Posts by Brad100

The bill for Home Depot after its sales registers were hacked: $19.5m

Friday 18th March 2016 16:31 GMT Brad100

Re: Security warnings?

It most likely wouldn't have made any difference what AV vendor they were using or how recently it was updated. Traditional signature-based AV would probably not have known anything about the malware variant used against Home Depot. I don't think the AV not being updated has anything to do with the breach except that the fact it wasn't being updated and the weak passwords give an indication of the security posture of the company and the state of the security program in general. The lawyers will argue that if you are not doing the basics, then you are not dong your due diligence and putting in place accepted industry-standard measures to adequately protect customer's data.

0 0

Barclaycard pay-by-bonk fraud risk exposes Amazon's security

Tuesday 27th March 2012 15:14 GMT Brad100

Re: Amazon have never wanted CVV / CVV2

Under PCI you actually are allowed to store the security codes up to the point of auth and this time period has never been specifically defined, at least not in earlier versions of the DSS. However, I do agree that the standards around the protection and hanlding of the security codes make it more desireable to not handle them at all, from a compliance stand point.

0 0

Microsoft exec says Safe Harbor framework is 'alive and well'

Friday 27th January 2012 22:05 GMT Brad100

Aye?

I haven't ever heard the Patriot act positioned as anything to do with data protection. It was passed under the guise that it would help protect against terrorist activities by allowing for enahnced monitoring and data sharing abilities. I always assumed that it was clearly not aligned at all with data protection - and not stated to be.

0 0