Two Good Security Articles You Should Not Miss

I ran across these today and thought I would pass them along.

The first article discusses the lessons that can be learned from the Google attack, also known as ‘Aurora’, on Web sites.  What is interesting is that if your organization was complying with the PCI DSS, the attack would have been almost immediately been identified.  At that point, the attack could have been mitigated.  And remember, mitigation can include unplugging your network from the Internet.  Granted, that is a drastic action to take, but this was a drastic attack and would have warranted such an approach.  Most organization’s incident response plans never discuss disconnecting their organization from the Internet.  However, disconnecting your organization from the Internet might be a valid action to take in certain circumstances such as with ‘Aurora’.

The second article discusses the issue of using proprietary encryption algorithms.  It amazes me the number of people that need to reinvent the wheel all in the name of putting their personalization and creativity on a given project.  Encryption is not a place to reinvent the wheel.  So all of you “experts” out there that think you can do better than AES, get over it.  You cannot do better.

If you are not keeping up on security, you really need to keep up.  To ease the pain, get a free RSS Feed reader such as FeedDemon and subscribe to a number security RSS feeds so that you can keep informed on security and threats.


0 Responses to “Two Good Security Articles You Should Not Miss”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


If you are posting a comment, be patient, as the comments will not be published until they are approved.

If your organization has a PCI opportunity, is in need of assistance with a PCI issue or if you would like the PCI Guru to speak at your meeting, you can contact the PCI Guru at pciguru AT gmail DOT com.

I do allow vendors to post potential solutions in response to issues that I bring up in posts. However, the PCI Guru does not endorse any specific products, so "Caveat Emptor" - let the buyer beware. Also, if I feel that the response is too "sales-ee", I reserve the right to edit or not even authorize the response.


January 2010
« Dec   Feb »

Enter your email address to subscribe to the PCI Guru blog and receive notifications of new posts by email.

Join 1,941 other followers


%d bloggers like this: