Great news, the PCI SSC has been updated the PCI Card Production Security Requirements,Version 1.1. The updated standard helps payment card vendorssecure the components and sensitive data involved in the production of payment cards,protecting against fraud via the compromise of card materials. The standard consists of both physical and logical security requirements that address card…
Don’t forget, in few days we will need to change CVE syntax about Vulnerability declaration form. Check your system is compliant (IDS, IPS…) CVE has a new ID numbering format for CVE Identifiers (i.e., CVE-IDs) that requires organizations to take action to ensure their products, tools, websites, and processes continue to work properly once CVE-ID…
This morning, I had received this alert from Mozilla Foundation about my Apple Product. Bad bad idea to trust on Apple Inc. Source : https://www.mozilla.org/en-US/security/advisories/mfsa2014-90/ Security researcher Kent Howard reported an Apple issue present in OS X 10.10 (Yosemite) where log files are created by the CoreGraphics framework of OS X in the /tmp local…
When you’re connect to your server, you have text say”Graph this data and manage this system at:https://landscape.canonical.com/“. I purpose to remove it but keeping all information for us locally. You need to edit the script locate here: /etc/update-motd.d# vi 50-landscape-sysinfo On this script we will add this option (blue text) /usr/bin/landscape-sysinfo –exclude-sysinfo-plugins=LandscapeLink and now you…
I had followed theses 9 steps for build my compliance in this last year. I think it’s a good approach for big processor and all PSP. Establishing the PCI Project (Actors, budget…). Determine the scope (CDE). Review the information Security Policy (ISP or PSSI for french people). Conduct Gap Analysis. Conduct Risk Analysis. Establish the…
The potential scope of your compliant CardHolderData Environment (Known CDE) may seem dating. A small merchant or a big processor have different level about security processes, documentations or time to secure this area. I have check lot of myths about PCI on my different experiences. In first, I will share with you 3 myths. Don’t listen any…
