-
01 Apr 2011Web security tidbits on developers, leadership, weak passwords & more
Here are a few pieces I've written recently on Web application security you may be interested in...things that affect each and every one of us working in IT and infosec:I wouldn’t want to be a developer these daysDon’t overlook the importance of authenticated testingYou can’t change what you tolerateTesting for weak passwords: a common oversight without a great solutionHow often should you test your web applications?Notable changes in the PCI ...
Continue Reading... -
17 Feb 2011
Not surprised by the Wells Fargo ATM outage based on what I see
Here's an interesting story about the widespread Wells Fargo ATM outage that occurred last week. There's speculation around the cause of the outage. Was it a hack? Was the system inadvertently taken down during system upgrades? Who knows...What I can say is that virtually every ATM I've come across in my work performing internal security assessments in/around the financial industry has been riddled with security holes. I've seen weak OS ...
Continue Reading... -
10 Dec 2010
Canon’s digital camera image originality not so original
How's this pic for an attention grabber?!Well, the folks at Elcomsoft have done it again. This time they've discovered a vulnerability in Canon's Original Data Security system demonstrating that digital image verification data can be forged. Apparently Canon has yet to respond.Why is this a big deal? Well, it's impactful for the media, for forensics investigators, and for those of us in infosec as digital images are used in many ...
Continue Reading... -
09 Nov 2010
Windows 7 security tools & password weaknesses
Here are some recent SearchEnterpriseDesktop.com pieces I wrote regarding Windows 7 security...enjoy!Using Windows 7's built-in features to keep your desktops secureWindows 7 doesn’t end the need to monitor passwords...
Continue Reading... -
30 Sep 2010
Elcomsoft’s new Phone Password Breaker now supports the BlackBerry
Elcomsoft's neat iPhone Password Breaker tool that can crack iPhone backup passwords just got 100% better. Now it's called Phone Password Breaker and supports BlackBerry backups. Nice.Combine such a tool with all the open shares and unstructured data scattered about the average network and you've got a pretty serious problem on your hands. That is unless you're using the tool in a security assessment and demonstrating the continued risks smartphones ...
Continue Reading... -
26 Apr 2010
Cracking Windows 7 passwords + a bit on BitLocker
Here's the latest on Windows 7 passwords along with how they can be cracked and some tools for doing so:Cracking passwords in Windows 7I wrote a whitepaper on BitLocker in Windows 7 not long ago and here are some additional thoughts/tips in case you're considering it:Using BitLocker in Windows 7 For additional reading, Paul Thurrott's SuperSite for Windows is a great resource on Windows 7 and more....
Continue Reading... -
17 Apr 2010
Essentials for cracking SQL Server passwords
Looking to check the resiliency of your Microsoft SQL Server systems? You may very well find that you don't have to look much further than weak/blank passwords to gain full access. I've come across a few vulnerable SQL Server systems via manual analysis. However, I couldn't live without a small set of SQL Server password cracking tools that you should check out as well.Here's a piece I wrote that can ...
Continue Reading... -
26 Mar 2010
Great tool to check for weak Web passwords
I've always been a fan of Acunetix Web Vulnerability Scanner. It's a lesser-known tool that packs a big punch. One of its most redeeming qualities is its password checking. As I mentioned in this post, Acunetix Web Vulnerability Scanner took what was going to be a basic assessment of an Outlook Web Access system with very few findings up many notches into a true penetration of the system...all thanks to ...
Continue Reading... -
01 Feb 2010
Relying on users to wipe out wimpy passwords??
I just came across a Dark Reading piece by Adrian Lane on wiping out wimpy passwords. Adrian says that user training is needed so people know how to create strong passwords. I'm not picking on you Adrian however this has become a downright ridiculous approach, one that's been proven time and again not to work. My take is if you have to set your users up for success and, therefore, ...
Continue Reading... -
07 Jan 2010
My latest security content, Linux-style
Hope your first week of the last decade of the new millennium is going well!Here's some more new information security content - focusing on Linux security this time around. Enjoy!Finding password weaknesses in your Linux systemsHardening Linux with Bastille UNIXUsing BackTrack to check for Linux vulnerabilitiesMany thanks to Leah Rosin with SearchEnterpriseLinux.com for getting me on board with these.You know the drill - as always, be sure to check out ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
