-
03 Sep 2008In search of a good personal firewall…
Ever since my all-time favorite personal firewall - BlackICE - went away, I've been searching for product that could fill its shoes. I'm still searching...and it's a pain. Thanks ISS!!Anyway, I came across this "Firewall Challenge" site that compares the well-known and not so well-known personal firewall products, shows test results along with vendor responses, and gives a yay or nay on whether or not the product is recommended. Use ...
Continue Reading... -
02 Sep 2008
My security content from this week
Here's a piece I wrote for SearchDataBackup.com (a new TechTarget site I'm now writing for):Change management and disaster recovery...as well my thoughts on the latest and greatest version of BackTrack (a tool you've gotta get familiar with):Free security testing toolkit review: BackTrack 3As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcast interviews, webcasts, and screencasts....
Continue Reading... -
28 Aug 2008
Want to try some ‘sploits but don’t have anything to ‘sploit?
If you've ever wanted to play around with Metasploit - the free pen test/exploitation toolkit - but you didn't know where to start....well, here's an interesting site I came across that hosts free trial versions of software known to be vulnerable to attack using Metasploit, etc..Oh, if you need a quick primer, check out the following articles I've written on Metasploit as well:Metasploit 3.1 updates improve Windows penetration testingMetasploit 3.0 ...
Continue Reading... -
21 Aug 2008
A wireless security assessment tool you can’t overlook
Many people tout how great open source and freeware wireless tools are for finding and exploiting wireless network vulnerabilities - myself included. However, if you're performing a wireless assessment, you don't want to overlook the value the commercial tools have to offer.The commercial tool I've been using for a while - since before I co-authored Hacking Wireless Networks For Dummies - is AirMagnet's WiFi Analyzer (formerly their "Laptop" product). It's ...
Continue Reading... -
20 Aug 2008
Can’t wait to try this tool out…
...it's been out for a few weeks and wow, it looks really neat. Great way to demonstrate the vulnerabilities associated with Wi-Fi in the enterprise. I've actually been wondering when someone would come up with a tool like this.http://metasploit.com/dev/trac/wiki/KarmetasploitKarmetasploit acts as a wireless access point serving up legitimate-looking services such as SMTP, DNS, etc. It can be used to capture email passwords, retrieve info from Web form fields, exploit Web ...
Continue Reading... -
19 Aug 2008
Neat site for getting the scoop on people’s backgrounds
Want to see what the real scoop is on the person you're hiring but don't want to spend any $$$ on running a background check? I know, it's only like $5 but I'm just being realistic because I know some people would not spend that kind of money willy-nilly. Or, are you not getting a good feeling about your boss and are wondering about his or her past? Well, here's ...
Continue Reading... -
13 Aug 2008
Very clever way of recovering passwords from MD5 hashes
In his infinite wisdom, Vladimir Katalov with Elcomsoft has developed tool called MD5 Password Cracker that uses the computing power of NVIDIA graphics cards to recover passwords from MD5 hashes. Very cool. And it's free.According to Elcomsoft, for comparison, this type of cracking on a 2.2 GHz Intel Core 2 Duo E4500 processor only yields about 30 million passwords per second and around 70 million per second on Intel Core ...
Continue Reading... -
01 Aug 2008
My security content from this week
Here's a screencast I just recorded for TechTarget that you may be interested in:Hacking Windows VistaEnjoy!As always, check out www.principlelogic.com/resources.html for all of my past articles, webcasts, podcasts, and more....
Continue Reading... -
25 Jul 2008
Saved by using multiple Web scanners…again.
I'm in the middle of a project analyzing the security of an e-commerce system. I found a lot of good stuff using WebInspect including one cross-site scripting flaw. However, the cross-site scripting issue was a little lame and next to impossible to re-create. So I decided to turn Acunetix Web Vulnerability Scanner loose on it just to see what it could find. Low and behold...four more cross-site scripting vulns! Wow.Like ...
Continue Reading... -
18 Jul 2008
Crack the darn password!
Here's an interesting story about a network admin working for the city of San Francisco who's refusing to give up a password. He won't give it up, then why not just crack it? It's probably a shared password anyway quite possibly stored/used somewhere else on his computer. There are TONS of password cracking tools out there by Elcomsoft and others. This could be an easy task.Our government at work......
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
