Our choices are Freedom, Security, Convenience -- Choose Two
Black Hat USA 2014 Keynote
I like this excerpt from Dan Geer's keynote at Black Hat USA 2014:
The full transcript of the keynote is available here.
I'll be doing two one-hour book signings at Black Hat USA 2014 and DEF CON 22 conferences in Las Vegas:
Black Hat USA 2014:
August 6, 2014, 5:30 pm
Mandalay Bay Conference Center, Tripwire booth 141
(I'll be doing a short presentation before the book signing)
DEF CON 22:
August 8, 2014, 11:00 am
Rio Hotel & Casino, No Starch Press community table in Vendor Area
Can someone shed light on this ghostly "payment card industry fraud investigative unit"? I stumbled upon this name in Brian Krebs blog's post about potential card data in Goodwill Industries. But googling this name did not return any distinct reference. Isn't such a unit, if it really exists, supposed to have some kind of communication portal for public relations, like IC3, for example?
Swift: new Apple's programming language that does not have error or exception handling
Apple just released the spec (of course, only available on Apple iBookstore) of Swift - new programming language which is supposed to replace the relict Objective C currently used to code the apps for Apple devices.
At first glance, there is no breakthrough or innovation, all the language constructs and methodologies are trivial and known for many years. But it is definitely better than extremely outdated Objective C.
Apple always make everything by themselves, including language. There are a lot of good languages created already, but the problem is that Apple need a full control plus some money, similar to Microsoft's C# and VB. The difference is that at the time C# or VB were introduced they actually WERE innovative.
And finally... It looks like Swift does not have any runtime error/exception handling – I actually verified it, there is nothing in the spec about errors or exceptions! I can’t believe it, this is ridiculous, it must be some kind of mistake of beta release or incomplete spec... I like Apple devices, and I am sure there is no chance there will be any unexpected errors in apps running on Apple OS and hardware, but come on, just in case - there is a good tradition of supporting exception handling in some other languages such as Pascal, Java, C++, or C#...
McAfee Focus Security Conference
This is my first McAfee conference. I did not expect to see so many people! Well, so far it was just a welcome reception night club for the partners, in Venetian Las Vegas... The conference actually starts tomorrow...
The PCI SSC meeting (1400 participants) is over. Mostly, minor clarifications in PCI DSS and PA-DSS 3.0, changes in PTS testing requirements 4.0. Unfortunately, no significant changes in PCI standards means no good news for merchants and cardholders. No regulation or tech breakthroughs means the show will go on.
PCI DSS and PA-DSS 3.0 changes
PCI SSC has released a document that "highlights anticipated changes to the PCI Data Security Standard (PCI DSS) and Payment Application-Data Security Standard (PA-DSS) in order to prepare organizations for the introduction of Version 3.0 in November 2013".
I could not find any significant changes that would help to improve the security of card payment transactions. I wasn't surprised though.
Biometric scanner on mobile phone is interesting feature that might be helpful to enhance security of mobile payments, as well as simplify the payment process and reduce the transaction processing time.
PCI ISA Certification Forum
I have created a separate menu entry -- "PCI ISA" -- which contains a link to the one of the most popular blog entries - PCI ISA Training Experience. So everyone can just click on the direct menu link and share her/his experience about ISA certification process - training, exam, and more.