h1

Sanitize Your Flash Drive

May 22, 2009

Ever thought about what really happens to your files after you empty your recycle bin? Are they really deleted forever? What about a flash drive that once held sensitive customer/member information? Would you believe us that any data stored to that flash drive could potentially be recovered? Read the rest of this entry »

Posted in Security Best Practices | Tagged , , , , , | Leave a Comment »

h1

New Trojan Targets Diebold ATMs

April 15, 2009

Are you running anti-virus software on your ATMs?  A new Trojan that specifically attacks Diebold ATMs has been detected in Eastern Europe.  The virus logs data in a file on the ATM enabling the attacker to retrieve the data and perform other tasks through the ATM keypad.  Read the rest of this entry »

Posted in Emerging Threats | Tagged , , , , , , , , , , | Leave a Comment »

h1

Hardening Procedures

April 8, 2009

As an IT audit and penetration testing firm, one of the key areas we see as deficient in most organizations is system hardening, specifically pre-deployment hardening procedures. These procedures provide guidelines to securing computer systems prior to installation for official business use. It is sometimes difficult to determine why organizations may not have hardening procedures.  Read the rest of this entry »

Posted in IT Audit Best Practices, Security Best Practices | Tagged , , , , , , | Leave a Comment »

h1

A Technique for Unique Passwords on Every Web Site

March 12, 2009

Here’s a recommendation for password use on websites. For all websites that require a password, come up with a consistent technique that ensures your passwords are unique on each site. Read the rest of this entry »

Posted in IT Audit Best Practices | Tagged | Leave a Comment »

h1

Playing it safe on the World Wireless Web

March 6, 2009

At nearly every presentation we give, there is always at least one or two people that ask us about wireless security.  So we thought we’d write about it.

Wireless is a GREAT convenience and with a few basic steps, you can ensure that it is reasonably secure from hackers and / or bandwidth thieves.  I’d like to address two different aspects of wireless communications in this post: business and home.  Both have their unique requirements and should be configured differently – unless of course, your home is also your business. Read the rest of this entry »

Posted in Security Best Practices | Tagged , , , , | Leave a Comment »

h1

Were You Able to Hack Our Mainframe?

February 25, 2009

We just spent the last 15 minutes laying out for our client how we had hacked their Microsoft network infrastructure and had “domain admin” access. Then the IT Manager asked, “Were you able to hack our mainframe?” I almost fell to the floor. It took another five minutes to explain, gently as I could, that this question was almost entirely irrelevant. Read the rest of this entry »

Posted in IT Audit Best Practices, Security Best Practices | Tagged , , , | Leave a Comment »

h1

The Effectiveness of Exploit Frameworks and Point-and-Click Hacking

February 3, 2009

Within the past two weeks we hacked into and gained access to privileged customer information at three financial institutions.  I was personally involved in one of the three projects, making me realize how trivial it really is.  We’ve used the exact same vulnerability exploit at multiple institutions (financial and non-financial) over the past three months.  This particular exploit has become so trivial that it’s not even impressive anymore.  Read the rest of this entry »

Posted in Security Best Practices | Tagged , , , , , | Leave a Comment »

h1

Why are Operating Systems and other Software full of Security Holes?

January 22, 2009

It’s been a bit more than ten years now since the security industry began calling attention to buggy software development practices.  And despite the security industry’s best efforts, most software development companies continue to produce code with security flaws. Read the rest of this entry »

Posted in GLBA Compliance, IT Audit Best Practices | Tagged , | Leave a Comment »

h1

Keep your Home Computer Safe!

January 13, 2009

TrustCC’s blog is intended to provide articles relevant to financial institutions.  Why an article about keeping home computers safe?  It seems a bit more than 20% of our financial institution clients allow remote access to business systems from home.  While this capability is often limited to select personnel, the criteria for allowing remote access is typically never connected to the ability to ensure the “home system” is secure.  So we thought we post a quick one highlighting 5 steps to keep home computers safe.  If you are responsible for managing remote access for your financial institution, you may want to craft a policy that requires those with remote access to comply with these recommendations. Read the rest of this entry »

Posted in Emerging Threats, Security Best Practices | Tagged , , , , , | Leave a Comment »

h1

Are you “at the mercy of your service provider”?

January 2, 2009

We received an email today from a credit union examiner in the eastern United States.  We had the privilege of providing him a week of IT training earlier in the year through our relationship with NASCUS.  He wrote, “So many of these small to medium size shops are at the mercy of the service provider and therefore rely on them for everything… what kind of detail should a vendor provide to the credit union about IT controls?” Read the rest of this entry »

Posted in GLBA Compliance, Security Best Practices | Tagged , , , | Leave a Comment »

Older Entries »