Category Archives: Uncategorized

Security Breaches on the iPhone – By Trevor Hawthorn

Posted on by

A friend of mine recently spoke at the Schmoocon conference in Washington on the New World of Smartphone Security.

I thank him for allowing us share the article. You may reach him

Trevor Hawthorn, CISSP

Managing Principal

Stratum Security, Inc.

Trevor has thirteen years of information security experience in various roles.  Trevor specializes in risk management, application and infrastructure vulnerability assessment, penetration testing, wireless security and incident response.  He is also a regular instructor of the Certified Ethical Hacker (CEH) training course.  Previously he was a Senior Security Consultant with Cybertrust (Formerly TruSecure) where he performed information security assessments.

Click Here to Read Article:

http://www.stratumsec.net/sites/default/files/Stratum%20Security-The%20New%20World%20of%20Smartphone%20Security-Shmoocon%202010.pdf

Wils Bell
Information Security Recruiter
SecurityHeadhunter.com, Inc.
POB 620298
Oviedo, FL 32762
Desk: 407-365-2404
Cell: 407-718-7764
Twitter: security_REC

Advertisements

Personal Finance Predications for 2010: ID Theft

Posted on by

Information Security Breach

Personal Finance Predications for 2010: ID Theft

http://www.foxbusiness.com/story/personal-finance/personal-finance-predictions–id-theft/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+foxbusiness/latest+(Text+-+Latest+News)

Wils Bell
Information Security Recruiter
SecurityHeadhunter.com, Inc.
POB 620298
Oviedo, FL 32762
Desk: 407-365-2404
Cell: 407-718-7764
LinkedIn Profile:
Twitter: security_REC

Security Jobs That Require Relocation

Posted on by

Security Jobs That Require Relocation

Recently I recruited a candidate for a Security position with a large company in the SE USA. This candidate was a cold called recruit as most of my candidates are. He lived in the NE part of the country.   I presented the opportunity to him and he was very interested in talking in detail about his skills and the job.

During my interview of the candidate, which lasted well over an hour, we discussed his skills, goals and of course his personal situation since the position requires relocation . By personal situation, I mean such items as;

*Homeowner or Renter

* Married or Single

*Does he have children at home

*If children at home, how old

* Would relo to this town be OK for him

* More importantly, how would his wife & children react to a relocation

After a full interview he said he had no problem with the location and he would discuss with his wife.  Children were young so that was not the issue.

He called me back the next day and let me know that his wife had not really thought about relocation, but said if it was a great opportunity for him then of course he should pursue the opportunity.

At that point I discussed the candidate with the hiring manger and we schedule a phone interview for the candidate about  10 days later. The interview last 2 hours and went great. The candidate loved what he heard and the hiring manager wanted to schedule a 2nd interview with another person on his staff before committing to fly the candidate down for an in house interview. That interview was set up also during the next 10 days and also went well.

At this point the client wanted to fly the candidate AND his wife down to see the area and interview for the job. The client however wanted to be sure the candidate and his family were OK with a move if the interview went well and they liked the area. Candidate assured me he wanted to go since it was a great opportunity and his wife was open to seeing the area also.

The client even sent a full detailed email they put together themselves about the area and it benefits. It included where others that worked for the company had come from and there likes and dislikes of the area.

Unfortunately it took several weeks for the candidate and client to come up with some mutual dates they could meet.

When we finally got a date that would work I called the candidate to confirm.

As you can probably guess at this pint he started to waiver. Appears that his wife now has second thoughts.  He said that she had no problem with him interviewing  for a position out of the area because she never thought it would go anywhere. When it was time to fly down, she thought if she kept stalling on the dates it would be dropped. The candidate informed me that his wife would fly down to the new city, but regardless how how nice the city was, or housing, or better cost of living she had already made up her mind that she would hate the city. He also stated that his wife would move, BUT she would be miserable everyday she was there and she would make sure he knew it.

Well, after some real digging on my part the truth came out.  The candidate admitted that he had suspected all along that his wife really was going to be an issue but he never really sat down with her and talked it out fully with her. He simply felt that she “would come around” to the idea. He was wrong.

Relocation for some people is not an issue,, but for others it is not. That’s why I spend so much time talking to candidates about the personal side of a relocation /job change.

