• 08 Feb 2012

    What’s it going to take for police departments to secure their websites?

    Here's yet another story about a police department website being compromised by criminal hackers. When a regular citizen's home address is exposed, that's one thing. But when the addresses of police chiefs are published online, that opens up an entirely new set of risks for their personal safety. Sad. Hey, at least the police chiefs I know are armed and well-trained experts. Would be pretty foolish to try and attack ...

    Continue Reading...
  • 06 Feb 2012

    My new material on Web application & website security

    Here are several new pieces I've written on Web site/application security. Lots of angles and considerations:There’s more to web security than meets the eyeWeb passwords are often the weakest linkTo validate or not, is that the question?Protecting FTP services running on your Web serverThe critical Web-based systems that are going untested and unsecuredGood Web Security Tools and Why They MatterWhy you need intruder lockoutWeb security is like the layers of ...

    Continue Reading...
  • 16 Dec 2011

    AlgoSec & what happens when you don’t look for flaws from every angle

    I recently had the opportunity to see how well AlgoSec's Firewall Analyzer performs in a real-world security assessment. Long story short, Firewall Analyzer found a weak password on an Internet-facing firewall that would've gone undetected otherwise. A traditional vulnerability scanner didn't find it nor did two different Web vulnerability scanners. Nothing was uncovered via manual analysis either.Only AlgoSec's Firewall Analyzer found the weakness...no doubt a flaw that would've been exploited ...

    Continue Reading...
  • 15 Dec 2011

    Going green’s tie-in with infosec

    If you've been following my blog and my principles for even a short period of time you've probably figured out that I pull no punches when it comes to personal responsibility and limited government. There's hardly anywhere I'm more passionate in this regard than the marketing smoke and mirrors of "Going Green" and the religion of "global warming". I should say "climate change"; that covers warming and cooling for the ...

    Continue Reading...
  • 21 Nov 2011

    Don’t turn a blind eye on the basics

    I'm all about shoring up the basics of Web security before throwing money at the situation. If you're interested in saving not only money but also time and effort, here are some new pieces I've written on Web security that you may be interested in: Explaining the why of Web application security Improving Web security by working with what you’ve got Not all Web vulnerability scans are created equal Why ...

    Continue Reading...
  • 04 Sep 2011

    DNS hack: UPS, National Geographic, Acer, etc. websites affected

    Happy (almost) Labor Day...here's the latest from the criminal hackers: a DNS hack has redirected numerous websites of UPS, National Geographic, Acer, The Register and more. Nice. Betcha it was some low-hanging fruit someone, somewhere overlooked....

    Continue Reading...
  • 08 Jun 2011

    Weiner fallout: “I got hacked” is the new scapegoat

    I recently met up with some technology lawyer colleagues after work and we shared our thoughts on the Anthony Weiner "incident". We were talking about how early on in the saga no one but Weiner and the lucky recipients of his tweets really knew what the truth was. Predictably, as we're seeing and hearing more and more these days, Weiner came out and said "I was hacked. It happens to ...

    Continue Reading...
  • 25 May 2011

    Web appsec compliance & low-hanging fruit – it’s all up to us!

    Here are some recent pieces I wrote on Web application security common sense for my colleagues at Acunetix that you may be interested in:But Compliance is Someone Else’s Job!Low-hanging fruit becomes big news with the 2011 Verizon Data Breach reportGoing Beyond Confirmed Web Security FlawsEnjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to my 500+ articles, whitepapers, podcasts, webcasts, books and more....

    Continue Reading...
  • 04 May 2011

    From culture to products to malware to breaches – where do you stand?

    Here are some new opinion pieces on information security management that I wrote for Security Technology Executive magazine that you may be interested in:Don’t end up on the wrong side of a data breachFighting the malware fight all over again9 good reasons not to buy information security productsSecurity best practices without question?How's your security culture?Enjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to all of my information security ...

    Continue Reading...
  • 04 May 2011

    SecureWorld Expo better than ever

    I attended this week's SecureWorld Expo in Atlanta and must say that the show is better now than ever before. I cut my professional speaking teeth with these guys speaking at dozens of their events between 2003 and 2007. I've taken some time off since but going back and seeing some of the same friendly faces brought back good memories.The best session I attended was William Hugh Murray's keynote on ...

    Continue Reading...