LRQA Nettitude Blog

TL;DR

What impact will the latest version of the PCI DSS have on your organisation?

CVE-2015-8620

Malicious input can come from unexpected places.

SHA-1: 1E6CF952D9F0D507A6AA98AD2B3327B83702BC17

Finding WordPress plugin vulnerabilities is like shooting fish in a barrel.

People and Passwords
Passwords, passwords, passwords. I talk about them, I think about them; I go crazy over them!

PCI-DSS is a mostly technical set of controls that are applicable to any organisation which stores, processes or transmits credit card data or anything that could affect the security of the card data. It is written by the PCI security standards council (PCI-SSC), mandated by the card brands (Visa, MasterCard, etc.) and enforced by the banks.

Reading through the British Army Military Doctrine manual the other day (as you do!) the concept of Fighting Power in the context of cyber warfare got me thinking. How could a traditional approach from a historically renowned army be applied to the cyber world? Cyber, or the internet - if we remove the hyped buzz word - has been described as the fifth military domain after land, sea, air and space, and is certainly at the forefront of the attacks reported in the media these days.

In a previous entry we gave a brief introduction to the concept of fuzzing and why we use it. In this entry we’ll guide you through using a fuzzer on Linux to help identify bugs and vulnerabilities in Linux’s main archiving application “tar”.