Any merchant who accepts credit cards and has a merchant account must validate compliance. It does not matter if you use a 3rd party processor or if you outsource all of your credit card processing. It’s the ownership of the merchant account that defines if you must validate compliance. The only to avoid PCI compliance [...]

In an ongoing saga, one of the most popular web hosting message boards www.webhostingtalk.com has been dealt another serious blow to it’s security.  Late last month, Webhostingtalk was hacked in a deliberate, sophisticated and calculated manner. The attacker was able to circumvent their security measures and access via a backdoor protected by a firewall to [...]

As of October 1, 2008 the PCI Data Security Standard version 1.2 became active. There are a number of changes to PCI DSS since version 1.1. Version 1.2 removes much of the ambiguity from earlier versions and provides additional details on items such as the use wireless devices.

One of the most valuable commodities in this day and age is your own personal information. The more we make purchases over the Internet or over the phone, in other words: not in person, the more important that information becomes. However, as security breaches receive more coverage and are more well known to the public, [...]

A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly [...]

Xen is one of the newest virtualization platforms available that can securely run multiple virtual guest servers, each running its own operating system, on a single physical system with close to native performance.  It is available on many Linux platforms as an open source application and directly from XenSource Inc.