January 27, 2009  5:51 PM

More on the Heartland Breach

Posted by: Arian Eigen Heald
Data Breaches, Security

Some interesting information is coming forward about the break in at Heartland Payment Systems. The Secret Service has identified an overseas suspect, according to StoreFront...

Bookmark and Share     0 Comments     RSS Feed     Email a friend

January 22, 2009  5:49 PM

When a Patch is Not a Fix – We Have the Downadup Worm

Posted by: Arian Eigen Heald
Microsoft Windows, Security, Tearing My Hair Out

If you haven't heard by now, the "downadup" worm (renamed various other things by competing vendors) is propagating itself like crazy across the Internet. Various software vendors have added some artificial hype about how fast it is spreading, but I didn't get sweaty palms until I read that US_CERT...

January 20, 2009  9:03 PM

Hannaford Redux – Another Break-in From the Inside

Posted by: Arian Eigen Heald
Data Breaches, PCI DSS, Security

The sixth largest US credit card payment processor Heartland Payment Systems, has just acknowledged that their payment systems have been breached. The discovery of...

January 15, 2009  9:31 PM

Most Dangerous Programming Errors from SANS/MITRE

Posted by: Arian Eigen Heald
programming, Security

Appropro of A previous post on poor software programming practices, a "Top 25 Programming Errors" was released THIS WEEK by SANS and MITRE. The main goal for the Top 25 list is to stop vulnerabilities at the source by educating programmers on how to eliminate all-too-common mistakes before...

January 13, 2009  3:34 PM

The Purpose of Audit

Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, Database security, IT audit

Bruce Schneier's last cryptogram contained a discussion about the purpose of audit. He was commenting on the fact that Barack Obama's phone records, passport file and aunt's immigration status was inappropriately accessed by employees...

January 8, 2009  6:10 PM

First GROAN of the New Year

Posted by: Arian Eigen Heald
Security, Tearing My Hair Out

I was doing an audit today (I know, the term "audit" should only be used in connection with a financial exam, but everybody but Public Accountants use it this way) and examining the users inside a SQL database that holds one heck of a lot. I wish more IT Auditors would start looking inside...

January 5, 2009  2:24 PM

Encrypting Company Laptops

Posted by: Arian Eigen Heald

It is amazing to me that businesses are still issuing laptops to employees that do not have encryption. That being said, what do we mean when we say "the laptop is encrypted?" There are three scenarios for encrypting portable computers: 1. Windows File Encryption 2. Third-party file,...

January 1, 2009  4:40 AM

Picture This….with a Free Virus!

Posted by: Arian Eigen Heald
Security, TCM (Truly Clueless Management), Tearing My Hair Out

From Slashdot comes the painfully unsurprising news about digital picture frames. The software installation CD comes with a virus, W32.Sality.AE worm. WalMart and Amazon sold these items during the Christmas...

December 28, 2008  3:14 PM

Securing the Security Devices

Posted by: Arian Eigen Heald
"How Do You Know?", Admins and Auditors, Compliance, Hardware & InfoSec, IT audit, Security Devices, TCM (Truly Clueless Management), Tools & Tricks of the Trade, Tools for Auditing and Security

OK, so you've bought the glow-in-the-dark, meets all the compliance requirements and looks really shiny "security solution" from a vendor (one or many). Or maybe your management has bought it and presented it to you as a fait accompli. (Hope I'm spelling that fancy French right!) And of course...

December 24, 2008  7:14 PM

Getting What You Pay For…..2008

Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database security, HIPAA, IT audit, SAS 70, Security, Tearing My Hair Out

In my travels as an auditor this year, I've visited 15 states and seen approximately 20 different networks, both LAN and WAN. I've audited hospitals, lotteries, racetracks, banks, small businesses, large online retailers, metal fabricators, telco service bureaus and health care service...

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: