Tag Archives: PCI

May 7

  • Created: May 7, 2012 11:58 AM

Nexcess Announces PCI DSS Certified Web Hosting

Nexcess Announces PCI DSS Certified Web Hosting

Ann Arbor, Michigan, May 7, 2012 – Nexcess, a leading provider of premium eCommerce hosting services, has announced that the company’s sustained PCI-compliant web hosting environment will become PCI certified in the coming weeks. This certification relates to directly to the ability of an eCommerce web site’s ability to accept credit card payments; in this case, for clients utilizing Nexcess’ Magento SIP (Secure Isolated Platform) web hosting packages.In order to provide PCI certified web hosting, organizations must meet 12 distinct requirements for compliance, which must be further verified and approved by an independent third party. The Payment Card Industry Data Security Standard (PCI DSS) is a governing standard for information security as it relates to the handling of consumer cardholder information for payments made using major credit, debit, prepaid, ATM, and POS cards.“Anyone can say they are ‘PCI Compliant’, but very few folks take the next step to have this independently audited,” commented Nexcess President and CEO, Chris Wells. “We feel that this certification falls right in line with Nexcess’ foundation of providing our clients with unparalleled service and support. Now, more than ever, people want to know that their sensitive information is safe when they’re doing business online. We want to provide our valued clients with that added level of confidence and security.”
Read more

Posted in: News Releases / Tagged: , ,
May 14

  • Created: May 14, 2011 7:54 PM

Using OpenSSL to Verify Service Availability and Configuration

Using OpenSSL to Verify Service Availability and Configuration
SSL is one of the most widely-used technologies for securing communications over the internet. It does have a few design flaws, but it’s still widely used to secure e-mail (IMAP-SSL and POP3-SSL), HTTP traffic (via HTTPS), and other communications.

By far, the most common implementation of SSL is the OpenSSL suite which is developed by a community of voluenteers. OpenSSL is the library powering the majority of SSL communications on the internet. Today, we’re going to look at how to use a part of the OpenSSL suite to make sure that services are working correctly. Read more

Posted in: Security / Tagged: , , , , ,
Apr 2

  • Created: Apr 2, 2011 3:15 PM

Magento Catalog Search XSS on Some Themes

Magento Catalogsearch XSS On Some Themes
We’ve seen a few customers failing PCI scans due to Cross Site Scripting (XSS) vulnerabilities on the catalogsearch page. Initially it seemed like it was a bug in Magento where it wasn’t sanitizing its input but when we tried to see if a new install, using the default theme, was vulnerable we found it wasn’t. This led us to start tracking down the code that actually printed out the XSS.

In the cases we’ve dealt with, the XSS vulnerability is usually reported on the ‘catalogsearch’ page. On the search page it will show info about what your search query was which is where the XSS vulnerability lies. The code that controls this is in breadcrumbs.phtml.

Read more