Tag Archives: pci

AWS 的稽核報告服務:AWS Artifact

以往要取得 AWS 的稽核報告都必須簽署 NDA 並透過 support ticket 取得 (或是找窗口拿),現在 AWS 把這件事情做成一個服務:「Introducing AWS Artifact: Speeding Access to Compliance Reports」。 服務叫做 AWS Artifact,還是要簽保密協議,不過電子化了: You can start downloading the audit reports in the AWS Management Console today. Many of the documents are confidential … Continue reading

Posted in AWS, Cloud, Computer, Murmuring, Network, Security | Tagged , , , , , , , , , , , | Leave a comment

CloudFlare 通過 PCI DSS 3.1 Level 1

CloudFlare 宣佈通過 PCI DSS 3.1 Level 1:「CloudFlare is now PCI 3.1 certified」。 早在去年的時候 CloudFlare 就已經通過 PCI DSS 2.0 Level 1:「CloudFlare is PCI Certified」,這次過 PCI DSS 3.1 主要還是因為 2.0 即將失效,不升級就不能處理信用卡資料了...

Posted in CDN, Cloud, Computer, Financial, Murmuring, Network, Security, WWW | Tagged , , , , , , | Leave a comment

PCI DSS 的更新:PCI DSS 3.1

PCI DSS 3.1 出了:「PCI COUNCIL PUBLISHES REVISION TO PCI DATA SECURITY STANDARD — PCI DSS 3.1 and supporting guidance helps organizations address vulnerabilities within SSL protocol that put payment data at risk; PA-DSS revision to follow —」(PDF)。 與 3.0 相比,修正了 … Continue reading

Posted in Computer, Murmuring, Network, Security | Tagged , , , , , , , , , , , , | Leave a comment

PA-DSS 3.0 對密碼儲存方式的說明

PA-DSS (Payment Application Data Security Standard) 是 PCI SSC 訂出來提供給軟體開發商在支援交易時的標準: PA-DSS was implemented in an effort to provide the definitive data standard for software vendors that develop payment applications. 這個標準也有很多版本,最新的 3.0 版是 2013 年 11 月公告的。剛剛在「Passwordscon 2014 - Password Security … Continue reading

Posted in Computer, Murmuring, Security | Tagged , , , , | 1 Comment