Comments
PCI Update Paves Way For Expanding Point-to-Point Encryption
Newest First  |  Oldest First  |  Threaded View
Some Guy
50%
50%
Some Guy,
User Rank: Strategist
7/2/2015 | 2:47:41 PM
It's an Arms Race .. How you can help
We can decry the inevitability of attacks, but what we can't do is accept that as the norm. It's an Arms Race; the next step is here; waiting to do nothing until a perfect solution presents itself is to commit a nirvana fallacy.

Here's where YOU can make a difference. On November 1st, if your credit card hasn't been updated to PIN & Chip (EMV) technology, vote with your pocketbook and move your credit so somewhere that does.
iNtHEmACHINE
50%
50%
iNtHEmACHINE,
User Rank: Apprentice
7/2/2015 | 12:16:09 PM
Re: Okay but...
"Low hanging fruit is the name of the game with hackers that are trying to make money from it."

Low hanging or stumbled apon is where the huge hacks have been, but money is the name of the game even if it's just a Nigerian scam or a few million numbers with expiration dates. Easy money is better, but money is money. If it's MY money I expect it to be secured.

"Good security only really attracts the security curious out there"

And making it harder does make it harder. What is security curious? <heh>

 
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
7/2/2015 | 5:00:04 AM
Re: Okay but...
I know what you mean. It can make you feel a bit dispondent about security with how easy it often seems to bypass it. As long as it's difficult though, it should be relatively safe. Low hanging fruit is the name of the game with hackers that are trying to make money from it. Good security only really attracts the security curious out there. 
Blog Voyage
100%
0%
Blog Voyage,
User Rank: Strategist
7/2/2015 | 2:52:40 AM
Okay but...
"The goal is to make it harder for attackers to steal card data using POS malware tools like BlackPOS, Dexter, vSkimmer, and Backoff." Sure it will help, but hackers always have an advantage.


6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/19/2018
4 Ways to Fight the Email Security Threat
Asaf Cidon, Vice President, Content Security Services, at Barracuda Networks,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator &lt;= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an &quot;Update Profile&quot; &quot;Change Picture&quot; (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.