Theses updates improve the secure manufacture, production and delivery of payment cardsGreat news, the PCI SSC has been updated the PCI Card Production Security Requirements,Version 1.1. The updated standard helps payment card vendorssecure the components and sensitive data involved in the production of payment cards,protecting against fraud via the compromise of card materials. The standard…
Security
Warning – CVE-ID Syntax Change the 01.13.15
by Marc-Frederic Gomez •
New syntax about the CVE allocation nameDon’t forget, in few days we will need to change CVE syntax about Vulnerability declaration form. Check your system is compliant (IDS, IPS…) CVE has a new ID numbering format for CVE Identifiers (i.e., CVE-IDs) that requires organizations to take action to ensure their products, tools, websites, and processes…
OpenSource
Mozilla Foundation Security Advisory 2014-90 – Finished
by Marc-Frederic Gomez •
Don’t trust on Apple Inc with Mozilla ProductsThis morning, I had received this alert from Mozilla Foundation about my Apple Product. Bad bad idea to trust on Apple Inc. Source : https://www.mozilla.org/en-US/security/advisories/mfsa2014-90/ Security researcher Kent Howard reported an Apple issue present in OS X 10.10 (Yosemite) where log files are created by the CoreGraphics framework…
OpenSource
Open Source : Removing Lanscape advert from Ubuntu Server
by Marc-Frederic Gomez •
Exclude external link configuration from your server When you’re connect to your server, you have text say”Graph this data and manage this system at:https://landscape.canonical.com/“. I purpose to remove it but keeping all information for us locally. You need to edit the script locate here: /etc/update-motd.d# vi 50-landscape-sysinfo On this script we will add this option…
PCI DSS
PCI DSS – 9 steps for build your PCI Compliance
by Marc-Frederic Gomez •
I had followed theses 9 steps for build my compliance in this last year. I think it’s a good approach for big processor and all PSP. Establishing the PCI Project (Actors, budget…). Determine the scope (CDE). Review the information Security Policy (ISP or PSSI for french people). Conduct Gap Analysis. Conduct Risk Analysis. Establish the…
PCI DSS
3 Myths about PCI DSS
by Marc-Frederic Gomez •
The potential scope of your compliant CardHolderData Environment (Known CDE) may seem dating. A small merchant or a big processor have different level about security processes, documentations or time to secure this area. I have check lot of myths about PCI on my different experiences. In first, I will share with you 3 myths. Don’t listen any…
PCI DSS
PCI DSS Prioritized Approach to Compliance
by Marc-Frederic Gomez •
In my experience, the final consideration before getting started need to be regarding a more prioritized approach to achieving my PCI Compliance. The PCI Standards Council have come under pressure to help entities prioritize their approach to PCI and as such the table with six security milestones that will help merchants and other entities incrementally…
PCI DSS
PCI Security Standards Coucil
by Marc-Frederic Gomez •
The Payment Card Industry (PCI) Security Standards Council website isn(t a a security Website per se, but it is full of very useful and helpful security information related to the most far-reaching and comprehensive Industry security standards today. PCI DSS is applicable on any organization that process, transmit or stores payment cards data. So it’s…
PCI DSS
PCI DSS or the 12 mandatory requirements
by Marc-Frederic Gomez •
PCI DSS
PCI DSS – A long time ago
by Marc-Frederic Gomez •
In 2001, Visa and MasterCard each intigated basic levels of credit card security Compliance programs, in wish both retailers (Known as Merchants), bank and all entities that provided cardholder authentification and authorisation services (Known as Service Provider). Visa has created CISP for US Market, AIS for European Market (Card Holder Information Security Programme) and MasterCard…