PCI 1.2 and Anti-virus Software Requirements

Last month the PCI Security Standards Council released version 1.2 of the PCI DSS. There were a number of updates and changes to the standard, most of which I have already written about. I want to revisit Requirement 5 of the PCI DSS which relates to the use of anti-virus software on...

New Attacks on Wireless Encryption

Two graduate students in Germany have successfully demonstrated an attack against the WPA wireless encryption protocol. WPA was developed as a stop-gap measure when it was discovered that WEP, the original wireless encryption protocol, was deeply flawed and offered virtually no...

Protocol Fuzzing With the Mu-4000

I recently had a demonstration of the Mu-4000 Service Analyzer by Mu Dynamics. This device provides the type of security testing capabilities difficult to duplicate with any other single product (hardware or software). The Mu-4000 is an appliance that integrates the testing...