John Elliott (@withoutfire) 's Twitter Profile
John Elliott

@withoutfire

Specialist in security directives. Very PCI, always GRC, sometimes GDPR. Authors courses for @pluralsight. Security Advisor at @Jscrambler.

ID: 16066915

linkhttps://pci.rocks calendar_today31-08-2008 14:37:29

812 Tweet

597 Followers

246 Following

John Elliott (@withoutfire) 's Twitter Profile Photo

Last-minute deal needed to keep UK-issued Visa credit cards working on Amazon. But the real question Rupert Jones is why is this a cross-border transaction? theguardian.com/technology/202…

John Elliott (@withoutfire) 's Twitter Profile Photo

The rules about the use of expired Points of Interaction cause no end of confusion. I’ve summarised the brand rules and the effects on PCI DSS compliance in this infrequently asked question. pcirocks.substack.com/p/the-use-of-e…

John Elliott (@withoutfire) 's Twitter Profile Photo

I answered a question about an acquirer withholding a merchant's funds because of #PCI DSS non-compliance by describing the roles of the PCI SSC, the card brands and acquirers. pcirocks.substack.com/p/can-an-acqui…

John Elliott (@withoutfire) 's Twitter Profile Photo

There’s a new Mastercard FAQ about virtual cards and PCI compliance. Details and a short discussion on why this is in the domain of the card brands, not the PCI SSC. pcirocks.substack.com/p/single-use-v…

John Elliott (@withoutfire) 's Twitter Profile Photo

TDEA/TDES will be disallowed by NIST from the end of December 2023. Will the PCI SSC still consider it ā€œStrong Cryptographyā€ after that date, and should entities start planning their migration? pcirocks.substack.com/p/the-impendin…

John Elliott (@withoutfire) 's Twitter Profile Photo

A great write up of what the new version of DSS is doing to combat e-com skimming attacks. Of all the new bits in the standard I’m most pleased with the two new requirements to both protect against, and detect, these attacks.

John Elliott (@withoutfire) 's Twitter Profile Photo

This is a great presentation. 14/10. If you’re at RSA, don’t miss it. (I’m on the RSA program committee so has the joy of seeing the presentation early).

John Elliott (@withoutfire) 's Twitter Profile Photo

A great initiative from the #pci ssc. #pcidss v4 is evolutionary and revolutionary, so if you're a #pcip this is a definite date for the diary.

John Elliott (@withoutfire) 's Twitter Profile Photo

Faster, easier to use, better document library and new URLs for the FAQs. A great upgrade. Congratulations to everyone involved.

John Elliott (@withoutfire) 's Twitter Profile Photo

Essential reading, especially for anyone who has ever used a compensating control for a missed ASV scan šŸ™ƒ (you know who you are).

Aaron Rosenmund (@arosenmund) 's Twitter Profile Photo

Free Pluralsight lab until end week that supported the DEF CON workshop put-on by me, Ryan "Chaps" Chapman & Josh Stroschein | The Cyber Yeti Covers, initial access RE, custom C2 creation in golang, and cs beacon analysis. Enjoy! app.pluralsight.com/labs/detail/2d… #CybersecurityNews #Security #informationsecurity

Timur Yunusov (@a66ot) 's Twitter Profile Photo

How I used deepfakes to bypass security verifications in a bank. For the last three weeks, the first and the last thing I was doing was the same - working on my new research, and I'm so glad it's done.The verifications are bypassed. Enjoy the article!šŸ˜€ paymentvillage.org/blog/how-i-use…

Jessica Barker MBE (@drjessicabarker) 's Twitter Profile Photo

The right phish at the wrong time can catch us all. My video this week is 1 minute on why we need to stop victim-blaming in cyber security. youtube.com/shorts/O-EV2Q-…

Aaron Rosenmund (@arosenmund) 's Twitter Profile Photo

For any of you attending RSAConference #RSAC2023 I really excited to put on a hands on lab, working on easy emulation for blue teams. Should be a lot of fun! Becoming the Threat: Blue Team Friendly Attack Simulations | RSA Conference rsaconference.com/USA/agenda/ses…

John Elliott (@withoutfire) 's Twitter Profile Photo

Given the %ge of neurodiverse people in our community, why do keynote sessions have so much unnecessary loud music and flashing lights? #BlackHat2023