podcast, Episode 173
It’s one of those glorious days we all look forward too; all of the regular hosts of the podcast are on the road and in most cases thousands of miles from home. Luckily we planned ahead and this week Martin is joined by Adrian Lane of Securosis instead of the usual cast of characters. We recorded a couple of days early so that we’d have a podcast out, even though we probably missed one or two breaking stories. Not that we’d know, since we’re all on the road and have limited access to our news feeds and Twitter.Network Security Podcast, Episode 173, November 10, 2009
It’s one of those glorious days we all look forward too; all of the regular hosts of the podcast are on the road and in most cases thousands of miles from home. Luckily we planned ahead and this week Martin is joined by Adrian Lane of Securosis instead of the usual cast of characters. We recorded a couple of days early so that we’d have a podcast out, even though we probably missed one or two breaking stories. Not that we’d know, since we’re all on the road and have limited access to our news feeds and Twitter.Network Security Podcast, Episode 173, November 10, 2009
Simple worm RickRolls jailbroken iPhones
I knew it had to be just a matter of time before someone took advantage all of the jailbroken iPhones and created another malicious tool to pwn them. This time the attacker has been RickRolling iPhone users, changing the background on the phones to a picture of Rick Astley. The worm is fairly simple and uses the default password set up on the SSH daemon when you jailbreak your iPhone, so if you’ve taken the 5 minutes required to change the password, you’re perfectly safe from the effects of the worm. Of course, it’s written by someone in Australia going by the name of &#
I knew it had to be just a matter of time before someone took advantage all of the jailbroken iPhones and created another malicious tool to pwn them. This time the attacker has been RickRolling iPhone users, changing the background on the phones to a picture of Rick Astley. The worm is fairly simple and uses the default password set up on the SSH daemon when you jailbreak your iPhone, so if you’ve taken the 5 minutes required to change the password, you’re perfectly safe from the effects of the worm. Of course, it’s written by someone in Australia going by the name of &#
Ethics of spilled COFEE
Last year Microsoft released a tool called COFEE (Computer Online Forensic Evidence Extractor) to law enforcement agencies around the nation and around the world a couple of years ago. While COFEE is a professional tool, it’s meant for the average police officer who may not have a lot of experience with computers; you just plug a USB key with COFEE installed and if autorun is enabled on the computer, it will run a series of diagnostics, writes a report and generally gives a
Last year Microsoft released a tool called COFEE (Computer Online Forensic Evidence Extractor) to law enforcement agencies around the nation and around the world a couple of years ago. While COFEE is a professional tool, it’s meant for the average police officer who may not have a lot of experience with computers; you just plug a USB key with COFEE installed and if autorun is enabled on the computer, it will run a series of diagnostics, writes a report and generally gives a
Followers
This blog has 10 followers.
Visit the
blog page on Facebook
to see who's following this blog.
Popular in:
Not enough data.
Calculated for blogs with 20+ followers.
Calculated for blogs with 20+ followers.
Related Blogs
Questions? contact: networkedblogs@ninua.com
Copyright (C) 2008, Ninua, Inc.