-
31 Oct 2024It’s 2024, yet college football’s Power Four teams were using unencrypted GSC helmet communications
Just when you think most people understand the basics of security, along comes a story like the following: Sources: College helmet communications on unencrypted frequencies Really!? All those efforts that coaches go to covering their mouths with their play cards...then this. According to the ESPN piece, execs for the SEC, Big 12, Big Ten and ACC have worked with GSC, the manufacturer of these coach to player communication systems, to ...
Continue Reading... -
31 Aug 2017HIPAA and data encryption – what you need to know
When I co-wrote the first edition of the book The Practical Guide to HIPAA Privacy and Security Compliance, both HIPAA and data encryption were a big deal. Fast forward nearly 15 years and they're still a big deal, yet many people are still struggling with both. If you're looking for some insight/guidance on HIPAA compliance, data encryption, or security intelligence in today's business environment, here are a few new pieces that ...
Continue Reading... -
29 Apr 2011
Nikon Image Authentication vulnerability
The fine folks at @Elcomsoft have discovered yet another security flaw in digital cameras. First it was Canon. This time it's Nikon - specifically Nikon's Image Authentication Software.Elcomsoft researchers found that the way the secure image signing key is being handled in the camera is flawed. This allowed them to extract the original signing key and then produce manipulated images that appear to be legit. I could see this being ...
Continue Reading... -
11 Jan 2011
Tidbits on MS security, MBSA vs. the competition & cloud backups
Here are a few new articles I wrote for TechTarget where I talk about IIS 7.5 security, encrypting Windows Server drives, MBSA vs. commercial vulnerability scanners and the dearly beloved cloud backup services. Enjoy!How vulnerable is Microsoft IIS 7.5 to attacks?Pros and cons of Windows Server drive encryptionWeighing MBSA against paid vulnerability scannersPreventing online backup security threats to your network...
Continue Reading... -
10 Dec 2010
Canon’s digital camera image originality not so original
How's this pic for an attention grabber?!Well, the folks at Elcomsoft have done it again. This time they've discovered a vulnerability in Canon's Original Data Security system demonstrating that digital image verification data can be forged. Apparently Canon has yet to respond.Why is this a big deal? Well, it's impactful for the media, for forensics investigators, and for those of us in infosec as digital images are used in many ...
Continue Reading... -
04 Nov 2010
Interesting findings from Venafi on encryption management
Information security vendor Venafi released a survey at the October Gartner show that has some interesting findings related to encryption management:Organizations anticipate a 27% year-over-year certificate and key inventory growth rate85% of organizations manage encryption certificates and private keys manually via spreadsheet and reminder notes 78% of organizations have experienced system downtime due to encryption failures in the past 12 monthsGiven what I see in my information security assessments - ...
Continue Reading... -
11 Oct 2010
Got compliance? Here are some tips for moving ahead.
Tired of "compliance"? Me too. But, it's still one of those necessary (arguably sometimes unnecessary) evils we must deal with in business today.Here are some new pieces I've written for the fine folks at SearchCompliance.com that will hopefully be of some benefit to you and your business.:Priorities for your sound regulatory compliance management policyPut compliance management back into server virtualizationAchieving compliance is about more than secure data encryptionWhat compliance professionals ...
Continue Reading... -
09 Jul 2009
My latest security content
I'm taking this week off but I've scheduled this post of three (more) new articles I've written that you may be interested in:How Windows 7 stands up to security testsUsing an encryption appliance for data backup security (podcast)Data security concerns with online backupAs always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and more....
Continue Reading... -
26 Jun 2009
My latest security content
Here's my latest information security content you may be interested in: Testing rich Internet applications for security holes The pros and cons of host-based vs. appliance-based tape encryption As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and more....
Continue Reading... -
22 Jun 2009
Charles Schwab hard drive removed & then stolen
Yet another one for the hall of shame list. You know how I am about it, I'm sure this hard drive was encrypted. ;-)...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
