Sister CISA CISSP:

Data Breaches


September 27, 2010  4:24 PM

“Free” USB Drive Calls Home



Posted by: Arian Eigen Heald
Data Breaches, Hardware & InfoSec, information security, Privacy

At a conference I attended not long ago, part of the conference package I received was a "free" USB drive from one of the vendors. Every attendee received one of the drives. Being the information security person that I am, "free" USB drives make me wary. Marketers also make me wary. So, I looked...

August 20, 2010  8:34 PM

Myths About Reputation Risk



Posted by: Arian Eigen Heald
Data Breaches, data security, Privacy

I received some entertaining feedback on my previous blog, so I thought I'd share some of the comments I've heard over the last few years about business reputations: 1. "My data is outsourced (hosted, in the cloud, etc) at a third party company. If they lose my data, or get broken into, it's...


August 17, 2010  7:55 PM

Rethinking Reputation Risk



Posted by: Arian Eigen Heald
Data Breaches, privacy on the web, search engines

In a discussion with a client recently, we were talking about reputation as a "risk" to his business. He didn't seem to think it was a long term issue, because so many other issues capture public consciousness so quickly. This got me thinking about "reputation risk" as a concept. I realized that...


June 25, 2010  5:11 PM

A Freebie for Auditing Your Web Application for SQL flaws



Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, Database security, free tools, SQL Injection

I ran across a mention of this tool in a SANS newsbite. Scrawl latest version requires information Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL...


May 21, 2010  3:18 PM

First Dance in the Cloud



Posted by: Arian Eigen Heald
cloud computing, Cloud Security, Data Breaches, Data Center

Well, it finally happened: I got asked to audit information that is stored in a cloud by a third-party vendor. I've acquired the controls, such as password polices, presented in a browser to my client. Several questions came immediately to mind: 1. Given that web browsers are still...


April 26, 2010  4:29 PM

Paying Attention To Statistics



Posted by: Arian Eigen Heald
Data Breaches, Database security

We get a lot of information about what security issues are important from various sources on the Internet. Most of them we know about from one source or another. But here's one that jumped right out at me: According to the Privacy Rights Organization, of the top 10 data breaches in 2009,...


April 15, 2010  6:49 PM

Adobe Reader at the Forefront of Malware Delivery



Posted by: Arian Eigen Heald
Data Breaches, data security, information security, malware management

Statistics from a new study by F-Secure indicate that Adobe Reader has surpassed Microsoft Office products as a vector for malware delivery 2009. F-Secure has also pointed out that you can embed movies and songs, JavaScript, and...


March 31, 2010  11:53 PM

A Trojan as a “Value-Add” for a Battery Charger



Posted by: Arian Eigen Heald
Data Breaches, information security, Stupid Technology, TCM (Truly Clueless Management)

I'm really not sure why a USB battery charger would need software to be hooked up to a computer, or a coffee-maker, for that matter. As much as I like computers, using a computer to charge batteries appears a...


March 26, 2010  2:52 PM

Update on Medical Identity Theft



Posted by: Arian Eigen Heald
Data Breaches, information security, medical identity theft

A report released by Javelin (requires an expensive membership) has updated statistics for 2008: There were more than 275,000 cases in the U.S. last year of medical information theft, twice the number in 2008, The average fraud cost...


March 24, 2010  12:35 PM

Painfully Educational



Posted by: Arian Eigen Heald
ACH Fraud, Banking Fraud, Data Breaches, information security

I've talking a fair amount about ACH fraud and how they are committed by banking Trojans. At a recent forensic exam I discovered not one, but three banking Trojans on a CFO's hard disk. Want to know (I know you don't not really...but) exactly how they work? Here's a down-to-the-code analysis...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: