вторник, 11 мая 2010 г.

latest certified PA-DSS applications. 11 may 2010

by the 11 th of may we have 7 new certified applications from 6 vendors:
4 of them are completely new and 3 are re qualified versions of old applications.
5 of them are POS applications and 1-Payment Gateway 1-Payment Midleware.


1. (NEW)AccuPOS 10 by Attitude Positive
2. (NEW)AccuPOS 11 by Attitude Positive
3. (NEW)Star~Lite by Auto~Star Compusystems, Inc.
4. (REQUALIFICATION)ICON 9.0X by Civica
5. (REQUALIFICATION) ChargeItPro 3.03 by Payment Processing Partners, Inc.
6. (NEW)ProfitMaster Payment Interface (PPI) by ProfitMaster Canada
7. (REQUALIFICATION) InFusion 3.50 SP3
by Partech

all information was taken from official site of PCI Council by the 11th may of 2010

Prepare to "Jackpotting Automated Teller Machines Redux"

In near BlackHat event 2010 in Las Vegas Barnaby Jack will show us a presentation about remotely and locally attacking ATM's and also an example of ATM rootkit. I hope it will be wery interesting because Jack's presentation in 2009 was halted by ATM Vendor because those vulnerabilities was 0-days and very critical. So get ready !

Here is some text from announcement:

"Jackpotting Automated Teller Machines Redux"

The presentation "Jackpotting Automated Teller Machines" was originally on the schedule at Black Hat USA 2009. Due to circumstances beyond my control, the talk was pulled at the last minute. The upside to this is that there has been an additional year to research ATM attacks, and I'm armed with a whole new bag of tricks.

I've always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the care presentation "Jackpotting Automated Teller Machines" was originally on the schedule at Black Hat USA 2009. Due to circumstances beyond my control, the talk was pulled at the last minute. The upside to this is that there has been an additional year to research ATM attacks, and I'm armed with a whole new bag of tricks.

I've always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine. I think I've got that kid beat.

The most prevalent attacks on Automated Teller Machines typically involve the use of card skimmers, or the physical theft of the machines themselves. Rarely do we see any targeted attacks on the underlying software.

Last year, there was one ATM; this year, I'm doubling down and bringing two new model ATMs from two major vendors. I will demonstrate both local and remote attacks, and I will reveal a multi-platform ATM rootkit. Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks.

Passport® with PA-DSS Point of Sale System is using by Heartland, RBS WorldPay and many others

More Networks Certify Passport® with PA-DSS Point of Sale System

"GREENSBORO, N.C. – May 5, 2010 – Heartland Payment Systems (Dallas) for CITGO, Marathon and unbranded customers, along with RBS WorldPay, have approved Passport with PA-DSS point of sale system software for retailers on their networks. They join BP, Chevron, Concord (Gulf, Sinclair, Sunoco, Valero and unbranded), ExxonMobil, NBS/Cenex, and Shell software applications that are already shipping."

Passport has the most networks approved with a PA-DSS validated application for convenience store operators.

вторник, 4 мая 2010 г.

понедельник, 3 мая 2010 г.

latest certified PA-DSS applications. 3 may 2010

by the 3rd of may there are 7 new certified applications:

1. ActiveRetail Enterprise by Argility

2. IVR for Payment Gateway (IVRFPG) by Bay Talkitec

3. CAGE by Innovative Control Systems

4. OPERA Enterprise Solution by Mircos

5. X-Series TMS by Panasonic

6. VersaPOS by Systime Computer Systems

7. VenuemasterВІ by Ticketmaster UK


all information was taken from official site of PCI Council

понедельник, 26 апреля 2010 г.

Application Security and pa-dss certification

I've posted my presentation from cardexpo. Firstly it is about importance of application security in a PCI Security area and of cause about a PA-DSS standard and advantages for application vendors and merchants for getting PA-DSS compliance.