Sister CISA CISSP:

Data Breaches


July 31, 2008  8:33 PM

Losing Your Credit Card Number at the Airline Check-in Kiosk



Posted by: Arian Eigen Heald
Automatic Theft Machines, Data Breaches, Identity theft, PCI DSS, Security, TCM (Truly Clueless Management), Travel

According to an article on MSNBC.com, there has been a data breach at the Toronto, Canada airport that may have been through the check-in kiosks. Similar to my

July 1, 2008  3:08 PM

Making Software Developers Clean Up Their Act



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, Database, Database security, Development, IT audit, Security, Tools & Tricks of the Trade

In the course of many audits and pentests, I can't tell you how many times I have found flaws and openings based on bad development practices. It's downright painful. And yet software keeps coming out with the same problems. I know WHY this is happening, but I can't stop it. YOU can. Have...


June 25, 2008  11:48 PM

Four Year Study – Part II – International CyberCrime is Increasing and WHY



Posted by: Arian Eigen Heald
Data Breaches, Identity theft, PCI DSS, Security

The study from Verizon had some interesting (and scary) information about the growing worldwide market for stolen data. For example, attacks from Asia, particularly in China and Vietnam, often involve application exploits leading to data compromise. - Folks over there know about coding,...


June 19, 2008  1:03 PM

Verizon Four Year Study on Data Breaches – Well Worth Reading



Posted by: Arian Eigen Heald
Compliance, Data Breaches, Identity theft, Security

A Boston Globe article caught my eye. Although it's not news to me (or probably you), here is more than anecdotal evidence that many medium and small businesses are still not making...


June 17, 2008  1:00 PM

Losing My Identity At the Drugstore Instant Photo Machine



Posted by: Arian Eigen Heald
Data Breaches, Identity theft, Security, Stupid Technology, Tearing My Hair Out

A few days ago I went with my partner to the local drugstore (all the big chains have these machines) to print out a jpeg to send with a card for Father's Day. The picture was on a thumb drive for easy transport, and I was along to provide technical support (I try to at least appear...


May 5, 2008  8:52 PM

Five Myths About Compliance



Posted by: Arian Eigen Heald
Compliance, Data Breaches, Security, Security Metrics

Compliance: The state of conformity of a regulated party (including a corporation, institution, individual or other legal entity) with a legislative or regulatory requirement or a recognized standard. 1. If we’re compliant, that means we’re secure. Would that...


April 22, 2008  6:09 PM

Using Your IDS as a Boat Anchor



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, IT audit, Security, TCM (Truly Clueless Management), Tearing My Hair Out, Tools for Auditing and Security

Setting up your Intrusion Detection System to send you email alerts designed by the consultants who put it in and thinking you are secure is the equivalent of wrapping a chain around the server and tossing it in when you go fishing. It will do just as much, if not more good in the lake as it will...


April 4, 2008  4:44 PM

There’s a BIG Difference Between Hannaford and TJMaxx



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, PCI DSS, Security, Wireless

One of my readers has commented about how badly Hannaford and TJMaxx have been treated by the media and Internet commentary because of their data breaches. From my perspective, concerning the data breaches, I can only speak as an auditor and an engineer, not having been inside either company's...


March 31, 2008  11:57 PM

Hannaford Is NOT The Bad Guy



Posted by: Arian Eigen Heald
Data Breaches, Security

I live in Portland, Maine, the home base of Hannaford, a regional grocery chain. They are owned by Food Lion, headquartered in Charlotte, NC. In turn, Food Lion is owned by an international company in Belgium, Delhaize. Just in case you were on a desert island,


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: