Home > IT Blogs > Sister CISA CISSP/

Sister CISA CISSP:

April, 2009

1
April 29, 2009  11:46 AM

Encrypt Your Laptops NOW



Posted by: Arian Eigen Heald
Data Breaches, laptop encryption, laptop security, Tearing My Hair Out

SC Magazine has reported that a laptop belonging to the State of Oklahoma was stolen, with 1 million names, Social Security numbers, birth dates and home addresses of Oklahoma's Human...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

April 24, 2009  7:05 PM

The Risks of Using Gmail, Hotmail and Yahoo



Posted by: Arian Eigen Heald
email security on the road, Gmail

We all do it; we connect to the web and grab our mail all the time. But those web pages are vectors for cross site scripting (CSS) and a new nasty - CSRF (pronounced SeeSurf), cross-site request forgery, affects many webmail providers, most notably Gmail. Gmail even knows about a flaw it hasn't...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

April 21, 2009  3:08 PM

Scans and Pentests and Audits, Oh My!



Posted by: Arian Eigen Heald
Pentesting, Tools & Tricks of the Trade, Vulnerability Assessments

Why isn't a vulnerability scan part of a penetration test? A scan looks for vulnerabilities the way hackers do - but hackers are MUCH better at it. Scans look for what they are programmed to look for - hackers look for holes. Penetration testing certainly involves scanning, but most...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

April 15, 2009  7:01 PM

The Beginning of the End for PIN Codes



Posted by: Arian Eigen Heald
Automatic Theft Machines, Data Breaches, PCI DSS, Security Devices

Yesterday Wired released a story that reveals a startling detail about the TJMaxx data breach: hackers were able to cash in on stolen debit cards because they had a way to crack PINS. This "minor detail" was buried in an affadavit...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

April 10, 2009  8:28 PM

A DAM Good Idea



Posted by: Arian Eigen Heald
Admins and Auditors, Database, DataManagement, Tools for Auditing and Security

(Sorry, I apologize for using an acronym, but I couldn't resist.) Whenever the subject comes up of logging activity in a database, immediately the complaints of "Too much overhead!" can be heard. Everybody thinks it's a good idea in theory, but from a practical standpoint, it adds a lot of...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

April 8, 2009  1:50 PM

What Conficker Tells Us



Posted by: Arian Eigen Heald

The latest statistics I've read from vendors now say that up to 6% of PCs worldwide are infected by the worm. What is going to happen as a result of this worm is still yet to be determined. The "patch"...

  Bookmark and Share     1 Comment     RSS Feed     Email a friend

April 3, 2009  7:30 PM

When News Isn’t News



Posted by: Arian Eigen Heald
Admins and Auditors, credit card crime, Data Breaches

A client of ours was notified recently by their financial institution that some of their credit cards had been compromised by a vendor. The rational question followed: "Which vendor?" To which the bank replied, we aren't going to tell you in order to protect the reputation of the...

  Bookmark and Share     1 Comment     RSS Feed     Email a friend

April 1, 2009  12:45 AM

Making it Easy For Hackers



Posted by: Arian Eigen Heald
Data Breaches, information security, Security Devices

How many rules do you have in your firewall? How many rules allow access directly into your network? How many rules allow ANY/ANY? The more rules you have in your firewall rulebase, the higher your risk of allowing attackers in. I'm not talking about opening access to your webserver in the...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

1