• PCI compliance failure: Attempts some buffer overflows

    We were PCI compliant for several months straight and all of a sudden, we got this: Fail Serious Port: 21 Protocol: tcp Summary : attempts some buffer overflows CVSS Base Score : 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C) CVSS Temporal Score : 8.3 (CVSS2#E:F/RL:OF/RC:C) Public Exploit Available : true...

    ITKE364,120 pointsBadges:
  • What is Log Pos malware?

    What is LogPos malware like date of the malware detected, coding language, command and control channel, infecting mechanism, hiding mechanism, impact till date?

    apalkar905 pointsBadges:
  • Fingerprint recognition in Java

    I want a programing source code for fingerprint recognition time and attendance payroll system in Java language. I also want the source code for capturing a fingerprint image and storing in MS Access in Java language for the same project.

    Anikketthakre5 pointsBadges:
  • Web application firewall for IIS

    Does anyone know what's the best web application firewall (WAF) for IIS? Also, is it useful for blocking attacks against poorly written code? I understand that WAF is required by PCI DSS so our organization needs to get one.

    ITKE364,120 pointsBadges:
  • Does temporary storage of credit card info meet PCI DSS requirements?

    For our department, we need to make sure that our temporary storage of our user's credit card information meets PCI DSS requirements. We have to make sure that deletion is compliant DoD's security standards. We thought about using MySQL but we're not sure about the reliability. What should we do?

    ITKE364,120 pointsBadges:
  • Secure credit card information for PCI compliance

    Does anyone know if there's a company / software that offers to store data (particularly credit card information securely) in exchange for a token? Also, can we view the data by using authentication and providing a token back to them? That should be enough for PCI compliance, right? Thanks!

    ITKE364,120 pointsBadges:
  • How to purge database records for PCI compliance

    I have to store some credit card information. To be compliant with PCI DSS, we need to purge the data from our disks by not just deleting the file but writing over the bytes with a random sequence of data (because that would make it harder to recover the data). We would still like to leverage a...

    ITKE364,120 pointsBadges:
  • PCI compliance: Recommended encryption key management

    This question is in reference to PCI compliance. Does anyone know of any recommended encryption key management software? Would ezNCrypt be good to use? Thanks so much.

    ITKE364,120 pointsBadges:
  • Authenticate database for PCI compliance

    We have a PCI compliant website that connects to a database but doesn't store any users' info. However, it does contain HTML / JavaScript snippets that might get rendered into the payment process. Here's my question: Do we have to authenticate the database to remain PCI compliant? Thanks!

    ITKE364,120 pointsBadges:
  • PCI compliance: Password field is present

    We currently have a huge problem with our PCI compliance. According to them, they want us to add http:// on every single page where a password field is present. Here's what my form in index.php looks like: What should we do here?

    ITKE364,120 pointsBadges:
  • Block someone else while I’m logged in

    While I'm logged in, someone else is logged in too. What should I do to block this?

    ANILRAPS5 pointsBadges:
  • Security in cloud computing

    Even though we have authentication tools for the cloud, why do we have a lack of security in public cloud, private cloud and hybrid cloud?

    saikiranreddy20 pointsBadges:
  • Security on Client Access

    Can you please advise if there is any level on encryption on Client Access data transfer without adding SSL functionality?

    JZYoung5 pointsBadges:
  • Is this enough to be PCI compliant?

    I'm currently setting up a HAproxy to load balance between two different web servers. The majority of pages on the site require SSL. As of today, Stunnel is taking care of the HTTPS connections and passing them to the HAproxy. The HAproxy will send requests to the web servers (using HTTP). This is...

    ITKE364,120 pointsBadges:
  • Remote SMTP server is vulnerable to a buffer overflow – Failed PCI compliance

    Hello everyone, My department tried allowing the scanners IP to be accepted through IPTABLES into our SMTP port, but the scan keeps failing. Here's what we're getting: The remote SMTP server is vulnerable to a buffer overflow The server isn't crashing. We white listed the IP but we're still getting...

    ITKE364,120 pointsBadges:
  • What’s the best PCI compliant host?

    Currently, I'm using 1and1 hosting and I've been pretty impressed with the level of support so far (it's easy to use their admin panel). But now, I'm moving into e-commerce. But in order to process any credit cards, using PayPal, we need to be PCI compliant host. What would be the best option for...

    ITKE364,120 pointsBadges:
  • PCI compliance fail: SSL certificate cannot be trusted

    Our server is a CentOS box with a LAMP stack running. But we just had a PCI scan list this as a fail: SSL Certificate Cannot Be Trusted https (443/tcp) Severity: Medium Notes: none But we actually don't have a SSL certificate (we don't attempt to use it either). Should we just close port 443....

    ITKE364,120 pointsBadges:
  • Is PGP encryption available for IBM I

    Is PGP command line encryption of files available for IBM I?

    arfarn105 pointsBadges:
  • PCI compliance failure: 403 and 404 errors

    In a recent scan done by our PCI compliance testers, we recently failed a PCI test. Here's what it said: Configure the HTTP server to specify the same error documents for both 403 (Forbidden) and 404 (Page Not Found) responses. The site is running on a drupal installation and our drupal .HTAccess...

    ITKE364,120 pointsBadges:
  • How to prevent users from using EFS encryption in Windows Server 2003?

    I have two related question regarding Windows Server 2003: 1- How do I prevent users from using EFS encryption? 2- If a file, or a folder, is already encrypted using EFS by a user and the file permissions have been changed to prevent admin from deleting this file, how can the admin recover the...

    WindowsServerATE335 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following