As a candidate, if a new job opportunity comes along that requires relocation it is very important that you sit down and talk to the family about the relocation in the beginning. Once the interview with the client begins relocation is a real possibility. If your spouse or children or partner, etc are resistant that must be dealt with prior to interviewing.

If  it can’t be resolved then this position is not a match for you at the present time. Let it go.

If the candidate above had done what I asked in the beginning and was 100% honest then we could have found out why the resistance and perhaps solved the issue before he wasted my time and the client time.

Wils Bell

Bell@SecurityHeadhunter.com

SecurityHeadhunter.com

Security Breach Leaves 45,000 Exposed

Posted on by

Another University Security Breach

On Tuesday of this week, Cornell University notified 45,000 current and former members of the University community that their names and social security numbers had been exposed.

How: A university owed laptop was stolen earlier in the month.

A member of the University’s “Technical Staff” had access to the laptop which contained the sensitive data. They had the laptop for the purpose of correcting file processing transmission errors.

The files on the computer containing the names and social security numbers were not encrypted and the laptop was left in a physically unsecured environment, which violates University policy.

Even though the data on the laptop contained “no other sensitive data ” besides the names and social security numbers it is unbelievable that the data was not encrypted.

The university has stated that they feel they have identified all affected individuals and will provide protective services to those affected, including free credit reporting, credit monitoring and identity theft restoration services to those affected by the security breach.

As I have written before in this BLOG, Data Breach Can Cost You Millions of dollars and this does not include your brand reputation.

Individuals affected by this security breach include 22,546 students (10,597 of whom are alumni) and 22,731 faculty and staff members (of whom 4,284 are retirees or other separated employees.

University officials indicated that thus far non of the exposed data has been abused, however once again this data breach draws attention to the far boarder issue of the security of private information in this digital age.

The university also indicated that last June another Cornell computer used for administration purposes was hacked and the university notified 2,500 students of the incident and that person information may have been breached.

As noted in other postings, it appears that many times when a Data or Security Breach is brought to light, the affected organization also indicates that this is not their first incident.

Wils Bell – President
SecurityHeadhunter.com, Inc.
POB 620298
Oviedo, FL 32762
PH: 407-365-2404
Fax: 407-956-4976
Email: Bell@SecurityHeadHunter.com

Web: SecurityHeadhunter.com

Linkedin: http://www.linkedin.com/in/wilsbell

Twitter: Security_REC

Virginia Data Breach and Ransom

Posted on by

Cyber Thief Asking $10,000,000

According to a posting on Wikileaks.org, the on-line clearinghouse for leaked documents, hackers  in late April broke into a Common Wealth of Virginia state Web site used by pharmacists to track prescription drug abuse. The cyber thief deleted records on more than 8 million patients and then replaced the site’s homepage with a ransom note. The note demanded $10, 000,000 for the return of the records.

 

The ransom stated:

“I have your sh*t!

In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password.)”

It truly stretches the imagination to believe outside cyber thief’s could break into a state-run website and destroy the “original data” and its backup, which presumably would be  (should be!) stored off-site. This attack was the latest incident to involve the mass storage of EMR (electronic medical records). When not secured properly, EMR’s are easier to steal than paper records. Late last year, pharmacy prescription processor Express Scripts offered a $1,000,000 reward for information leading to the arrest of hackers who threatened to disclose stolen records belonging to millions of their patients.

Several security pros says that at a time when botnets are quietly stealing truckloads of  corporate and financial data  and quietly disappearing off into the dark world of cyber crime, data being kidnapped and held for ransom is not among the top threats enterprises should be worried about.  In all actuality, the largest threats are the ones that attempt to  be in stealth mode, leaving no trace if you will for the victims to identify.

That said however,  the current administration’s push  to digitization medical records to lower the cost of health care could open the door for exploitation.  Assuming these groups of extortionists aren’t bluffing when they say they’ve acquired EMR’s, then theft / ransom of this personal data may become more frequent as paper records are digitized.

 

By:  Wils Bell, President

LinkedIn Profile: http://www.linkedin.com/in/wilsbell
SecurityHeadhunter.com, Inc.

Information Security Recruitment Since 1990
Phone: 407-365-2404
eFax: 407-956-4976

Email: Bell@SecurityHeadhunter.com