-
08 Jun 2011Weiner fallout: “I got hacked” is the new scapegoat
I recently met up with some technology lawyer colleagues after work and we shared our thoughts on the Anthony Weiner "incident". We were talking about how early on in the saga no one but Weiner and the lucky recipients of his tweets really knew what the truth was. Predictably, as we're seeing and hearing more and more these days, Weiner came out and said "I was hacked. It happens to ...
Continue Reading... -
06 Jun 2011
InfraGard Atlanta hack highlights some lessons for us all
What started with an email from a colleague's compromised Gmail account Friday evening has ended up making international news - the InfraGard Atlanta website has been hacked. With user names, email addresses and passwords - including those associated with the FBI - available via a quick web search I knew that this was a pretty serious issue. Although I've been disconnected from InfraGard Atlanta for the past ~6 years, I ...
Continue Reading... -
25 May 2011
Web appsec compliance & low-hanging fruit – it’s all up to us!
Here are some recent pieces I wrote on Web application security common sense for my colleagues at Acunetix that you may be interested in:But Compliance is Someone Else’s Job!Low-hanging fruit becomes big news with the 2011 Verizon Data Breach reportGoing Beyond Confirmed Web Security FlawsEnjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to my 500+ articles, whitepapers, podcasts, webcasts, books and more....
Continue Reading... -
25 May 2011
Texas Comptroller’s Office IT woes = security breach
Here's a Dallas Morning News story I was interviewed for - interesting IT woes in the Texas comptroller's office:Texas comptroller’s tech office had high turnover, employee complaints before breach Thanks go out to Kelly Shannon and my colleagues over at Focus.com for getting me involved....
Continue Reading... -
16 May 2011
Today’s dicussion on the Sony PlayStation Security Breach
Join us for this roundtable teleconference on Monday, May 16, 2011 at 1pm PT / 4pm ET with yours truly, Andrew Baker, Anton Chuvakin, John Pirc and Richard Stiennon where we will discuss the recent Sony PlayStation Network security breach. Topics will include:• Sony is now implementing new security measures; should these have been in place all along?• What does Sony need to do to restore confidence in their network ...
Continue Reading... -
04 May 2011
From culture to products to malware to breaches – where do you stand?
Here are some new opinion pieces on information security management that I wrote for Security Technology Executive magazine that you may be interested in:Don’t end up on the wrong side of a data breachFighting the malware fight all over again9 good reasons not to buy information security productsSecurity best practices without question?How's your security culture?Enjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to all of my information security ...
Continue Reading... -
29 Apr 2011
Nikon Image Authentication vulnerability
The fine folks at @Elcomsoft have discovered yet another security flaw in digital cameras. First it was Canon. This time it's Nikon - specifically Nikon's Image Authentication Software.Elcomsoft researchers found that the way the secure image signing key is being handled in the camera is flawed. This allowed them to extract the original signing key and then produce manipulated images that appear to be legit. I could see this being ...
Continue Reading... -
27 Apr 2011
Novell, Utah and the Libertarian Party
Some new news out today was about Novell completing its sale to Attachmate. Wow, the end of an era...Novell really does have a special place in my heart - NetWare was the first network operating system I learned, way back in the version 2.15c days. Anyone remember those? Then I moved on to v2.2, 3.12, 4.0 and then 4.1. I obtained my first IT certification - the CNE - that ...
Continue Reading... -
21 Apr 2011
Amazon’s cloud outage – does it change your perception of the cloud?
Everyone (okay, many; especially the vendor marketing types) keeps swearing by the "cloud"...and then Amazon's EC2 goes down today. How does that affect how you view the cloud?I've been a skeptic and I'm still a skeptic...beware the cloud bandwagon....
Continue Reading... -
20 Apr 2011
Holy Cow: Police seizing info from phones during traffic stops
Here's some big time scary stuff personally and something that'll no doubt lead to big time security problems for the enterprise. Michigan State Police are copying data off of smartphones during minor traffic stops using the Cellebrite Universal Forensics Extraction Device. Images, address books, files, whatever...it's now fair game for the police (Gestapo?) in Michigan to take whatever whenever.Is this government out of control or what!?I know we've all but ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
