All Posts Tagged: Breach

Oracle Database Security – Part 2

This is part 2 of a series of posts aiming to analyze the real world security challenge of the Oracle database. Part 1 discussed the potential risks to the database, and this part will discuss the methods likely to be employed by each individual to compromise the data. So How will the breach occur? While […]

Read More

BlueCross BlueShield

On Friday, October 2, 2009 at approximately 6:13pm, someone stole 57 hard drives from a network closet in a BlueCross BlueShield office in Chattanooga, TN. See the original notification issued by BlueCross BlueShield here. The drives contained unencrypted audio files of over 1 million customer support calls totaling 50,000 hours of conversation, along with 300,000 […]

Read More

Does Compliance mean Compliant?

I read an article in Bank info Security about a breach into a restaurant in Texas located on Interstate 45 between Houston and Dallas. Someone seems to have gotten into the restaurants point of sale systems through a 3rd party vendor. It is interesting that everyone is a potential target these days, and small business […]

Read More

Anonymous, LulzSec: Heroes or Villains?

I just read a post on Gov Info Security with the same title. While I find that post to be a little without focus, I think the subject is a good one and deserves attention. You can read an example of their mischief in this post I think there are a handful of good things […]

Read More

(UN)SAFE

The cover story of the April issue of Dark Reading was “Diary Of A Breach” by Adam Ely. I read it a few months ago and remembered it this morning when I was reading about the SAFE Data Act. “Diary of a Breach” was a well written piece that walked the reader through an imaginary […]

Read More

Hacker Defense

I was looking at my previous Hackers post and realized it’s missing something. So here is Hackers part 2 – Hacker Defense. I should first start by saying there is no fixed recipe for defending against hackers. There are many things you should do to secure your organization, but hacking is a type of out-of-the-box […]

Read More

Security is an illusion

On Monday July 11, the hacker group Anonymous announced that it penetrated Booz Allen Hamilton. See their post Here. According to the post, the attack was easy and took only 4 man hours. It was easy because they managed to find a server with no security. After penetrating the network, they got passwords, sources and […]

Read More

Insider Threat

On June 26, the FBI arrested Gary Foster, a former accountant in Citigroup that allegedly embezzled more than $19.2 million. We don’t want to think that employees embezzle, but it happens. What caught my eye was not that an accountant might have embezzled, but the fact that it took a year before anyone noticed millions […]

Read More

RSA CSO interview

I just heard an interesting pod cast interviewing Eddie Schwartz who is the new CSO of RSA. RSA revealed a data breach into it’s SecurID database in March. In June it was confirmed that the information stolen during the RSA breach was used to breach Lockheed Martin. Here’s a portion of what Schwartz said: “Imagine […]

Read More