Sister CISA CISSP:

Hardware & InfoSec


September 27, 2010  4:24 PM

“Free” USB Drive Calls Home



Posted by: Arian Eigen Heald
Data Breaches, Hardware & InfoSec, information security, Privacy

At a conference I attended not long ago, part of the conference package I received was a "free" USB drive from one of the vendors. Every attendee received one of the drives. Being the information security person that I am, "free" USB drives make me wary. Marketers also make me wary. So, I looked...

September 23, 2010  1:16 PM

More on Cell Phone Location Data – Apple Logs Everything



Posted by: Arian Eigen Heald
ce, Data Center, Hardware & InfoSec, mobile phone security, Privacy, privacy on the web

If the C-level and Board members of your company are concerned about the privacy and security of their business and personal data, you might want to educate them about the privacy policy of a very frequently used mobile device: the iPhone. According to this


February 17, 2010  2:58 AM

Beware the “Smoker Door!”



Posted by: Arian Eigen Heald
Adventures in Auditing, Data Center, Eigen's Rules of Thumb, Hardware & InfoSec, information security policy, Penetration testing, Physical Security, Start Laughing Now, Tools & Tricks of the Trade

When doing a physical security audit, there's always the "security by walking around" phase. I find PCs with no screensavers, passwords under keyboards and keys labeled "server room." Consider the cigarette smoker. Every company has them. (Better, by far, than the cigar smokers, in my opinion.)...


February 10, 2010  7:47 PM

Printers & Copiers & Data Theft, Oh My



Posted by: Arian Eigen Heald
Data Breaches, data security, Hardware & InfoSec

It's worthwhile to consider the printers, copiers and scanners (or all 3 together - multi-function devices) on your network. How many of your printers allow open access? Open ports? Can I telnet to your printers? Why worry? Why bother? Well, if you google


November 23, 2009  5:39 PM

Buy Your OWN Automatic Theft Machine



Posted by: Arian Eigen Heald
Automatic Theft Machines, Data Breaches, Eigen's Rules of Thumb, Hardware & InfoSec, Identity theft, Stupid Technology

Is it really a surprise that ATMs can be bought on eBay or Craigslist? Given the amount of...


October 30, 2009  12:53 AM

When a “Fix” is Not a Fix – The Fix is In



Posted by: Arian Eigen Heald
Data Breaches, Hardware & InfoSec, information security, Stupid Technology, TCM (Truly Clueless Management), Tearing My Hair Out, Wireless

In my previous post, I discussed the Time Warner/SMC modem enormous security flaw. Lo and behold, I am visited and left a comment by "Adam Wood" defending SMC,...


September 22, 2009  4:33 PM

Next Generation ATM Skimmers



Posted by: Arian Eigen Heald
ATM Security, Automatic Theft Machines, Data Breaches, Hardware & InfoSec, information security

I was over on identitytheft.info watching some video feeds when I came across this one. It's worth taking a look at not because the technique for attaching Bad Things is all that different, but...


September 17, 2009  9:07 PM

Pumping Gas and Losing Your Shirt



Posted by: Arian Eigen Heald
ATM Security, Automatic Theft Machines, Hardware & InfoSec, information security

I hadn't really thought about it, but it made perfect sense the first time I read about it: thieves are capturing credit card and debit card data at the gas pump. Given that the pump is acting as a big cash register, it makes perfect sense that skimmers could be attached the...


July 15, 2009  8:47 PM

Hard Disks Never Die – They go to Digital Forensics



Posted by: Arian Eigen Heald
"How Do You Know?", Digital Forensics, Forensics, Hardware & InfoSec, information security

I'm attending an absolutely fascinating course on Digital Forensics provided by SANS. One of the things we will be doing is collecting data from hard drives for various practice exercises. Imagine my amusement when the handout and appendixes recommend where to get used hard drives to practice...


December 28, 2008  3:14 PM

Securing the Security Devices



Posted by: Arian Eigen Heald
"How Do You Know?", Admins and Auditors, Compliance, Hardware & InfoSec, IT audit, Security Devices, TCM (Truly Clueless Management), Tools & Tricks of the Trade, Tools for Auditing and Security

OK, so you've bought the glow-in-the-dark, meets all the compliance requirements and looks really shiny "security solution" from a vendor (one or many). Or maybe your management has bought it and presented it to you as a fait accompli. (Hope I'm spelling that fancy French right!) And of course...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: