PCI Compliance failure due to Clickjacking threat

Recently I’ve come across a new PCI compliance failure “Web Application Potentially Vulnerable to Clickjacking”.

Clickjacking PCI compliance failure

What is Clickjacking ?

Clickjacking uses IFrames to basically put a tranparent layer over a website and therefore can hijack the clicks and keystrokes the user enters.  This is also known as a “UI redress attack” as it is changing the Users Interface.

This means users can be fooled into giving up usernames and passwords when they think they are logging into legitimate web sites, not realising there is a layer intercepting these details between them and the legitimate site. Continue reading “PCI Compliance failure due to Clickjacking threat”

Security Metrics PCI Compliance Site Failed

One of the companys I work with take Credit Card payments and therefore want to be PCI compliant, and use security metrics to scan the network for compliance.

Lately they’ve been failing their online scan for a few reasons.

  1. Windows 2003 has been detected and that now unsupport
  2. TLS version 1.0 is still enabled
  3. SSL RC4 is still enabled.

Security Metrics PCI Compliance Site Certification Failed…

Security Metrics PCI compliance Site Certification Failed
Security Metrics PCI compliance Site Certification Failed

Continue reading “Security Metrics PCI Compliance Site Failed”