Sister CISA CISSP:

April, 2009


April 29, 2009  11:46 AM

Encrypt Your Laptops NOW

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

SC Magazine has reported that a laptop belonging to the State of Oklahoma was stolen, with 1 million names, Social Security numbers, birth dates and home addresses of Oklahoma's Human...

April 24, 2009  7:05 PM

The Risks of Using Gmail, Hotmail and Yahoo

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

We all do it; we connect to the web and grab our mail all the time. But those web pages are vectors for cross site scripting (CSS) and a new nasty - CSRF (pronounced SeeSurf), cross-site request forgery, affects many webmail providers, most notably Gmail. Gmail even knows about a flaw it hasn't...


April 21, 2009  3:08 PM

Scans and Pentests and Audits, Oh My!

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

Why isn't a vulnerability scan part of a penetration test? A scan looks for vulnerabilities the way hackers do - but hackers are MUCH better at it. Scans look for what they are programmed to look for - hackers look for holes. Penetration testing certainly involves scanning, but most...


April 15, 2009  7:01 PM

The Beginning of the End for PIN Codes

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

Yesterday Wired released a story that reveals a startling detail about the TJMaxx data breach: hackers were able to cash in on stolen debit cards because they had a way to crack PINS. This "minor detail" was buried in an affadavit...


April 10, 2009  8:28 PM

A DAM Good Idea

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

(Sorry, I apologize for using an acronym, but I couldn't resist.) Whenever the subject comes up of logging activity in a database, immediately the complaints of "Too much overhead!" can be heard. Everybody thinks it's a good idea in theory, but from a practical standpoint, it adds a lot of...


April 8, 2009  1:50 PM

What Conficker Tells Us

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

The latest statistics I've read from vendors now say that up to 6% of PCs worldwide are infected by the worm. What is going to happen as a result of this worm is still yet to be determined. The "patch"...


April 3, 2009  7:30 PM

When News Isn’t News

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

A client of ours was notified recently by their financial institution that some of their credit cards had been compromised by a vendor. The rational question followed: "Which vendor?" To which the bank replied, we aren't going to tell you in order to protect the reputation of the...


April 1, 2009  12:45 AM

Making it Easy For Hackers

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

How many rules do you have in your firewall? How many rules allow access directly into your network? How many rules allow ANY/ANY? The more rules you have in your firewall rulebase, the higher your risk of allowing attackers in. I'm not talking about opening access to your webserver in the...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: