The Washington Post is reporting a new wrinkle in cyberwarfare. In the article Defense official discloses cyberattack, the Post reports that “malicious code placed on the [flash] drive by a foreign intelligence agency uploaded itself onto a network run by the U.S. military's Central Command.” Perhaps SkyNet has become self-aware, as this malware appears to be able to “upload” itself onto a military network. We ARE nearing August 29th…
According to Deputy Defense Secretary William J. Lynn III, "It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary." This must be one awesome piece of code – sentient, silent, and “poised.”
The PCI Security Standards Council released the summary of changes for the new version of PCI — 2.0. Merchants, you can quit holding your breath as this document is a yawner — as we’ve long suspected it would be. In fact, to call it 2.0 is a real stretch as it seems to be filled — as promised by earlier briefings with the PCI SSC — merely with additional guidance and clarifications. Jeff, over at the PCI Guru, has a great review of the summary doc so I won’t try to duplicate his detailed analysis. The most helpful part of the doc is an acknowledgement that more guidance on virtualization — the one function per server stuff — will finally be addressed.
Suffice it to say, it doesn’t look good for all those DLP vendors looking for Santa Compliance to leave them a little gift under the tree this year. I’ve been hearing hopeful rumors (that I assume start within the bowels of DLP vendor marketing departments) that PCI would require DLP in the next version. Looks like it’s going to be a three year wait to see if Santa will finally stop by their house.
Remember that this is a summary of changes so there’s not that much meat yet. The actual standard will be pre-released early next month with the final standard coming out after the European Community Meeting in October.