Jay Heiser

A member of the Gartner Blog Network

Entries Tagged as 'malware'


Long Live Client Server

by Jay Heiser  |  August 13, 2012  |  2 Comments

Has anyone ever created a web-based application that wasn’t flaky and prone to data loss? Every time Facebook comes out with some new functionality, the entire service gets slower, and harder to use.  I’m not sure that there could be a more efficient way to lose text as it is entered than by trying to […]

2 Comments »

Category: Applications     Tags: , , , ,

You may not write down unmemorizable passwords

by Jay Heiser  |  April 19, 2012  |  1 Comment

I frequently see end user policies that contain the following two elements: Passwords must be so complex that they cannot be guessed Passwords may not be written down This is almost a model case of perfectly secure and perfectly unusable. I say almost, because the unfortunate fact of the matter is that strong passwords only […]

1 Comment »

Category: Policy security     Tags: , , , ,

Are you the SaaS Scapegoat?

by Jay Heiser  |  July 5, 2011  |  1 Comment

I get a never-ending stream of questions that usually amounts to something like “What control tasks do I need to do to be sure that this SaaS service we are going to use will be adequately secure?” Unfortunately, at this point in time, SaaS providers offer relatively little support for enterprise control over anything.  Assuming that the […]

1 Comment »

Category: Applications Cloud IAM IT Governance risk management security Vendor Contracts     Tags: , , , , , , , , , ,

Time for a rant about passwords

by Jay Heiser  |  May 13, 2011  |  Comments Off

How much mental anguish is the result of ignorant accounting grads working for Big 4s, struggling to find SOX-relevancy, totally oblivious to the huge amount of HCI research that has been done on the topics of passwords, so ignorant to the history of computer security that they don’t recognize they are demanding the use of pre-network, pre-malware controls that were developed by mathematicians who were completely ignoring human factors.

Comments Off

Category: risk management security     Tags: , , , , , , ,

Hypothetical attacks arrive in their own sweet time

by Jay Heiser  |  October 1, 2010  |  Comments Off

Whatever the source of Stuxnet, it would be naïve not to expect that the knowledge that such a thing is possible and existent has not already begun stimulating the minds of the politically-motived malware makers.

Comments Off

Category: security     Tags: , , , ,

20 years of phishing

by Jay Heiser  |  May 3, 2010  |  1 Comment

I was cleaning up some old notebooks (paper, not digital) this weekend, and found this diagram from a 1997 Powerpoint presentation (if you look carefully, you can see my ‘Excite’ starting page): Even before the generic term ‘firewall’ was consistently applied to apply to network perimeter security devices (which happened after 1994), military researchers had […]

1 Comment »

Category: security     Tags: , , , , ,

Are you being cross-notified?

by Jay Heiser  |  March 19, 2010  |  Comments Off

I’ve recently become aware of several incidents of client data being lost because their service provider administrators had managed to infect their administrative workstations with malware. If your service provider were to suffer an embarassing failure like that, would they tell you? Before allowing an outsider to have privileged access to any of your systems, […]

Comments Off

Category: risk management security     Tags: , , , , , , ,

Yes, Virginia, industrial espionage is real

by Jay Heiser  |  January 27, 2010  |  Comments Off

Google’s January 12 blog about their apparently falling victim to a cyberattack of Chinese origin, a cyberonslaught which also targeted several dozen other commercial and defense corporations, has been thoroughly reported on, blogged, and discussed. There will undoubtedly be a lot of valuable lessons–if we ever learn what actually happened.  Hopefully, this will increase the […]

Comments Off

Category: Cloud security     Tags: , , , , , , ,