The PSC, who call themselves the “Payment and Security Experts”, audited Network Solutions for PCI compliance. Unfortunately, Network Solutions just warned merchants that they were hacked and exposed for several months.

In a letter sent to merchants who use its Ecommerce Hosting services, the company said that someone illegally installed software on company servers used handle credit card transactions initiated by 573,928 people between March 12 and June 8, 2009.

The code “may have been used to transfer data on certain transactions for approximately 4,343 of our more than 10,000 merchant Websites outside the company,” Network Solutions said in the letter, signed by company chairman and CEO Roy Dunbar and sent to merchants on Friday.

This will again raise the issue of compliance versus security. The parties involved, including the card brands, may start to dance around fault or explain why this is not a failure of the Data Security Standard (DSS). I say breaches like this one are not a sign of failure of the DSS, and we should really be focused on learning from the specifics of the attack rather than nitpicking a standard.

It would be interesting to apply this in a risk management context. Seed Magazine explains how Ants and Neurons are related:

Choosing a new home, or house hunting, is the most complicated decision an ant colony makes. When an ant nest is overcrowded or damaged, scout ants begin searching for a new building site by making independent evaluations of different spots and reporting back to the colony. A decision is made when a “quorum” is reached, when a certain number of ants agree on a location.

This same process occurs among neurons in a monkey’s visual cortex when the animal performs a visual discrimination task. In the task, a monkey is flashed an image of dots moving in different directions and must decide which way the majority of them are going. When the image appears, neurons in the monkey’s visual cortex gather bits of information from the monkey’s eyes, much like ants evaluating a nest site. As more data is gathered, the neurons with the correct answer gradually increase their firing rate. When their activity reaches a certain threshold level, the monkey makes a decision.

This is an excellent metaphor for managing security operations through the use of numerous simple data points/feeds rather than trying to build just a few very intelligent sensors. It’s the opposite of the traditional ingress/egress control suite of products and more like total awareness engineering. Correlation of all the host antimalware data with internal network behavior analysis for example would be a rich source of decision-making material.

Toss a cobra into the Indian state legislative assembly and they adjourn for the day, according to the Hindu

The snake was spotted around 7 a.m. when Bhishma Nayak, a sweeper went to clean the floor of the House. On hearing [Chief Minister] Mr. Nayak’s shouts for help, a watchman rushed in and saw the cobra near Mr. Patnaik’s desk. The snake slithered away when the watchman tried to chase it with a bench. It was not spotted again despite the efforts of experts from Snake Helpline and Nandankanan Zoological Park staff.

Snake detection is still clearly a very low-tech procedure, perhaps because this situation is rare.

No word yet whether this could have been a political statement related to increased recent activity by CoBRA — “elite” anti-Naxal forces in the Lalgarh area of West Bengal.

The Onion has been sold the Chinese, according to their editors. Differences have already started to appear, such as this amusing look at infrastructure security

Beneath the redacted sections, if you look at source, are the characters *@@##

Another funny story is Internet Adds 12th Website, where the Onion explains the web.

The World Wide Web, a device used solely for the enrichment of the nation and the advancement of lasting social stability, gained another website for the convenience of its users Monday, bringing the current number of existing Internet destinations to 12.

State security is preserved by the lack of exposure.

SeedStore.com provides everything online shoppers need without forcing them to sift through pernicious and unimportant so-called information that jeopardizes state security and disturbs national unity.