Skip to content

{ Monthly Archives } March 2009

PCI FAQ featuring me at Practi…

PCI FAQ featuring me at Practical eCommerce:


There Is No Perimeter

Ok, so ATMs are computing devices and ergo they’re vulnerable to attack. Why is this attack interesting? Why is it worth a post? Well, let’s start here: “This is not something the average hacker on the street would have access to,” he adds. “They need physical access to the ATM — they need to have […]

Tagged ,

Dilbert: Wrong, but Funny

Well, I can’t say I agree entirely with this strip. The common sense and experience of one developer isn’t equivalent to a solid risk management system, but it’s still funny. The reality is that you can’t get an objective, comprehensive view from the biased perspectives of individuals. Knowing that you yourself are a biased individual […]

Great study says “The study do…

Great study says “The study does not prove cause-and-effect, the researchers point out.”


Politics and PCI

Here’s a post over at the nCircle blog about the Coleman campaign and a leak of donor data, including credit card information.

Tagged , ,

Be Careful What You Type

A while back I wrote a post on the subtle homogenization of privacy. The point was   that social networking isn’t eroding privacy, but homogenizing it. And here’s an example of how this can become problematic. This police officer drew a mental analogy of facebook status to locker room talk. “You have your Internet persona, and […]

Sensible advice on changing FI…

Sensible advice on changing FISA:


Next Step for Data Breach Laws…

Next Step for Data Breach Laws:


Dilbert on Agile Development

QSAs put on remediation by PCI…

QSAs put on remediation by PCI SSC: