Miles Associates LLC

Microsoft has taken aim at a rogue antivirus program called Internet Antivirus Pro.

The company’s latest update to its Windows Malicious Software Removal Tool, MSRT released Tuesday, adds detection for this dubious program, which masquerades as security software.

via Microsoft Update Removes Rogue Antivirus Program.

Wow, not good.  The following response seems way too casual to me:

“These screw-ups happen”

via U.S. Accidentally Releases List of Nuclear Sites - NYTimes.com.

The Payment Card Industry (PCI) Security Standards Council recently published a “Prioritized Approach” to complying with the PCI Data Security Standard (PCI-DSS) version 1.2.  This is to allow merchants that are just starting their PCI compliance journey to achieve the most risk reduction as early in the process as possible.

The Prioritized Approach does not mean that the merchant can get by with only partially complying with the standard.

The official site for the Prioritized Approach is here.

If you are just starting your quest for PCI compliance, Miles Associates has an experienced team that can help you.  We will use the Prioritized approach to map out your journey, and then provide services so you have the security measures, processes, and policies needed to protect your customers, your reputation, and your income.  Contact us today!

Watch out for “TwitterCut”…

Twitter users have been tricked into divulging their login and password details to a Web site that then spammed their contacts.

via Twitter Gets Targeted Again By Worm-Like Phishing Attack - CIO.com.

May 15, 2009:

A new round of Web sites hijacks is attempting to install malicious, Google-focused software on unpatched PCs, …cementing the drive-by-download approach as a bad-guy tactic of choice.

The attack, dubbed “Gumblar” by ScanSafe, starts by hijacking legitimate sites and inserting attack code. The more than 1,500 hacked sites, including Tennis.com and Variety.com, don’t represent an especially huge number, but its growing rapidly. Since last week, the attack has grown by 80 percent, according to the company, and has spiked 188 percent since yesterday.

The attack code has largely gone after PDF and Flash flaws discovered in the last year … these particular assaults can be largely neutered by making sure you have the latest versions of the Adobe software.

… The PDF attack approach is more bad news for Adobe, whose programs have become a favorite target of late.

via Gumblar Hacked Sites Install Google-Targeting Malware.  (CIO Magazine)

Two security researchers open-source code that can be used to take control of versions of the Microsoft Windows 7 x64 operating system. The team decided to release the code despite initial reservations over security.

“All we are trying [to do] is help more people understand the real enemy, malware … So, this might trigger up new ideas in [the] security industry to help solve the problem,” Kumar wrote. “We are still using age-old methods … to detect malware.”

via eWeek.

Where PCI DSS Still Falls Short (and How to Make it Better)  – Former CISO and Symantec strategic consulting director Ariel Silverstone goes through PCI DSS line by line and offers suggestions to make it more effective.

Currently, I believe it is possible to be 100 percent PCI compliant and have no real security.

via Where PCI DSS Still Falls Short (and How to Make it Better).  By my frieind, Ariel Silverstone.