Sister CISA CISSP:

October, 2008

1

October 30, 2008  3:33 PM

Don’t Be Seduced Just Yet



Posted by: Arian Eigen Heald
Admins and Auditors, DataManagement, Development, Microsoft Windows, Security, Storage, Virtualization

I had a co-worker ask me yesterday what my opinion on "cloud computing" is, and whether it should be something they could recommend to clients. He had seen announcements about cloud computing from Microsoft According to a 2008 paper...

October 28, 2008  3:08 PM

More on Cell Phone (IN)Security



Posted by: Arian Eigen Heald
Hardware & InfoSec, Mobile, Tools & Tricks of the Trade, Tools for Auditing and Security

I'm having very mixed feelings, I must say, on what I've been reading about accessing information from cell phones. On the one hand, in my line of work, which occasionally includes forensics, I'm pleased to see new tools come out that make my job that much easier. The Cell Seizure Investigator...


October 23, 2008  4:41 PM

Physical Security Part II



Posted by: Arian Eigen Heald
Admins and Auditors, DataCenter, Hardware & InfoSec, Security, Tools for Auditing and Security

The most secure Data Centers I've seen utilize electronic access cards of some type that have a good reporting mechanism, right down to which door. Of course, these systems don't do you a bit of good if no one looks at the logs, but that seems to be the exception, rather than the rule. Thank...


October 21, 2008  1:58 PM

ATMs with Bugs – At the Grocery Store



Posted by: Arian Eigen Heald
Automatic Theft Machines, Data Breaches, Hardware & InfoSec, Security, Wireless

From the Wall Street Journal comes the disturbing news that a high-tech wireless "bug" has been found in hundreds of grocery store ATMs in five different European countries. According to WSJ: Examining...


October 20, 2008  1:06 AM

Let’s Get Physical



Posted by: Arian Eigen Heald
Admins and Auditors, DataCenter, IT audit, Security, Tools & Tricks of the Trade

When I do an audit, or a penetration test, I start by walking around the building, both inside, outside, and sometimes even on the roof. In my travels, I'll leave my business card where I can gain unauthorized access. How often am I successful? 95% of the time. I mentally catalog the exterior...


October 10, 2008  2:12 PM

ATMs Redux – Why I Don’t Use My Debit Card



Posted by: Arian Eigen Heald
Automatic Theft Machines, Data Breaches, Hardware & InfoSec, PCI DSS, Security

In a previous post about Automatic Theft Machines I commented on the worrisome rise in skimming with these machines. Now, to add to our pain, we should be concerned about gas station pumps,...


October 9, 2008  2:00 PM

Hardware? What Hardware?



Posted by: Arian Eigen Heald
Hardware & InfoSec, Security

I came across a recent post from the Breach Blog reporting that a U.S. Naval Laboratory employee - the computer administrator - had stolen 19,709 pieces of computer equipment, worth up to $1.6 million. Did no one see this guy carting...


October 6, 2008  8:19 PM

Auditing iSeries



Posted by: Arian Eigen Heald
Admins and Auditors, AS/400, Compliance, IT audit, Security, Tools & Tricks of the Trade, Tools for Auditing and Security

IBM's system iSeries are some of the most solid server systems around. Formerly (and by some, still called) the AS400, those servers are at the top of the food chain for reliability and stability. DB2, the native database system for iSeries, is as solid as a rock, and powers many of the banking,...


October 2, 2008  7:39 PM

Security is a State of Mind



Posted by: Arian Eigen Heald
Compliance, Security, Tearing My Hair Out

An interesting new study commissioned by Cisco has just been released.CISCO Study The study focused on the behavior of people in...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: