Posts Categorized: Security

Anti Virus and PCI Compliance

Last year PCI DSS 1.2 was released changing the intent of the controls required for anti-virus software. In version 1.1 anti-virus software was only required for systems commonly affected by viruses and excluded UNIX based operating systems and mainframes. Version 1.2 now requires all operating system types commonly affected by malicious software be protected and… Read more »

Create an SSL certificate with strong, 2048 bit encryption

When creating either a self signed certificate or a certificate request, Kerio MailServer uses 1024 bit encryption. You may however prefer stronger encryption, especially if you are using a signing authority such as GoDaddy, which requires 2048 bit encryption. In this case, you may use the free OpenSSL utility that is available with most Unix… Read more »

Amazon confirms EC2/S3 does not meet PCI guidelines

If your business requires PCI compliant hosting services because you store, transmit or process cardholder data, hosting in the cloud may not be for you.  Most cloud providers do not have the controls or processes in place to protect sensitive cardholder data or the willingness to enter into required business arrangements with merchants.  Because of… Read more »

Batteries.com Credit Card Data Stolen

Yet another data breach involving theft of credit card data has been announced. On March 13th, Batteries.com received notice from a customer about potential unauthorized activity on their credit card. They later discovered the Batteries.com network had been breached from around February 25, 2009 to April 9, 2009. The breach involved theft of names, addresses,… Read more »

Credit Card Data Stolen and Distributed in a Dilebarate Attack

In an ongoing saga, one of the most popular web hosting message boards www.webhostingtalk.com has been dealt another serious blow to it’s security.  Late last month, Webhostingtalk was hacked in a deliberate, sophisticated and calculated manner. The attacker was able to circumvent their security measures and access via a backdoor protected by a firewall to… Read more »

PCI Data Security Standard version 1.2 now active.

As of October 1, 2008 the PCI Data Security Standard version 1.2 became active. There are a number of changes to PCI DSS since version 1.1. Version 1.2 removes much of the ambiguity from earlier versions and provides additional details on items such as the use wireless devices.