-
18 Jul 2011If only “they” could understand us
You know how most people don't really understand the professions of others with whom they mingle or interact with? You know, retail clerks typically don't understand IT, doctors don't understand accountants, used car salesmen don't get landscaping and so on. Information security is arguably one of the cloudiest and least understood for those who aren't exposed to it on a daily basis.After reviewing the headlines of my emails today I ...
Continue Reading... -
14 Jul 2011
eEye’s Metasploit integration – we need more of this!
Kudos to eEye Digital Security for integrating Metasploit within their Retina vulnerability scanner. According to this recent press release:"Using the free Retina Community scanner or the Retina Network Security Scanner (version 5.13.0 or higher), users can see whether a vulnerability has an associated exploit from Core Impact, Metasploit, or Exploit-db.com, allowing IT Security professionals to better prioritize vulnerabilities and fix the biggest risks first. In addition, if a Metasploit exploit ...
Continue Reading... -
12 Jul 2011
How smartphones can make us look dumb
Not long ago I heard a gentleman speaking with radio show host Clark Howard about a phone he purchased online. He said it had all sorts of personal information belonging to the previous owner including her healthcare records. Ouch.If I understood the caller correctly it sounded like this personal information was sent to the previous owner by her doctor. A doctor who I'm sure is HIPAA compliant...after all, as most ...
Continue Reading... -
04 Jul 2011
Cloud insecurities, when are they going to end?
This week's post is about cloud security - technically, lack thereof...Check out these new pieces I've written for Security Technology Executive and Acunetix:Dark Cloud Looming?What’s your take on cloud security?Enjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to my 500+ articles, whitepapers, podcasts, webcasts, books and more....
Continue Reading... -
01 Jul 2011
Get over yourself
The late, great Richard Carlson once said:"Humility and inner peace go hand in hand. The less compelled you are to try to prove yourself to others, the easier it is to feel peaceful inside." I believe this theory explains why so many people in IT and information security are so stressed out. I'm also convinced that this concept is the basis for all the bad choices and negative behavior we've ...
Continue Reading... -
27 Jun 2011
The value of partial code scanning, now
Check out my new piece on the business value of partial code scanning where I outline why it's better to start your source code analysis now instead of waiting around until certain milestones of your development projects are reached or your software applications are completed altogether.It's kind of funny and ironic that we humans are all about instant gratification, yet with information risk issues such as source code analysis, we ...
Continue Reading... -
27 Jun 2011
Dropbox “bug” = why the cloud cannot be blindly trusted
I've been ranting about "the cloud" (what a tired term) for a couple of years now. As if we haven't seen enough examples lately of why we cannot put all our eggs in the cloud basket, here's one more with the "code bug" that impacted Dropbox's authentication mechanism over the weekend.Sure, Dropbox isn't an enterprise cloud app per se but I'll guarantee you it's impacting your enterprise this very moment. ...
Continue Reading... -
25 Jun 2011
Exchange incident response, ASLR & common Windows security mistakes
From Exchange to Windows Server to Windows at the desktop, here are some new pieces I've written about Microsoft security that you may be interested in:Six commonly overlooked Exchange security vulnerabilitiesSolidify Your Exchange Server Incident Response Plan10 most common security mistakes people are still makingWhy you need address space layout randomization in Windows Server 2008 R2Enjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to my 500+ articles, whitepapers, ...
Continue Reading... -
20 Jun 2011
I’m a speaker at the Gartner Infosec show this week
For those of you who happen to be attending the Gartner Security and Risk Management Summit in DC this week, I'd love it if you could check out my session or at least stop by to say hello. I'll be serving as a panelist on mobile security at the following session:Protect Your Identity, Mobile PC and DataSession Code SPS13 - Potomac Ballroom 19:30-10:30amCheers!...
Continue Reading... -
18 Jun 2011
When’s political correctness going to impact infosec?
Witnessing the Thought Police's handling of the Tracy Morgan debacle I can't help but wonder if political correctness is not the beginning of dictatorships, Communism, etc. where the population is not allowed to speak up or out against anything.Don't get me wrong. Being a libertarian, I'm pro-choice on everything...To each his own. As long as you're not affecting the life, liberty or property of someone else, then say what you ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
