-
19 Feb 2009My latest security content
Here's my latest stuff. First off, here are two articles I wrote for SearchEnterpriseDesktop.com:Sysinternals tools: A must-have for every Windows security toolbox...an article I wrote for SearchSoftwareQuality.com:Web application security gaps not fixed in 2008...and an article I wrote for SearchEnterpriseLinux.com:Five common Linux security vulnerabilities you may be overlookingIn the meantime, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and more....
Continue Reading... -
26 Jan 2009
Looking for some software to exploit?
If you're learning the ins and outs of Metasploit (one of the most underrated and underused tools in our field) but don't have the software to exploit in a test environment, check out www.securinfos.info/old-softwares-vulnerable.php. Also don't forget about any old copies of Windows, etc. CDs you have lying around....Just load them up on a test machine, VMWare image, or similar and off you go. I can't imagine a more cost-effective ...
Continue Reading... -
31 Dec 2008
Very cool thing about the Sysinternals tools
OK, I'm a bit late to the punch on this one but just in case you don't know, the awesome Sysinternals tools (a must-have for every security pro) are now available online for immediate access here. No more downloading, unzipping, etc. - just click and run...assuming you can get past your Web browser controls. ;)...
Continue Reading... -
03 Nov 2008
Think all the hype over MS08-067 is just that…?
There's been a TON of talk about the latest vulnerability affecting Windows. Message boards have been lighting up with talk about it, vendors are offering webcasts, it's the talk of the security town. In fact, it's so bad that Microsoft is releasing an "out-of-band" patch to fix the problem.So, is it worth the trouble to patch - especially on seemingly critical servers that you can't afford a patch to take ...
Continue Reading... -
28 Oct 2008
My latest security content
Here are two articles I wrote for SearchEnterpriseDesktop.com:Enhancing patch management with NAPUnauthenticated vs. authenticated security testing Here's an article I wrote for SearchSQLServer.com:New security features in SQL Server 2008 leave some work for you...and finally a podcast I just recorded for SearchEnterpriseDesktop.com:Security Policies for Windows SystemsBe sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcast interviews, webcasts, screencasts and more....
Continue Reading... -
02 Sep 2008
Questions posed to me about security testing
Here's a recent question posed to me regarding firewall assessments that you may benefit from:"I am currently running a security assessment in my company for all Cisco ASA firewalls and I would like to know if you have some sort of a guideline or a "recipe" that you are following as to what one needs to look for when performing a security assessment. That is, security flaws, loopholes, best practice, ...
Continue Reading... -
02 Sep 2008
My security content from this week
Here's a piece I wrote for SearchDataBackup.com (a new TechTarget site I'm now writing for):Change management and disaster recovery...as well my thoughts on the latest and greatest version of BackTrack (a tool you've gotta get familiar with):Free security testing toolkit review: BackTrack 3As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcast interviews, webcasts, and screencasts....
Continue Reading... -
13 Aug 2008
Very clever way of recovering passwords from MD5 hashes
In his infinite wisdom, Vladimir Katalov with Elcomsoft has developed tool called MD5 Password Cracker that uses the computing power of NVIDIA graphics cards to recover passwords from MD5 hashes. Very cool. And it's free.According to Elcomsoft, for comparison, this type of cracking on a 2.2 GHz Intel Core 2 Duo E4500 processor only yields about 30 million passwords per second and around 70 million per second on Intel Core ...
Continue Reading... -
25 Jun 2008
Ignorance is bliss when it comes to patching database servers
I just saw this bit today on SearchSecurity.com about admins not patching database servers. So, it's not just me that sees ignorance in action when it comes to admins not wanting to patch their database servers. I can't tell you how many times I've found database flaws directly-exploitable from the inside all because an admin didn't want to patch the system. I'm talking about full command prompt access to database ...
Continue Reading... -
10 Jun 2008
How to stumble across new Web vulnerabilities
I just learned how a lesser-known Web vulnerability scanner can prove to be as valuable as the big dog high-end scanners. Acunetix Web Vulnerability Scanner - an excellent Web scanning tool, especially for the price - found a weak Web login/password combo. Obviously something that can lead to all sorts of security issues. It would take a lot more time and effort to uncover this in a real-world Web security ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
