-
18 Jan 2008Neat tool to fight off keystroke loggers in web apps
I came across the XecureCK tool in Brien Posey's recent SearchWindowsSecurity.com article. It's an application-specific program that's downloaded as an ActiveX control that must be installed on the user's browser (sort of ironic, eh?). It essentially creates an encrypted link between the Windows keyboard driver and the Web site to keep the user's credentials safe and secure...at least the credentials for that one Web site. Thinking back to my days ...
Continue Reading... -
18 Jan 2008
My articles from this week
Here are my information security articles from this week that you may be interested in.Web application hacking: Inside the mind of an attacker Cross-site scripting 101: XSS attacks plague Web browsersFor all of my past information security tips and tricks be sure to check out www.principlelogic.com/resources.html.Enjoy!...
Continue Reading... -
17 Jan 2008
Cox Communications telecom outage highlights the need for better security processes
This is one of those often-overlooked security operations weaknesses that ends up being one of the most vicious. A fired Cox Communications worker hacks back in and wreaks havoc: https://www.scmagazine.com/former-cox-communications-employee-pleads-guilty-to-hacking-company-network/article/553715/ Also a good reason to watch the "watchers". Funny thing that many people in IT forget: there's this thing called change management that helps quite well in these situations....
Continue Reading... -
16 Jan 2008
Lax IRS security – yet another reason for the FairTax!
Apparently a GAO report this week outlines how taxpayer data is at “increased risk of unauthorized disclosure, modification or destruction.” within the IRS: https://web.archive.org/web/20090401053638/http://www.scmagazineus.com/GAO-Lax-IRS-cybersecurity-puts-taxpayer-data-in-danger/article/104008/ Yet another reason to get rid of the IRS! :)...
Continue Reading... -
16 Jan 2008
So Oracle and Open Source really aren’t that secure…?
Chock these up and file 'em away in the I-told-so-you category:Apparently Oracle's latest security update contains fixes for 27 flaws including SQL injection:http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1294080,00.html?track=NL-102&ad=617874&asrc=EM_NLN_2899404&uid=1018924Oh, and now our Imperial Federal Government has to spend tax dollars that we've earned that prove that open source software is flawed...?:http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1289637,00.html?track=NL-102&ad=617852&asrc=EM_NLN_2860161&uid=1018924The reality is folks, that regardless of the type of software - I don't care what language it's written in, how much money is charged for ...
Continue Reading... -
14 Jan 2008
New evidence of wireless way before our time
This is something that's been out there for a while, but when my Canadian colleague, security guru, and all-around good guy Peter Davis forwarded it to me, I laughed out loud. Had to share it:After having dug to a depth of 10 meters last year, American scientists found traces of copper wire dating back 100 years and came to the conclusion that their ancestors already had a telephone network more ...
Continue Reading... -
14 Jan 2008
Wireless hotspot security measures you can’t afford to overlook
Here's a not-so-innovative piece from one of the prominent wireless gurus, Lisa Phifer, on hotspot security but it's a good reminder of what to do nonetheless: http://www.wi-fiplanet.com/tutorials/article.php/3720151...
Continue Reading... -
12 Jan 2008
Solid backup/imaging tool worth checking out
If you're tired of the same old complex backup software or you have some select systems you can't afford to take the time to completely rebuild after a drive crash, theft/loss, etc. check out Acronis True Image. It's an imaging program like the original Ghost application from the '90s but can also perform select data backups. They have a version for Windows Servers, Linux, and SQL Server as well. The ...
Continue Reading... -
11 Jan 2008
Be careful when checking for domain name availability!
Although I'm (currently) a customer of Network Solutions for a few of my Internet domain registrations, I've never been a big fan. Too much cockiness and too much money for registering domain names. Well, they've finally stepped over the line and are apparently doing something that I've often wondered was taking place with domain name registrations.According to this NewsFactor article, Network Solutions is monitoring domain names that people are searching ...
Continue Reading... -
08 Jan 2008
Thought for the day on security getting in the way
Here's a great quote I was reminded of that made me chuckle thinking about how information security controls often result in the same outcome...From the business master himself:"Most of what we call management consists of making it difficult for people to get their work done." -- Peter Drucker...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
