Feds Arrest Hackers of TJX, Other Retailers in Huge Conspiracy Bust

Here’s an example of borderless, worldwide crime. Remember the TJ Maxx data breach? More details are coming out. A couple details it brings to the top:

1. Location, location, location. Meaningless with digital crime. A worldwide reach is possible right to your backyard.

2. Wireless is a threat. Configure it properly. When done right it can work. Haphazardly…watch out.

Be smart people…from the Mom and Pop shops all the way up to the huge corporations. It doesn’t matter. Secure it.

Big Brother Can’t Lead People

People always seem to be afraid of Big Brother. They don’t like to be watched or have the feeling they are being watched. I don’t blame them. What is   interesting to me is how some supervisors and managers want to rely on it when it might suit their needs.

It amazes me how many times I’ve had to turn down requests from these "leaders" attempting to use Big Brother as a management tool. I’ve heard the whole list of explanations:

Continue Reading

Why go to Black Hat?

The Black Hat Conference has been going on for years. For me, I’ve always said I would like to get there some day. Instead, I’ve always opted for making it to the RSA conference because the companies I’ve worked for were willing to send me to one or the other each year.

I used to believe the Black Hat conference was on the forbidden list for those of us certified with CISSP. Maybe this was true. I did a quick scan of the ethics policy on www.isc2.org web.

Continue Reading

Big Brother vs. Acceptable Balance

One of the things I’ve learned over time is how people deal with change. Introducing an INFOSEC program needs to take this into account. It is also one of the most important lessons I learned…the hard way.

When I retired from the navy and moved to the civilian sector I admit I carried a large navy attitude. I was a Chief when I left. A navy chief is used to looking at problems and getting them solved asap.

Continue Reading

USB Flash Drives – Friend or Foe?

I remember when USB flash drives came out. It was the coolest thing and so easy. But do these things really help us transport data or hurt us? I came across a couple of articles recently I thought I would pass along…of course with commentary.

First, this one about HP shipping USB sticks with malware. This was an interesting attack vector, which seems isolated to a particular type of HP server. The question is were these USB drives infected inside HP, the manufacturer, or somewhere in between? What steps need to be considered to prevent this from happening again?

Continue Reading

Know Your Business…Others May be Doing Just That.

I discovered a new website today, run by ZDNET. It is called BNET. They have an interesting couple of articles there that caught my eye. I read them and realized these articles would be great for any business to read. I’ve been spouting off for quite a while about the importance of keeping quiet outside the workplace. This attitude stems from my time in the service. It was ingrained in me to never speak outside of the workspace about what it is we do in there.

Continue Reading