Author Archive | Branden Williams

Heartbleed And Passwords

Right around this same time last week there was a flurry of activity for those responsible for deployments leveraging OpenSSL. Yep, I’m talking about Heartbleed. So after we go through all of the patching and re-keying, it’s now time to consider password changes. This post isn’t about Heartbleed, it’s about passwords and what the bad guys […]

Continue Reading

Swing and a Miss: Target and the Council Respond

I happened upon the Council’s news page today and saw a couple of great attention grabbing headlines entitled, Time for Smartcards and PCI Council Responds to Critics. I found both of these interesting given the landscape of breaches we have seen over the last couple of months, but I found that both missed key points […]

Continue Reading

Data Discovery, It’s A Thing!

The Data Center, by Tu Holmes Those of you who have been following me for a while know that I am a proponent of data discovery tools, and Data Loss Prevention tools where appropriate. I partnered with one while running the consulting business at VeriSign, and worked with the teams at RSA that developed their […]

Continue Reading

2013 Roundup

Stay Classy, San Diego! It’s been an interesting year, but now we can welcome 2014 with wide open arms! It’s already shaping up to be both a busy and interesting year, but let’s take a moment to look back at 2013 and talk about the top posts! How Starbucks is Revolutionizing Mobile (Micro) Payments. This […]

Continue Reading

For the Super Geeky Crypto Guys

Of course, if you are a super geeky crypto guy (in which I am envious because math is not my strong suit) you probably already saw this amazing paper by Daniel Genkin, Adi Shamir (the S in RSA), and Eran Tromer in which they prove a side-channel attack against RSA encryption. Since the math behind […]

Continue Reading

Missing Mobile is Like Watching the Puck Fly By

Thanks to Andrew Hay for a retweet that I happened upon last night! Keli at Bluebox Security did a post entitled PCI DSS Ignoring Mobile Security is Irresponsible that discusses some of the implications of the Council’s lack of guidance and standards around this emerged (it was emerging five years ago) technology. While many security […]

Continue Reading

Hosed by Codeshares AGAIN

That’s a biggun! Yep, a little bit off topic, but that’s why I have a Diversions file! Some of you may remember a post I did for all of your frequent fliers a couple of years ago about some travel trouble I was having with airline tickets purchased as codeshares. In all fairness, this isn’t […]

Continue Reading