Risky Business #175 -- Wrong people paying the price?

Are the banks stooging us all?
04 Nov 2010 » Risky Business

Today's podcast is a special edition -- I'm basically on holidays and travelling for work for the next three weeks so there will be no news section for a little bit, but don't worry, we'll be back to regular programming in three weeks.

But until then we've got some killer interviews for you. This week you'll hear from InQTel CSO Dan Geer and McAfee CTO George Kurtz.

It's always struck me as odd that when a credit card transaction turns out to be fraudulent it's the merchant who foots the bill. It seems weird because the merchant isn't really in a position to implement the required changes to our transaction and authorisation systems that would actually cut fraud.

So is it time that we updated the liability model? McAfee CTO George Kurtz joins us with his views.

PCI DSS has been forced onto merchants to help cut down breaches, but the statistics in documents like Verizon Business's data breach investigation report prove that being compliant won't save you from being pwnz0riz3d.

But it's a massive effort, isn't it? Is the PCI DSS industry keeping valuable security professionals employed in silly jobs, chasing down XSS bugs in merchant websites? Is this really the best use of our resources? Dan Geer joins us to discuss.

This week's edition of the show is brought to you by Microsoft, and Fredrique Dennison of Microsoft Australia joins us to discuss the company's upcoming release of its Forefront security software.