Sister CISA CISSP:

April, 2009

1

April 29, 2009  11:46 AM

Encrypt Your Laptops NOW

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

SC Magazine has reported that a laptop belonging to the State of Oklahoma was stolen, with 1 million names, Social Security numbers, birth dates and home addresses of Oklahoma's Human...

April 24, 2009  7:05 PM

The Risks of Using Gmail, Hotmail and Yahoo

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

We all do it; we connect to the web and grab our mail all the time. But those web pages are vectors for cross site scripting (CSS) and a new nasty - CSRF (pronounced SeeSurf), cross-site request forgery, affects many webmail providers, most notably Gmail. Gmail even knows about a flaw it hasn't...


April 21, 2009  3:08 PM

Scans and Pentests and Audits, Oh My!

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

Why isn't a vulnerability scan part of a penetration test? A scan looks for vulnerabilities the way hackers do - but hackers are MUCH better at it. Scans look for what they are programmed to look for - hackers look for holes. Penetration testing certainly involves scanning, but most...


April 15, 2009  7:01 PM

The Beginning of the End for PIN Codes

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

Yesterday Wired released a story that reveals a startling detail about the TJMaxx data breach: hackers were able to cash in on stolen debit cards because they had a way to crack PINS. This "minor detail" was buried in an affadavit...


April 10, 2009  8:28 PM

A DAM Good Idea

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

(Sorry, I apologize for using an acronym, but I couldn't resist.) Whenever the subject comes up of logging activity in a database, immediately the complaints of "Too much overhead!" can be heard. Everybody thinks it's a good idea in theory, but from a practical standpoint, it adds a lot of...


April 8, 2009  1:50 PM

What Conficker Tells Us

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

The latest statistics I've read from vendors now say that up to 6% of PCs worldwide are infected by the worm. What is going to happen as a result of this worm is still yet to be determined. The "patch"...


April 3, 2009  7:30 PM

When News Isn’t News

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

A client of ours was notified recently by their financial institution that some of their credit cards had been compromised by a vendor. The rational question followed: "Which vendor?" To which the bank replied, we aren't going to tell you in order to protect the reputation of the...


April 1, 2009  12:45 AM

Making it Easy For Hackers

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

How many rules do you have in your firewall? How many rules allow access directly into your network? How many rules allow ANY/ANY? The more rules you have in your firewall rulebase, the higher your risk of allowing attackers in. I'm not talking about opening access to your webserver in the...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: