-
08 Jun 2011Weiner fallout: “I got hacked” is the new scapegoat
I recently met up with some technology lawyer colleagues after work and we shared our thoughts on the Anthony Weiner "incident". We were talking about how early on in the saga no one but Weiner and the lucky recipients of his tweets really knew what the truth was. Predictably, as we're seeing and hearing more and more these days, Weiner came out and said "I was hacked. It happens to ...
Continue Reading... -
07 Jun 2011
New tool for ferreting out users w/local admin rights
Here's a free tool by @ViewFinity (the privilege management vendor I wrote about back in March) that helps you discover user accounts that have local admin rights:Viewfinity Local Admin Discovery...looks pretty neat if you have a need for running a quick test during an assessment or audit or just want to have something to use periodically to ensure user accounts are kept in check....
Continue Reading... -
06 Jun 2011
InfraGard Atlanta hack highlights some lessons for us all
What started with an email from a colleague's compromised Gmail account Friday evening has ended up making international news - the InfraGard Atlanta website has been hacked. With user names, email addresses and passwords - including those associated with the FBI - available via a quick web search I knew that this was a pretty serious issue. Although I've been disconnected from InfraGard Atlanta for the past ~6 years, I ...
Continue Reading... -
31 May 2011
An unintended consequence of fast food “going green”
I was just pondering the negative side-effects and unintended consequences of many of the fast food restaurants who are "going green" (I use that term loosely because it's so overused in the name of marketing). The thing is so many restaurants like Panera and Moe's as well as countless others I've visited in my travels this year have these flimsy plastic Solo (and other brand) cups that aren't worth a ...
Continue Reading... -
31 May 2011
Ever heard of “gruntled” workers?
We always hear about "disgruntled workers" wreaking havoc on computer systems and sensitive information. Interestingly we never hear about "gruntled" workers and how they can help improve security...Thanks to a Merriam Webster's "Word of the Day" I came across I now know that there's another side to the overused word "disgruntled". Interestingly, according to M-W, the prefix "dis-" usually means "to do the opposite of," hence the assumption that if ...
Continue Reading... -
25 May 2011
Web appsec compliance & low-hanging fruit – it’s all up to us!
Here are some recent pieces I wrote on Web application security common sense for my colleagues at Acunetix that you may be interested in:But Compliance is Someone Else’s Job!Low-hanging fruit becomes big news with the 2011 Verizon Data Breach reportGoing Beyond Confirmed Web Security FlawsEnjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to my 500+ articles, whitepapers, podcasts, webcasts, books and more....
Continue Reading... -
25 May 2011
Texas Comptroller’s Office IT woes = security breach
Here's a Dallas Morning News story I was interviewed for - interesting IT woes in the Texas comptroller's office:Texas comptroller’s tech office had high turnover, employee complaints before breach Thanks go out to Kelly Shannon and my colleagues over at Focus.com for getting me involved....
Continue Reading... -
25 May 2011
If you don’t have NetScanTools Pro v11, you’re missing out
It's been a long time coming but the latest incarnation of one of my favorite network/security tools - NetScanTools Pro v11 - is out. Kirk Thomas at Northwest Performance Software has done a bang-up job on the user interface in the new version...something that's gotten better - albeit slowly - over the years. Not that I could do any better - I can't imagine having to know network protocols at ...
Continue Reading... -
23 May 2011
Sony PlayStation discussion download
In case you missed our Sony PlayStation Security Fiasco roundtable discussion last week, here's a link to the MP3 recording.Enjoy!...
Continue Reading... -
23 May 2011
Recap of TechEd 2011: more of the same, but you need to go
Given that TechEd was held in my neck of the woods this year I couldn't resist the opportunity to check it out. It's funny, I've been working with/around Microsoft products for some 22 years now and I've *never* attended this show. Maybe it's my ingrained Novell bigotry that I've yet to shed.My main goal was to catch up with some clients and see the latest happenings with Security Compliance Manager ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
