-
04 Nov 2010Using GFI LANguard to find open network shares
Have you see what your users are sharing up on your network? What about your server shares - are they divulging too much PII and intellectual property to any Joe Blow on the network?Outside of mobile security (smartphone weaknesses, lack of laptop encryption, etc.) the problem of unstructured information scattered about the network is a very predictable high priority finding in any given security assessment.The reality is you cannot secure ...
Continue Reading... -
03 Nov 2010
Let the smoke (and mirrors) clear
Finally, some hope and change we can believe in!But not so fast...a quick note to all the Republicans out there: you didn't get voted in because people are embracing you...people are just tired of seeing the Democrats' lack of principles and leadership- not to mention their taking money (by force) from the people who earn it and giving it to those who don't deserve it - undermining and effectively destroying ...
Continue Reading... -
02 Nov 2010
Today is the day
Today is the day we get a chance to vote for more government or less government.Today is the day those of us in America can begin to stop the bleeding we've been experiencing since January 20, 2009. Technically, for decades.Today is the day we're empowered to remind the career politicians around our country that we the people are in charge. Not them.Today is the day we stop giving up little ...
Continue Reading... -
29 Oct 2010
The business side of Web security (you can’t afford to ignore)
Here's a new piece I wrote about the *other* aspects of Web security beyond the bits and bytes...Don't let this stuff catch you off guard.Preventing phishing attacks is not just a technical issue...
Continue Reading... -
27 Oct 2010
Talk about old school…
I recently came across a Web site I was creating an account for which stated the following for its login requirements:Your user name & password must consist of letters in all caps 4-7 characters in length.Too funny......
Continue Reading... -
18 Oct 2010
AppDetectivePro v7 worth checking out
Have you checked out Application Security's (somewhat) new AppDetectivePro version 7? Have you even heard of AppDetectivePro? If not, it needs to be on your radar. It's a powerful database vulnerability scanner that can perform both unauthenticated penetration tests as well as authenticated audits of SQL Server, Oracle, MySQL, DB2, Notes/Domino and Sybase (wow) systems. A screenshot of a penetration test of an Oracle 11g-based system is shown below:AppDetective is ...
Continue Reading... -
18 Oct 2010
Is this quote one of the contributing factors to lax infosec?
Novelist Robert Heinlein once said "In the absence of clearly-defined goals, we become strangely loyal to performing daily trivia until ultimately we become enslaved by it."I suspect this is a large contributing factor to the lack of information security - and subsequent data breaches - in business today.Feel like you need a jump start on goal setting? Check out this piece I wrote on the subject:Eight steps to accomplishing your ...
Continue Reading... -
11 Oct 2010
Got compliance? Here are some tips for moving ahead.
Tired of "compliance"? Me too. But, it's still one of those necessary (arguably sometimes unnecessary) evils we must deal with in business today.Here are some new pieces I've written for the fine folks at SearchCompliance.com that will hopefully be of some benefit to you and your business.:Priorities for your sound regulatory compliance management policyPut compliance management back into server virtualizationAchieving compliance is about more than secure data encryptionWhat compliance professionals ...
Continue Reading... -
06 Oct 2010
911, what’s your emergency?
There's a saying when seconds count the police are only minutes away. Maybe yes, maybe no - and like I just experienced, sometimes they may not care at all. Let me explain...Have you ever been driving down the road and witnessed someone driving completely erratically to the point where you think "WOW, that person is going to cause a wreck, soon." Well, I was out for a leisurely drive in ...
Continue Reading... -
04 Oct 2010
Beware of the oversights w/default policies in Web vuln scanners
I just ran some Web vulnerability scans against an app I'm testing using a couple of default/benign scan policies. Nothing big turned up. I re-ran the scan using a full scan policy that checks for everything and the new MS10-070 ASP.NET padding oracle vulnerability reared its ugly head...BIG difference in the outcome.Keep this in mind when checking for Web security flaws with your automated scanners and never ever completely rely ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
