Four years ago I wrote about changes between versions of the PCI DSS with an example of subtlety from Requirement 10.7. This came up again today, so here’s an updated table:
Requirement 10.7:
DSS 1.0
DSS 1.1
DSS 1.2
DSS 2.0
An audit history usually covers a period of at least one year, with a minimum of 3 months available online.
Retain audit trail history for at least one year, with a minimum of three months online availability.
Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up).
Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up).
Sometimes I hear people explain firewall effectiveness in terms of SPF ratings on sunscreen. I like the concept but it also tempts me to pull out the annual Environmental Working Group (EWG) suncreen hall-of-shame. The EWG offers nuggets of wisdom such as this:
Sky-high SPF products may protect from sunburn, caused primarily by UVB rays, but they leave children vulnerable to skin-damaging UVA rays. Without the warning signal of sunburn, children stay in the sun too long, and UVA damage builds up. Parents who see a high-SPF label on the bottle may think it’s safe to allow their kids hours of sunburn-free beach time, but risks associated with sun exposure begin in childhood and accumulate over a lifetime.
So the next time you tell me the firewall is like 70 SPF, I might ask A or B (e.g. are you just blocking the noise or also the attack). Here’s another good example:
Consumers who shell out the bucks for pricey SPF-labeled moisturizers rarely get the sun protection they expect. There are plenty of sun care products that sell for less than $3 per ounce and offer better sun protection than those that cost up to 90 times more.
This quote is probably my favorite:
The front of a Lavera sunscreen box claims the product is “effective immediately†and there is “no need to wait.†But the side panel warns, “apply… 15 minutes before sun exposure.†Which is it?
Buyer beware. Don’t judge a firewall by its cover.
On this day in 1862, 150 years ago, Robert Smalls commandeered an armed American Confederate ship in Charleston in order to emancipate himself and several others from slavery.
Smalls was hired in 1861 as a deckhand on Planter, the transport steamer serving Brigadier General Roswell Ripley, commander of the Second Military District of South Carolina. Smalls later became its pilot. In the early morning hours of May 13, 1862, while the white crew was ashore, Smalls, then 23, commandeered Planter, loaded with armaments for the rebel forts. With his wife, children and 12 other slaves aboard he gave the correct whistle signal as he passed each rebel fort. He then sailed toward Onward, the nearest Union blockading ship. As Onward prepared to fire on the approaching rebel ship, it raised the white flag of surrender. As Planter came alongside the Union ship, Smalls, elegantly dressed in a white shirt and dress jacket, raised his hat high in the air and shouted, “Good morning, sir! I have brought you some of the old United States’ guns, sir!â€
Smalls then served the Union Navy, including duty as the first black captain of a U.S. vessel, and convinced the Union Army to accept black soldiers in August of 1862.
He later became a respected Republican politician in South Carolina where he created the first state law in the United States for free and mandatory public education.
Illuminating the vital role water plays in our lives, exposing the defects in the current system and depicting communities already struggling with its ill-effects, the film features activist Erin Brockovich and such distinguished experts as Peter Gleick, Alex Prud’homme, Jay Famiglietti and Robert Glennon.
Projected paths of the radioactive atmospheric plume emanating from the Fukushima reactors, best described as airborne particles or aerosols for 131I, 137Cs, and 35S, and subsequent atmospheric monitoring showed it coming in contact with the North American continent at California, with greatest exposure in central and southern California. Government monitoring sites in Anaheim (southern California) recorded peak airborne concentrations of 131I at 1.9 pCi m−3
“Greatest exposure” translates to rates 500% higher near Los Angeles than the rest of the coast. For many years now I have been researching methods of using dehumidifiers to source water. The military been developing some amazing technology that can pull water out of the air in the desert, or reclaim water from exhaust pipes in vehicles. Imagine having a drinking fountain in your dashboard. In San Francisco each building, or even each dwelling, would simply produce their own water from absorbing moisture out of the fog, powered by the sun or the wind, as I mentioned in my presentation at last year’s BSidesLV.
It makes a lot of sense to pull moisture from the air when it is such high humidity and there is no shortage of wind power. This move from ground-based systems avoids numerous pollution issues found in piping water from remote reservoirs and it creates higher resilience to attack or disruption. However, it does not help in cases where nuclear fallout or other risks are drifting through the air.
a blog about the poetry of information security, since 1995