Welcome to BlogNotions' IT Security Blog

The BlogNotions IT Security Blog delivers a diverse series of perspectives provided by thought leaders in the security industry. Presented by NetLine, this forum delivers compelling updates on the latest technology and software, best practices for safeguarding data, recommendations for choosing various solutions, and much more. Here you can find helpful information, ask questions, and collaborate freely.

What’s the craic on KRACK?

For those who are not familiar with the Irish slang, read this. We got another fun named vulnerability this week that goes after WPA2 encryption, something that is ubiquitous but not impenetrable. Key Reinstallation Attacks, or KRACK for short, exposes a weakness in the WPA2 protocol. It’s an attack on the protocol itself, so anything […]

Continue Reading

Why PCI DSS 4.0 Needs to be a Complete Rewrite

The last month has been tough for our coastal regions and based on what forecasts show for the rest of the season, we’re not out of the woods. If you have not donated to those affected by these massive storms, please consider doing so today. The group that received my donations this time around is Direct […]

Continue Reading

Equifax is only half the problem, your SSN needs a redesign!

The Social Security Number in the United States is the closest thing we have to a national identification system. It’s widely used to deal with the government, open lines of credit, and serves as the unique ID for a tax payer. It’s effectively your financial and governmental digital footprint identifier from which all actions are compared. […]

Continue Reading

Orfei Steps Down

Doctor Tom Saves the Day, by Murray Barnes In a rather surprise announcement, admittedly from a guy who is farther and farther removed from the PCI DSS ecosystem with each passing day, The PCI Council announced that Steven Orfei is stepping down as GM. His tenure was rather brief, in comparison to Russo, but it’s […]

Continue Reading

Blockchain Fun

Please Pay Here 3-14-09 19, by stevendepolo Two posts in one week? What is this, 2009? I’ve always been interested in payment and commerce. Blockchain and crypto-currencies have really captured my attention lately as the business applications are many and game-changing. I just published an article on the topic in this month’s Tactics & Preparedness that […]

Continue Reading

Should you be a PCI Participating Organization?

Shredded Brick, by DaveBleasdale What does it cost to be a PO? As if this writing it costs US$3,750 annually (originally US$2,000), For most companies, $3,750 per year is a drop in the bucket. Originally, the big benefit of being a PO was getting involved in the shaping of the Standard when the program was […]

Continue Reading

Is All Good News REALLY Good News?

Have you noticed that there has not been too much (well, really any) bad press around the PCI ecosystem lately? Perhaps everything is great! Doesn’t seem like we’ve had the same string of retail breaches that we saw in 2014 (which lead to this piece of research), even though 2016 was bad (good?) in general for […]

Continue Reading

The PCI Council’s Revenue Generation Capability

The other day I was thinking about all the programs that the Council currently maintains and I wondered if it was possible to see how much money the Council actually brings in every year. I mean, every year seems to see more programs with more fee collection opportunities for the Council, but had anyone ever […]

Continue Reading

Security and Usability

I’ve become very focused on the nexus between security and usability. I was interviewed for an article in The Guardian last year. “Security needs to learn from design by doing focus groups, having conversations and putting itself in the perspective of the people who will use this system,” he said, adding that it isn’t the […]

Continue Reading