controlgap.com

In the world of data breaches, it’s not often that we see something totally new. This last week we may just have had such a thing.  Most people are familiar with easily monetized breaches such as those involving credit cards and tax information. Occasional breaches of health information and privacy are also familiar. Rarer are the some of the large breaches like the politically motivated attack linked to North Korea on Sony Pictures, the Ashley Madison shutdown extortion, and the US Intelligence disclosures by Snowden and others. Even rarer are nation state attacks like StuxNet. But the Panama Papers seem different. Breaches of Law firms aren’t unknown but  they also aren’t that notable.

The Internet and mainstream media has been ablaze with articles and opinion pieces about the dispute between the FBI and Apple over an iPhone used by one of the San Bernardino terrorists. The issue has polarized public opinion and drawn attention to longstanding tensions over access by law enforcement. The issue is complex and the implications are far reaching. The resulting debate is a good thing because it makes us think.

If you’ve been struggling with keeping up with various SSL vulnerabilities and planning an orderly cutover to TLS then the recent announcement by the PCI Council has extending the sunset date for the transition from SSL to TLS 1.1 and 1.2 should come as welcome relief.

Previously we looked at Format Preserving Encryption (FPE) its characteristics and suitability for application in solutions intended for PCI DSS. To recap, FPE is an...

The PCI council has released an announcement that they are preparing an updated version of the PCI DSS (v3.1) and PA-DSS (v3.1), where they will be detailing several clarifications and changes to requirements. One of the major changes that will be included in v3.1 is that all versions of SSL are no longer considered acceptable as “strong cryptography”. The bulletin from the council states that adherence to PCI DSS v3.1 and PA-DSS v3.1 standard will be immediate with future-dated requirements to allow organizations time to implement changes.

Format Preserving Encryption or FPE is recent technology that is beginning to show up in payment solutions with the promise of simplifying PCI DSS compliance. If you...