Browsed by
Author: Jeff Hill

Open Access (Part 2): Shutting It Down

Open Access (Part 2): Shutting It Down

Last week, we talked about the headache-inducing security fault known as Open Access. Now, let us be your Advil. For the past decade, STEALTHbits has been working with many of the largest, most complex organizations in the world to perform content collection and analysis across their technology infrastructure. Through these operations, we have developed an advanced workflow process to support complicated organizations along with more streamlined ones. Each organization has a unique structure, so we found similar discrepancies in security…

Read More Read More

Open Access (Part 1): An Open Bar

Open Access (Part 1): An Open Bar

There’s a reason Mom and Dad put the liquor in a locked cabinet when my sister and I entered our teenage years. They could make rules, policies, and even threaten discipline, but nothing beats a physical obstacle to enhance security. With some effort and increased risk, we could break into the cabinet, but it made our lives much more difficult. An “open share” on a corporate network is like an open bar, and the bad guys and rogue employees –…

Read More Read More

The Wrong Tool for the Job (Rapidly Evolving Data Breach Law – Part 2 of 2…maybe 3)

The Wrong Tool for the Job (Rapidly Evolving Data Breach Law – Part 2 of 2…maybe 3)

Two years ago, I met a relative of a friend at a Thanksgiving dinner party. He was a prominent plaintiff’s attorney at a NJ law firm one might recognize from their personal injury commercials; my friend told me previously that he’d done quite well for himself over the years. At my urging – I get bored quickly at formal dinner parties and constantly search for a distraction – he told me about a case he was working on. A couple…

Read More Read More

Rapidly Evolving Data Breach Law – Part 1 of 2

Rapidly Evolving Data Breach Law – Part 1 of 2

The raft of enterprise data breaches over the past few years has prompted rapid evolution in Infosec technology, enterprise security philosophy, and has amplified the strategic importance of cybersecurity among corporate leadership. All good stuff. But, as every silver lining has a cloud, and, since we live in the most litigious nation on the planet, it should surprise no one that the legal community smells blood in the water. Given this reality, I thought it might make sense to explore…

Read More Read More

Hacking Class is Now in Session

Hacking Class is Now in Session

Whoever said crime doesn’t pay wasn’t thinking out-of-the-box, or hasn’t met Ivan Turchynov, the purported leader of a Ukrainian hacking ring recently cracked by US Federal investigators and reported in the Washington Post on August 11th. Apparently, the hackers worked with equity traders to generate upwards of $100MM in profits since 2010 by trading on stolen insider information. Stealing 150,000 corporate press releases before they were public, they were able to accurately predict stock prices after the information in the press…

Read More Read More

Location, Location, Location

Location, Location, Location

User behavior analytics (UBA). If it’s not the hottest buzz word in the InfoSec world today, it’s definitely challenging for the top spot. Identifying a security threat, either external or internal, based on activities that vary from a normal pattern is all the rage, and without question, can be a valuable tool in the battle against security threats. Why is John accessing that file share repeatedly this week and copying so many documents? He rarely visits that server, and never…

Read More Read More

The Icing on the Cake

The Icing on the Cake

I was thinking over the weekend about last week’s breach of the UCLA Health System and subsequent theft of 4.5 million medical records. Hackers know that medical records can fetch 10 times the dollars that a stolen credit card can, and that makes sense when you think about it. Cancelling or changing your credit card number takes one phone call to your credit card company’s 1-800 number, and with the advent of credit card fraud detection software – that phone…

Read More Read More

The IRS Gets Something Worse than an Audit for Using Knowledge Based Authentication

The IRS Gets Something Worse than an Audit for Using Knowledge Based Authentication

The IRS Get Transcript data leak is evidence of just how complex security at large scales can be. By now I’m sure you’ve heard that at least 100,000 US tax payer’s IRS transcript data has been stolen, and up to 200,000 (possibly many more) were attempted to be stolen. With all the breaches in the news, it’s easy to assume this is just another example of poor security at an organization leading to the bad guys finding a way in….

Read More Read More

Are Security Pros Getting Serious About Security?

Are Security Pros Getting Serious About Security?

I feel better when I exercise. I’d probably do it even if it weren’t really good for my health. Really. But, a nice by-product of my “indulging” in a good Stairmaster workout is improved health. My desire to feel better drives me to exercise, not because I know it’s good for me. Conversely, I know friends who exercise only because they know they have to, and they’re miserable. They do it because their Doctor said so, but they’re not happy…

Read More Read More

Sony Hack, Unstructured Data, and Privileged Accounts

Sony Hack, Unstructured Data, and Privileged Accounts

There are lots of rumors about the Sony Pictures GOP hack right now, but only two things we can say for sure: there was a ton of badly protected unstructured data taken and they used privileged accounts to pull it off. There were documents emerging from as far back as 2000. What were these documents doing in the open? Are there even Sony employees who need access to that stuff on a day to day basis? Before this starts to…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.