[WEB SECURITY] Vulnerabilities at PCI DSS sites

Christian Heinrich christian.heinrich at cmlh.id.au
Wed Dec 29 15:27:12 EST 2010


MustLive,

A number of vulnerabilities of 3-D Secure, i.e. Verified by VISA and
MasterCard SecureCode, have been presented by the University of
Cambridge:
1. http://www.lightbluetouchpaper.org/2010/01/26/how-online-card-security-fails/
2. http://www.lightbluetouchpaper.org/2010/01/29/why-is-3-d-secure-a-single-sign-on-system/

ASV of PCI DSS has also been criticised i.e. http://www.scanlesspci.com/.


-- 
Regards,
Christian Heinrich

http://www.linkedin.com/in/ChristianHeinrich

Mobile: +61 433 510 532 (AEST +10 GMT/UTC)
SkypeID: cmlh.id.au

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

To unsubscribe email websecurity-unsubscribe at webappsec.org and reply to 
the confirmation email

Join WASC on LinkedIn 
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter
http://twitter.com/wascupdates



More information about the websecurity mailing list