Yearly Archive: 2011

Oracle Terminal

DBAs sometimes need to be logged into the UNIX machine the database is running on. Unfortunately, this is not always a simple thing to accomplish. The two most common reasons are that either you forgot the password to the Oracle account, or you just don’t have it due to separation of duties. In either case, […]

Read More

BlueCross BlueShield

On Friday, October 2, 2009 at approximately 6:13pm, someone stole 57 hard drives from a network closet in a BlueCross BlueShield office in Chattanooga, TN. See the original notification issued by BlueCross BlueShield here. The drives contained unencrypted audio files of over 1 million customer support calls totaling 50,000 hours of conversation, along with 300,000 […]

Read More

Does Compliance mean Compliant?

I read an article in Bank info Security about a breach into a restaurant in Texas located on Interstate 45 between Houston and Dallas. Someone seems to have gotten into the restaurants point of sale systems through a 3rd party vendor. It is interesting that everyone is a potential target these days, and small business […]

Read More

Anonymous, LulzSec: Heroes or Villains?

I just read a post on Gov Info Security with the same title. While I find that post to be a little without focus, I think the subject is a good one and deserves attention. You can read an example of their mischief in this post I think there are a handful of good things […]

Read More

Security State of the Government

I read a survey today about about the state of government security as perceived by more than 200 government IT security professionals. I found the results to be very interesting. The survey shows concern is mostly about inside problems. The further outside the threat is, the less it is considered a threat. I find this […]

Read More

(UN)SAFE

The cover story of the April issue of Dark Reading was “Diary Of A Breach” by Adam Ely. I read it a few months ago and remembered it this morning when I was reading about the SAFE Data Act. “Diary of a Breach” was a well written piece that walked the reader through an imaginary […]

Read More

FFIEC – Database auditing

I have to admit that I was very pleasantly surprised by the clarity of the information provided by the FFIEC and its availability. For those that don’t know what the FFIEC is, it is The Federal Financial Institutions Examination Council (FFIEC). The FFIEC was established by Congress in 1979 to prescribe uniform principles, standards, and […]

Read More

IRS database audit

In May 2011 the Treasury Inspector General for Tax Administration (TIGTA) published its finding of an audit of the IRS databases conducted during most of 2010. This audit was only for the IRS databases and you can read the full report Here. The report discovered what I would consider fundamental security problems in the IRS […]

Read More

Homeland Security

The Department of Homeland Security (DHS) Office of Inspector General (OIG) published an audit report in June 2011. You can see the full redacted report Here. The audit found some issues with the security of PCII (Protected Critical Infrastructure Information), but I’m honestly more troubled by another issue. Reading through this report I couldn’t help […]

Read More

Threats in the Supply Chain

I just read the July 2011 issue of Dark Reading and found it to be hovering around the point but missing the punch. But before I go into all that, I need to explain what this issue is about: The July 2011 issue is titled “Threats in the Supply Chain” and is about the security […]

Read More
Page 1 of 3123»