• 19 Mar 2019

    Good, old-fashioned, boring passwords – the key to good security

    Many people are quick to proclaim that passwords are dead...that SSO, MFA, and related technologies are THE solution. Not so fast. Passwords, as we've known them for decades, are not going away anytime soon. Sure, I'll embrace the technologies that help take the pain out of passwords and password management. Hopefully we will be password-free in the next few decades. Still, pragmatism will win out over presumed quick fixes every ...

    Continue Reading...
  • 21 Jun 2018

    Passwords

    passwords You may need to do a quick third-party registration to access certain ones. Articles What to expect during your next penetration test Following up on your vulnerability and penetration testing Low-hanging security fruit you can’t afford to overlook Best practice tips for your password policy How to audit network passwords Three Actionable Steps To Take Following Your Penetration Testing The science behind bad passwords What you need to know ...

    Continue Reading...
  • 20 Jan 2016

    Worst passwords (on your network right now)

    The fifth-annual Worst Passwords List put out by SplashData is here and the findings aren't terribly surprising. Here are the top five:#1: 123456#2: password#3: 12345#4: 12345678#5: qwerty  Good stuff! What's that quote about insanity? One of those security basics that we'll likely continue to ignore until the end of time. That's alright, as some of the best sideline analysts will proclaim: we need not focus on such trivial things. Well, they ...

    Continue Reading...
  • 08 Nov 2011

    One of my pet peeves: relying on users to wipe out wimpy passwords

    You cannot - and should never - rely on your users for complete security...yet they're often the first or last line of defense - sometimes both. I wrote about this a while back but it's a problem that's still rampant in IT so I had to bring it up again. It's probably my biggest pet peeves with security. Simply telling users that they need to select strong passwords on their ...

    Continue Reading...
  • 01 Apr 2011

    Web security tidbits on developers, leadership, weak passwords & more

    Here are a few pieces I've written recently on Web application security you may be interested in...things that affect each and every one of us working in IT and infosec:I wouldn’t want to be a developer these daysDon’t overlook the importance of authenticated testingYou can’t change what you tolerateTesting for weak passwords: a common oversight without a great solutionHow often should you test your web applications?Notable changes in the PCI ...

    Continue Reading...
  • 11 Nov 2010

    Internet Password Breaker – yet another reason to encrypt your laptops

    Elcomsoft just released their new version of Elcomsoft Internet Password Breaker which now supports Chrome, Opera, Safari and Firefox. In essence the program can recover passwords, sensitive form data and so on that users have conveniently stored in their browsers for the past, oh, several years. Furthermore, the tool can now instantly recover Microsoft Outlook, Outlook Express, Windows Mail and Windows Live Mail account info, user IDs, passwords and cached ...

    Continue Reading...
  • 09 Nov 2010

    Windows 7 security tools & password weaknesses

    Here are some recent SearchEnterpriseDesktop.com pieces I wrote regarding Windows 7 security...enjoy!Using Windows 7's built-in features to keep your desktops secureWindows 7 doesn’t end the need to monitor passwords...

    Continue Reading...
  • 30 Sep 2010

    Elcomsoft’s new Phone Password Breaker now supports the BlackBerry

    Elcomsoft's neat iPhone Password Breaker tool that can crack iPhone backup passwords just got 100% better. Now it's called Phone Password Breaker and supports BlackBerry backups. Nice.Combine such a tool with all the open shares and unstructured data scattered about the average network and you've got a pretty serious problem on your hands. That is unless you're using the tool in a security assessment and demonstrating the continued risks smartphones ...

    Continue Reading...
  • 26 Apr 2010

    Cracking Windows 7 passwords + a bit on BitLocker

    Here's the latest on Windows 7 passwords along with how they can be cracked and some tools for doing so:Cracking passwords in Windows 7I wrote a whitepaper on BitLocker in Windows 7 not long ago and here are some additional thoughts/tips in case you're considering it:Using BitLocker in Windows 7 For additional reading, Paul Thurrott's SuperSite for Windows is a great resource on Windows 7 and more....

    Continue Reading...
  • 17 Apr 2010

    Essentials for cracking SQL Server passwords

    Looking to check the resiliency of your Microsoft SQL Server systems? You may very well find that you don't have to look much further than weak/blank passwords to gain full access. I've come across a few vulnerable SQL Server systems via manual analysis. However, I couldn't live without a small set of SQL Server password cracking tools that you should check out as well.Here's a piece I wrote that can ...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security appsec basics books careers censorship CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches hacking Hacking For Dummies heads in sand health incident response information risk keynote speaker leadership macOS networked cameras passwords patching racing resilience Russian hacking SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok time management training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.