• 05 Apr 2024

    Find at-risk internal user accounts with myNetWatchman’s AD Credential Audit tool

    I'm always on the lookout for new tools that can do new and interesting things for those of us working in information security. They are few and far between, it seems, at least in the context of vulnerability and penetration testing. However, I've found one that can pay huge dividends. It's called AD Credential Audit (formerly known as Active Directory Audit) by threat intelligence company, myNetWatchman. You know how threat ...

    Continue Reading...
  • 19 Mar 2019

    Good, old-fashioned, boring passwords – the key to good security

    Many people are quick to proclaim that passwords are dead...that SSO, MFA, and related technologies are THE solution. Not so fast. Passwords, as we've known them for decades, are not going away anytime soon. Sure, I'll embrace the technologies that help take the pain out of passwords and password management. Hopefully we will be password-free in the next few decades. Still, pragmatism will win out over presumed quick fixes every ...

    Continue Reading...
  • 20 Jan 2016

    Worst passwords (on your network right now)

    The fifth-annual Worst Passwords List put out by SplashData is here and the findings aren't terribly surprising. Here are the top five:#1: 123456#2: password#3: 12345#4: 12345678#5: qwerty  Good stuff! What's that quote about insanity? One of those security basics that we'll likely continue to ignore until the end of time. That's alright, as some of the best sideline analysts will proclaim: we need not focus on such trivial things. Well, they ...

    Continue Reading...
  • 27 Oct 2010

    Talk about old school…

    I recently came across a Web site I was creating an account for which stated the following for its login requirements:Your user name & password must consist of letters in all caps 4-7 characters in length.Too funny......

    Continue Reading...
  • 01 Feb 2010

    Relying on users to wipe out wimpy passwords??

    I just came across a Dark Reading piece by Adrian Lane on wiping out wimpy passwords. Adrian says that user training is needed so people know how to create strong passwords. I'm not picking on you Adrian however this has become a downright ridiculous approach, one that's been proven time and again not to work. My take is if you have to set your users up for success and, therefore, ...

    Continue Reading...
  • 16 Jul 2009

    Another ridiculous way of handling Web passwords

    I use iContact's marketing service. It's an overall great app and reputable company but they've now made my list of ridiculous password requirements. I was logging in to their site today using what I consider to be a strong password and got this message:As part of our latest application security upgrade, iContact has strengthened the criteria for account passwords. To access your account, you must first reset your password.So I ...

    Continue Reading...
  • 05 May 2009

    Hilarious/ridiculous password requirements

    I came across some very laughable Web-site password requirements with some sites I've used recently that I wanted to share. The need for us to use strong passwords/passphrases on the Web is pretty obvious. I also believe in balancing security with reality and not going overboard.My first example is just that: overboard. It's AT&T Wireless. Check out their ridiculous password requirements:Your password is case-sensitive and must:- Be six to twenty ...

    Continue Reading...
  • 26 Aug 2008

    Finally…someone gets their Web security policy right!

    When most companies claim Web "security" they tout SSL like I mentioned here. I've had trouble figuring out why the buck stops there...maybe because they're being written by people in marketing??Anyway, LinkedIn finally got it right. The security stipulation in their privacy policy goes beyond SSL:In order to secure your personal information, access to your data on LinkedIn is password-protected, and sensitive data (such as credit card information) is protected ...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.