Sister CISA CISSP:

April, 2009

1

April 29, 2009  11:46 AM

Encrypt Your Laptops NOW



Posted by: Arian Eigen Heald
Data Breaches, laptop encryption, laptop security, Tearing My Hair Out

SC Magazine has reported that a laptop belonging to the State of Oklahoma was stolen, with 1 million names, Social Security numbers, birth dates and home addresses of Oklahoma's Human...

April 24, 2009  7:05 PM

The Risks of Using Gmail, Hotmail and Yahoo



Posted by: Arian Eigen Heald
email security on the road, Gmail

We all do it; we connect to the web and grab our mail all the time. But those web pages are vectors for cross site scripting (CSS) and a new nasty - CSRF (pronounced SeeSurf), cross-site request forgery, affects many webmail providers, most notably Gmail. Gmail even knows about a flaw it hasn't...


April 21, 2009  3:08 PM

Scans and Pentests and Audits, Oh My!



Posted by: Arian Eigen Heald
Pentesting, Tools & Tricks of the Trade, Vulnerability Assessments

Why isn't a vulnerability scan part of a penetration test? A scan looks for vulnerabilities the way hackers do - but hackers are MUCH better at it. Scans look for what they are programmed to look for - hackers look for holes. Penetration testing certainly involves scanning, but most...


April 15, 2009  7:01 PM

The Beginning of the End for PIN Codes



Posted by: Arian Eigen Heald
Automatic Theft Machines, Data Breaches, PCI DSS, Security Devices

Yesterday Wired released a story that reveals a startling detail about the TJMaxx data breach: hackers were able to cash in on stolen debit cards because they had a way to crack PINS. This "minor detail" was buried in an affadavit...


April 10, 2009  8:28 PM

A DAM Good Idea



Posted by: Arian Eigen Heald
Admins and Auditors, Database, DataManagement, Tools for Auditing and Security

(Sorry, I apologize for using an acronym, but I couldn't resist.) Whenever the subject comes up of logging activity in a database, immediately the complaints of "Too much overhead!" can be heard. Everybody thinks it's a good idea in theory, but from a practical standpoint, it adds a lot of...


April 8, 2009  1:50 PM

What Conficker Tells Us



Posted by: Arian Eigen Heald

The latest statistics I've read from vendors now say that up to 6% of PCs worldwide are infected by the worm. What is going to happen as a result of this worm is still yet to be determined. The "patch"...


April 3, 2009  7:30 PM

When News Isn’t News



Posted by: Arian Eigen Heald
Admins and Auditors, credit card crime, Data Breaches

A client of ours was notified recently by their financial institution that some of their credit cards had been compromised by a vendor. The rational question followed: "Which vendor?" To which the bank replied, we aren't going to tell you in order to protect the reputation of the...


April 1, 2009  12:45 AM

Making it Easy For Hackers



Posted by: Arian Eigen Heald
Data Breaches, information security, Security Devices

How many rules do you have in your firewall? How many rules allow access directly into your network? How many rules allow ANY/ANY? The more rules you have in your firewall rulebase, the higher your risk of allowing attackers in. I'm not talking about opening access to your webserver in the...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: