Finding PANs with Open Source Tools

Recently the idea hit me to look into what it would take to locate personal account numbers (PAN)s that had been unknowingly filed away by applications or server logs.  I quickly found three open source tools to enlist.

Listen to find out which one I liked and which ones are fit for /dev/null.  Enjoy the show!

• Cornell Spider (windows version)
  
• Cornell Spider 4.0 (Perl) this wasn't tested, but apparently doesn't suck. 
• Find_ssn, credit cards actually expire before this is finished scanning
• Senf from the University of Texas is awesome!

 

 Finding PANs With Open Source Tools [24:58m]: Play Now | Play in Popup | Download (59)

Posted in Podcast | No Comments »

PCI DSS

Lately I've been looking a little further into the Payment Card Industry's Data Security Standard. Unfortunately, you could look for weeks and still find out new "fun facts". So as usual, I've put together a crash course on what I know about the PCI DSS and a little bit about what it might mean to the average credit card accepting merchant.

Show notes:

• Here you can find the DSS, FAQs and the Self Assessment Questionnaire https://www.pcisecuritystandards.org
• Some information on what an acquiring bank does.
• Criticism of PCI at DarkReading.com and some interesting points by Martin McKeay
• Interview with Robert Preatoni regarding his BlueHat talk.
• The WabiSabiLabi marketplace , just in case you want to give someone an 0-day for Christmas this year. Santa still hasn't brought me one.

As always, if I've left something out, or you've got something good to add, let me know.

 

 The PCI DSS Episode [46:15m]: Play Now | Play in Popup | Download (71)

Posted in Podcast | No Comments »