Posts relating to PCI Compliance
Recently I’ve come across a new PCI compliance failure “Web Application Potentially Vulnerable to Clickjacking”. What is Clickjacking ? Clickjacking uses IFrames to basically put a tranparent layer over a website and therefore can hijack the clicks and keystrokes the user enters. This is also known as a “UI redress attack” as it is changing the Users Interface. This means users can be fooled into giving up usernames and passwords when they think they are logging into legitimate web sites, not realising there is a layer intercepting these details between them and the legitimate site.
One of the companys I work with take Credit Card payments and therefore want to be PCI compliant, and use security metrics to scan the network for compliance. Lately they’ve been failing their online scan for a few reasons. Windows 2003 has been detected and that is now unsupported. TLS version 1.0 is still enabled SSL RC4 is still enabled. Security Metrics PCI Compliance Site Certification Failed…