Over the past week there has been information finally coming out about how the Target breach occurred. This write up in Wired and another by Brian Krebs point back to a compromise in the Point of Sale (POS) system by malware that does ‘memory scraping’. Interesting. Typically POS devices are assumed and certified to be […]
Read more "More On The Target Breach"Last week I posted about reviewing passwords and mentioned using a password manager as part of that effort. DaniSQL noted in a comment a whitepaper about some browser vulnerabilities that can impact password managers – http://isecpartners.github.io/whitepapers/passwords/2013/11/05/Browser-Extension-Password-Managers.html. It’s a quick read and as always when we talk about security it often seems like can nothing be […]
Read more "More on Password Managers"I was a bit sad to see that Google bought Nest. I like upstarts that see a problem and solve it. I’m highly in favor of them profiting from doing so. I just don’t want to see Google (or Microsoft, or Apple, or Facebook, or Amazon) buy them all up. I wouldn’t have turned down […]
Read more "Google Buys Nest"My first webinar of the year! I’m joining forces with the GreenSQL and MSSQLTips to present Security, Compliance, and SQL Server on January 29th at 3pm Eastern. I’ll be talking about how to work with/understand the Security and Compliance teams – what drives them, what they hope to accomplish, and why they sometimes ask you […]
Read more "Security, Compliance, and SQL Server Webinar on January 29, 2014"I use a password manager and it currently has more than 150 accounts in it, ranging from my checking account and other personal stuff to logins to MSDN, various client VPN’s, and more. Almost all of the passwords are unique. Ideally they would be unique, but sometimes I sacrifice ease of use for maximum security. […]
Read more "Schedule Time To Review Your Passwords & Using a Password Manager"Something you have and something you know – that’s the heart of two-factor, sometimes called multi-factor, authentication. RSA was for years the most common. You use either the key fob hardware device or the software app to get a ‘code’ that you enter in addition to your ID and your (hopefully) strong password. The code […]
Read more "Two-Factor Authentication"Possibly as many as forty million credit cards used at Target were compromised. A staggering breach and a cautionary tale – anyone can get beat, even a mega corp with close to unlimited resources. My guess (no inside scoop) is that the Target IT team has had their world turned upside down –they failed (directly […]
Read more "Some Thoughts on the Target Breach"I’ll be doing my PCI for the SQL DBA presentation on August 8th at 1 pm Eastern for the PASS Security Virtual Chapter. Visit the chapter page for more info, or you can register directly for the webinar. Hope you’ll attend!
Read more "Presenting PCI for the SQL DBA on August 8, 2013"I’ll try to write more about these over the next couple months, but I wanted to write down a quick reference for those that have to deal with storing credit card numbers. These rules cover the basics – the full topic of protecting card data is easily a book or two. These are my rules, […]
Read more "The SQLAndy Rules for Storing Credit Card Numbers"I live in a pleasant, calm, middle class neighborhood. Not much crime here, at most the rare break-in or vandalism, not a place where you worry about going out for a walk in the evening. Recently the HOA sent out a letter discussing the install of security cameras to increase security and that provoked some […]
Read more "Security Cameras in the Neighborhood"
SQLAndy 