August 2008 Archives

PCI Standard Widened for Better Security

PCI-Compliance-InternetNews.pngInternetNews.com reports on the PCI Security Standards Council latest version 1.2 of PCI Data Security Standards, or PCI-DSS available for merchant use beginning Oct. 1. The Council says version 1.2 will "not introduce any major new requirements" and will only "introduce clarifying items." The clarifications include:

  • Addition of monitoring capabilities for removable electronic media, e-mail, Web, laptops It also adds monitoring capabilities for removable electronic media, e-mail, Web, laptops and PDAS.
  • Wired Equivalent Privacy, or WEP wireless security protocol dropped in favor of the newer IEEE 802.11x standard.
  • Tightening of security requirements for employees of companies the PCI-DSS governs.
  • Security policy requiring employees to acknowledge that they have read and understood their security policy and procedures at least once a year.
  • New wireless networks implementations cannot use WEP implementations after March 31, 2009 and current implementations must get rid of WEP by June 30, 2010.
Sumedh Thakar, PCI solutions manager at Qualys, told InternetNews.com he welcomes these changes because a vulnerability scan is more doable and less expensive than going through your source code.  Instead of having to go through possibly millions of lines of source code, companies can run a scan then focus on detected vulnerabilities in the code and remedy those. Another change that Thakar likes is the Council's formally ruling out the use of WEP, which has, since 2001, been known to be easy to crack. "The standard has always recommended that WEP not be used, but now they're putting in a timeline," added Sumedh.

Read InternetNews.com Article
Read SC Magazine Article
By
Qualys
on August 21, 2008 10:18 AM | | Send us your feedback on this story

NEW QualysGuard Log-in Page

QG-Login.gif

Qualys has implemented a new log-in page for QualysGuard. This new log-in page provides information about product enhancements, changes and updates as well as share information about new tools, tips, and techniques for using QualysGuard Vulnerability Management and Policy Compliance features.

Log-on
By
Qualys
on August 14, 2008 12:01 PM | | Send us your feedback on this story

Microsoft Patch Tuesday: August 2008 Security Bulletin

Security-Alert-WK+AS.gif

Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against the 11 new vulnerabilities present in Microsoft Windows. Customers can immediately audit their networks for these and other recent vulnerabilities by accessing their QualysGuard subscription.

Microsoft released on August 12, 11 security patches to fix newly discovered flaws in Microsoft Windows. The Qualys Vulnerability R&D Lab has released the following checks for these new vulnerabilities, including:

- Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
- Microsoft Word Could Allow Remote Code Execution
- Microsoft Excel Could Allow Remote Code Execution
- Microsoft Office Filters Could Allow Remote Code Execution
- Microsoft Internet Explorer Cumulative Security Update
- More...
Read Alert
Listen to Podcast

Related Coverage:
Microsoft Fixes IE, Office in Big Month of Security Updates, by Elizabeth Montalbano, IDG News Service
Microsoft Issues Massive Security Update for Windows, by Greg Keizer, Computerworld
By
Qualys
on August 14, 2008 10:05 AM | | Send us your feedback on this story
« July 2008 | Main Index | Archives | September 2008 »