Sister CISA CISSP:

information security


September 27, 2010  4:24 PM

“Free” USB Drive Calls Home



Posted by: Arian Eigen Heald
Data Breaches, Hardware & InfoSec, information security, Privacy

At a conference I attended not long ago, part of the conference package I received was a "free" USB drive from one of the vendors. Every attendee received one of the drives. Being the information security person that I am, "free" USB drives make me wary. Marketers also make me wary. So, I looked...

August 31, 2010  6:23 PM

From the Council of Gov’t CIOs to the Feds: Address the Risks of Cloud Computing



Posted by: Arian Eigen Heald
cloud computing, Cloud Security, Data Center, information security, Privacy, privacy on the web

Last week the Chief Information Officers Council, a government body established by legislation in 1996, comes a Privacy Recommendations Paper from the Council to all government departments and agencies. So this paper carries a little extra...


August 3, 2010  4:54 PM

Studying Google and Twitter for Malware



Posted by: Arian Eigen Heald
information security, IT Security, malware management, social networking, Web Security

The folks from Barracuda Labs have issued a midyear report with some riveting data about the connection between Twitter and Google as venues for malware. You can see the summary and download the report


May 13, 2010  1:07 AM

Trojans, Part Deux



Posted by: Arian Eigen Heald
information security

I was supposed to title this entry "anti-malware and registry hunting," but perhaps I should just call it: "Ate My Lunch. All of it." After running gmer, malwarebytes and Symantec in both Safe Mode and fully booted OS,...


April 15, 2010  6:49 PM

Adobe Reader at the Forefront of Malware Delivery



Posted by: Arian Eigen Heald
Data Breaches, data security, information security, malware management

Statistics from a new study by F-Secure indicate that Adobe Reader has surpassed Microsoft Office products as a vector for malware delivery 2009. F-Secure has also pointed out that you can embed movies and songs, JavaScript, and...


April 7, 2010  3:16 PM

A Free Tool Both Admins and Auditors Will Like



Posted by: Arian Eigen Heald
Admins and Auditors, data security, free tools, information security

For an admin, making the auditor happy is NOT the goal in life. It's to keep things running, squeeze in improvements, implement new products and do it with a work force that is always too small. For an auditor, getting information to build a complete report, with all the test information, means...


March 31, 2010  11:53 PM

A Trojan as a “Value-Add” for a Battery Charger



Posted by: Arian Eigen Heald
Data Breaches, information security, Stupid Technology, TCM (Truly Clueless Management)

I'm really not sure why a USB battery charger would need software to be hooked up to a computer, or a coffee-maker, for that matter. As much as I like computers, using a computer to charge batteries appears a...


March 26, 2010  2:52 PM

Update on Medical Identity Theft



Posted by: Arian Eigen Heald
Data Breaches, information security, medical identity theft

A report released by Javelin (requires an expensive membership) has updated statistics for 2008: There were more than 275,000 cases in the U.S. last year of medical information theft, twice the number in 2008, The average fraud cost...


March 24, 2010  12:35 PM

Painfully Educational



Posted by: Arian Eigen Heald
ACH Fraud, Banking Fraud, Data Breaches, information security

I've talking a fair amount about ACH fraud and how they are committed by banking Trojans. At a recent forensic exam I discovered not one, but three banking Trojans on a CFO's hard disk. Want to know (I know you don't not really...but) exactly how they work? Here's a down-to-the-code analysis...


March 17, 2010  8:26 PM

What Constitutes “A Lot of Money?”



Posted by: Arian Eigen Heald
Data Breaches, data security, information security

There's always a lot of discussion on the Internet about how much "security" (by which they usually mean IT security) costs, and whether it's a good ROI. (Return on Investment - another candidate for Acronym dismemberment.) There's a lot of factors to consider, but for small to medium sized...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: