* Posts by Madmuso

3 posts • joined 7 Jun 2011

Apple wins (another) Samsung Android injunction in EU


Can I still slide my physical photo print outs from side to side?

I just can't believe you can patent the sliding of a picture from one side of a screen to the other. I assume that the left to right wipe on PowerPoint and other slide presentations is also banned now?

APPLE YOU ARE PATHETIC AND THE MORE YOU DO THIS KIND OF STUFF THE MORE YOU WILL BE SEEN AS SUCH - I was going to buy a Mac later this year but if you keep this up you can forget it....


Travelodge blames 'vindictive individual' for email database breach


Audited to PCI Requirements - a fully PCI compliant organisation?

What loveley techno-bable. PCI has no requirements for you to audit access to customer email addresses (only cardholder data). Although they clearly didn't have an audit trail showing who had stolen this data this would could still be perfectly true whilst they remained PCI Compliant!

However, last summer the wonderful Travelodge website took my booking for the wrong day because when I went back to correct a wrongly enterred card number it changed the booking date to the next available day. Given that logging of all activity relating to taking card payments is in scope for PCI I was rather annoyed when they could not check their web server logs to prove that it was their fault I had booked the wrong day. I wonder if my email to them which cited PCI requirements has led their PR team to fall back on the standard in their press release.

In ten years in IT security - I've yet to come accross a PCI Compliant company - many that say they are, have even been audited as such - but none that actually are 100% compliant. Know any company that actually monitors all changes to all critical files on every server and then correlates these with the approved change record? And then investigates any that don't match as a security incident?

Not diss'ing PCI - by the way - no standard is perfect but PCI is probably more perfect that others - especially version 2.0! So much so that other industries are considering adopting it for protection of their data (e.g. US Healthcare).

RSA makes token offer to worried customers


Key Logger Suspected - Work out where they might be able to be used against you

My recommendation for organisations that use RSA tokens and who feel they may be likely targets for the hackers who have the stolen information is to look at reducing or removing all uncontrolled end points where they are used. For example, if possible only allow remote access from company provided assets on which you have up to date protection from malware. This should reduce the likelihood of a key logger (widely suspected as being the method used to obtain enought information to fake the token).


Biting the hand that feeds IT © 1998–2021