PCI SSC finally released “Information Supplement: Payment Card Industry Data Security Standard (PCI DSS) Requirement 6.6 Code Reviews and Application Firewalls” that would clean some air on how much application security is really required for PCI DSS compliance. I have often had long discussions on the intent of 6.6 requirement, and to me it always was clear that Section 6.6 wanted application owners to be cautious against web based attacks than just web-application security testing.
The supplement is a must read and can be downloaded from here
While going through masses of web pages everyday, i found some essential read for anyone and everyone who uses Windows. I personally don’t use Windows until I am compelled to, such as at work. It’s been about 4 years that i moved on to addictive Ubuntu and good looking OS X. Anyhow, here are the links:
- 21 Useful applications for Windows
- 156 Useful Run Commands - Although it can never replace spotlight on mac, knowing few run commands can save you of many boring clicks. And I don’t like Launchy before you ask me to have a look at it.
- Strip your Windows XP of redundant makeup
As if appointment of Rod Beckström as director of National Cyber Security Center (NCSC) was not foolish enough, Bush administration couldn’t help tolerating Mr Chertoff’s ideas of privacy. In a public appearance at Canada, he attempted to explain how fingerprints are not his idea of personally identifiable information (personal data). What people, especially those who handle security, must understand that personal data can not be described by confidentiality alone.
What most people do not understand is the difference between personally identifiable information and confidential information, or as Schneier puts it ‘the difference between personal data and secret data. To put it simply, personally identifiable Information (PII) refers to any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains. It has little to do with confidentiality of the information on its own. Postal codes/ zip codes and fingerprints are few such examples of less-confidential personal data.
I have been thinking about buying ASUS Eee PC to help me access my main machine while I laze around in bed. The two laptops I have are a bit clunky and store crucial data that I cant afford to loose when I roll in bed. While most of my rss, email and music streaming needs are fulfilled by my pimped iphone, they keyboard and screen size often makes it uncomfortable to access my webserver over ssh and my machine over vnc.
While I still wait for some cash inflow for buying Eee PC, Jace has written a very insightful comparison of Eee PC and HCL MiLeap Y. For those who think HCL can produce a good laptop for Linux OS, this is an eye opener.
