• The real deal with the SSL/TLS flaw

    08 Nov 2009

    Over the past few days Twitter, security blogs, and news columns have been going crazy with the newly-discovered SSL/TLS flaw. Man, you’d think it’s the next WEP exploit discovery. The security sky is falling…we must retreat.

    Seriously, is this thing a big deal? Not in my opinion – at least not in all but 99.9% of any given situation. But what do I know? I’m just the security guy that sees network shares sharing out entire drives full of sensitive files, firewalls with default configurations and no passwords, smartphones without a trace of security enabled, laptops with supposedly “nothing of value” that end up having thousands PII records yet no semblance of drive encryption, database servers without passwords, physical security cameras and data center control systems with default passwords that anyone on the network can mess around, operating systems missing critical patches that are easily-exploited using free tools, Web sites/apps with gobs of XSS and weak authentication controls, and on and on and on and on.

    If you want to pick nits and chase the rabbit down the infinite path of limited return, sure, it’s a big deal. Otherwise, chances are you’ve much bigger issues on your hands.

Resources

view all

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security appsec basics books careers censorship CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches hacking Hacking For Dummies heads in sand health incident response information risk keynote speaker leadership macOS networked cameras passwords patching racing resilience Russian hacking SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok time management training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.

For your convenience I accept