Dennis Fisher

From Computerworld (Jaikumar Vijayan)
In a move that is unlikely to sit well with many merchants, MasterCard has quietly changed a key security requirement for all businesses handling between 1 million and 6 million card transactions annually.
Starting Dec 31, 2010 companies that fall into this category, called Level 2, will be required to undergo an onsite review of their security controls by a MasterCard approved third-party assessor. Read the full story [Computerworld].

From InfoWorld (Roger Grimes)
Talk about a turnaround. It’s always hard to recognize the larger, slow-moving paradigm shifts as they happen. But after a decade of bad press regarding its commitment to software security, Microsoft seems to have turned the tide. Redmond is getting consistent security accolades these days, often from the very critics who used to call it out. Many of the world’s most knowledgeable security experts are urging their favorite software vendors to follow in the footsteps of Microsoft. Read the full story [InfoWorld.com].

From Wired.com (Kim Zetter)
Accused TJX hacker kingpin Albert Gonzalez called his credit card theft ring “Operation Get Rich or Die Tryin.”
He spent $75,000 on a birthday party for himself and once complained that he had to manually count $340,000 in pilfered $20 bills because his counting machine broke. But while Gonzalez apparently lived high off ill-gotten gains, a programmer who claims he earned nothing from the scheme sits broke and unemployed, his career in shambles, while awaiting sentencing for a piece of software he crafted for his friend. Read the full story [Wired.com].

From Just Ask Gemalto (Dennis Fisher)
Computer users have been conditioned over the last few years to recognize and avoid many of the more common scams and threats on the Internet: email viruses, phishing, spam, Nigerian 419 ploys and work-at-home money-mule schemes. You know that an email promising funny pictures of Britney Spears is probably more likely to install malware on your machine than to brighten up your day with more of Britney’s zany antics.

From The Baltimore Sun (Gus G. Sentementes)
The Web site for the Johns Hopkins University’s Applied Physics Laboratory, which works closely with the military and NASA on research projects, was hit with a cyber attack that officials discovered Sunday and which led them to take down the site until they analyze their computer systems, a spokesman confirmed Tuesday. Read the full report [Baltimoresun.com].

Dennis Fisher talks with Jon Callas, CTO of PGP, about the history of cryptography, the evolution of PGP itself and the future of cloud security.

A collection of some of the top names in the security community has sent a letter asking Google to force users of its online applications to use secure connections by default. And Google has responded quickly, saying that it is investigating the possibility of enabling HTTPS connections by default for users of Gmail, Google Calendar and other applications.