-
03 Nov 2009Good dictionary to use for password cracking
Here's a pretty comprehensive password dictionary I recently came across that you may want to use in your security testing...there may be "friendlier" download link but I haven't searched for it.If time is a factor, this dictionary may be too big for its own good given the time it'd take to run through everything but at least you know you're using a good dictionary. After all, your dictionary-based password cracking ...
Continue Reading... -
13 Oct 2009
Proper password length
Probably late to the game but just had to post this:During a recent password audit, it was found that a blonde was using the following password: MickeyMinniePlutoHueyLouieDeweyDonaldGoofy When asked why such a big password, she said that it had to be at least 8 characters long....
Continue Reading... -
12 Oct 2009
Cool tool for cracking/resetting SQL Server passwords
Elcomsoft has a neat - and relatively new - tool called Advanced SQL Password Recovery I thought you may be able to benefit from. It can be used to change any SQL Server databases protected by a password included SQL Server 2000, 2005 and 2008. All you need is access to the master.mdf file. SQL Server optional.I was going to show a screenshot but there's not that much to show...you ...
Continue Reading... -
09 Oct 2009
My latest security content
Here are a couple of new articles of mind that were just published. Many more to come. Enjoy!Balancing Windows security with reasonable password policiesStorage encryption essentialsBe sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts, Twitter updates, and more....
Continue Reading... -
16 Sep 2009
My latest security content
Here's my latest information security content. Hope you enjoy!Big IT Lessons Small Businesses Can Learn (an IncTechnlogy.com piece I contributed to)How often should I change the passwords for my bank and other important online accounts? (a Women's Health magazine piece I contributed to)Web 2.0 application security troubleshooting, testing tutorialHIPAA-covered entities, business associates confront HITECH Act rulesTen sure-fire ways to derail your career in IT What you should know about cloud ...
Continue Reading... -
04 Sep 2009
My latest security content
My goodness - it's been over a month since I've posted my latest security content...I've been so busy writing the stuff that posting the links has gotten put on the back burner. Good problem to have! Anyway, here's my latest:Networking to enhance your IT careerToeing the company line – is it good or bad for your IT career?Security and compliance can go together, when done in the right orderMaking sense ...
Continue Reading... -
22 Jul 2009
My latest security content
Here's my latest information security content you may be interested in:E-discover the gaps in your information management processWeb security problems: Five ways to stop login weaknessesFixing four Web 2.0 input validation security mistakesSpotting rich Internet application security flaws with WebGoatCommon causes of Windows server security vulnerabilitiesManaging multiple passwords in WindowsAs always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts, my Twitter updates, ...
Continue Reading... -
16 Jul 2009
Another ridiculous way of handling Web passwords
I use iContact's marketing service. It's an overall great app and reputable company but they've now made my list of ridiculous password requirements. I was logging in to their site today using what I consider to be a strong password and got this message:As part of our latest application security upgrade, iContact has strengthened the criteria for account passwords. To access your account, you must first reset your password.So I ...
Continue Reading... -
05 May 2009
Hilarious/ridiculous password requirements
I came across some very laughable Web-site password requirements with some sites I've used recently that I wanted to share. The need for us to use strong passwords/passphrases on the Web is pretty obvious. I also believe in balancing security with reality and not going overboard.My first example is just that: overboard. It's AT&T Wireless. Check out their ridiculous password requirements:Your password is case-sensitive and must:- Be six to twenty ...
Continue Reading... -
11 Dec 2008
Let this be a reminder to keep your online passwords in check
While you're shopping on Amazon.com, eBay, and elsewhere this fine holiday season, let Mike Rothman's dilemma be a reminder that we all need to take our online passwords seriously. So, keep them strong, keep them unique from one another, keep them to yourself, and (most importantly) keep them in mind. It's that long lost account that can get you....
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
