These all raise interesting security control issues for the financial industry. A person using speech mode should have the option of privacy using headphones and making the screen completely blank. Even more complicated is the use of a relay service, which by definition is a person in the middle (PitM) of a secure exchange.
Perhaps most interesting is the definition of “power-driven mobility devices”. Even a Segway qualifies, so an ATM has to be accessible to them unless a financial institution can prove that its use is unreasonable or would cause a “fundamental” change to their operations.
I also noted that the federal rule calls for one compliant ATM per location (outside is not considered in the same location as inside) but California has a 50% rule.
A directory traversal vulnerability allows an attacker to remotely retrieve files from vCenter Server without authentication. In order to exploit this vulnerability, the attacker will need to have access to the network on which the vCenter Server host resides.
If you have network access to vCenter and login as a user, the same advisory points out that session IDs are exposed.
The SOAP session ID can be retrieved by any user that is logged in to vCenter Server. This might allow a local unprivileged user on vCenter Server to elevate his or her privileges.
Scientists recently proposed that some spiders are able to spin silk from their legs (tarsi) to hang onto slippery surfaces. The claim was disputed, but now it has been proven.
Like all spiders, tarantulas (family Theraphosidae) synthesize silk in specialized glands and extrude it from spinnerets on their abdomen. In one species of large tarantula, Aphonopelma seemanni, it has been suggested that silk can also be secreted from the tarsi but this claim was later refuted. We provide evidence of silk secretion directly from spigots (nozzles) on the tarsi of three distantly related tarantula species: the Chilean rose, Grammostola rosea; the Indian ornamental, Poecilotheria regalis; and the Mexican flame knee, Brachypelma auratum, suggesting tarsal silk secretion is widespread among tarantulas. We demonstrate that multiple strands of silk are produced as a footprint when the spider begins to slip down a smooth vertical surface.
Slipping and falling would be fatal to a tarantula, so the silk from their legs is given as an example of a control developed for survival.
But what does PCI DSS compliance by a cloud services provider actually mean and what value does this provide to an enterprise?
Cloud services providers, such as Verizon, which have obtained PCI DSS Level 1 compliance, must undergo extensive preparation, testing and assessment of their cloud environment to verify that it is built and operated in a manner that meets the security standards that enterprises require. Cloud services providers must undergo a third-party audit and, due to the nature of a cloud services provider’s environment, there is also the responsibility for day-to-day governance required to maintain its security posture and provide the necessary transparency to customers. In addition, achievement of PCI DSS compliance by a cloud services provider for its cloud infrastructure offers customers verification that the following will occur:
Annual penetration tests
Quarterly vulnerability scanning using an Approved Scanning Vendor
Architecture reviews validating environment isolation on a per customer basis
Virtual environment configuration reviews of hypervisor and virtual switches
Log collection and auditability
Authentication
Process and procedure definition and documentation
a blog about the poetry of information security, since 1995