PCI Compliance No Real Obstacle to Compromises

SAN FRANCISCO–The PCI DSS standard has taken a beating from critics, security experts and CSOs virtually since the day it appeared in its earliest form in 2004. It’s evolved quite a bit in the intervening years, but it hasn’t shaken any of that criticism, and security folks say there’s a good reason for that: a PCI-compliant network is no real hurdle to exploitation.

Threats From Third Party Vendors Demand Vigilance

by B.K. DeLongWikileaks’ decision this week to post the first of five million emails from Texas-based strategic intelligence firm Stratfor shone a spotlight on what experts say is a serious and growing problem: lax data, network and physical security at third party vendors and service providers.  But organizations that think they can wash their hands of the security mess caused by business partners and contractors may be in for a rude awakening.

SAN FRANCISCO–You don’t need to look too hard or talk to too many people at the RSA Conference here this week to realize that there is one subtle but persistent signal amid all of the noise: security is failing.

SAN FRANCISCO–The growing stream of attacks in recent years against government agencies, critical infrastructure, utilities and other vital networks has led to an increasingly heated debate around the concept of active defense and targeting the people and groups behind those attacks. That debate has been going on behind closed doors in Washington for years, but it spilled out into the public during a forum on the ethics and legality of active defense at the RSA Conference here Tuesday.

Right on cue this week, the anarchic hacking collective Anonymous stepped up and grabbed the story line away from the lions of the IT security industry.With the annual RSA Conference set to begin, the whistle blowing site Wikileaks released the first of some five million e-mail messages stolen from the security intelligence firm Stratfor. Ever sensitive to the fickle attention of the media, Anonymous inserted itself into the story, claiming responsibility for leaking the data and pointing a finger of blame at Stratfor and its media, private and public sector customers, which Anonymous accuses of spying and other dark offenses.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.