-
29 Jan 2009Exploiting a crisis to perpetrate a scam?
Ever have a situation where a crisis is going on and you witness people taking advantage of it for their own ill-gotten gains? For example, like a security breach leading to the purchase of unnecessary technical controls or implementation of draconian policies (especially when the basics haven't even been addressed). All to boost an IT manager's ego.Or look at what President Bush did: exploit 9/11 to give the government more ...
Continue Reading... -
29 Jan 2009
Pros and cons of information hiding
I just read this good article on steganography and started thinking about the potential uses and misuses of this technology.So, do you have a need to hide information on mobile systems/devices to keep prying eyes away in the event of theft or loss? Sounds like a good application for it. Although given the current state of mobile security [mostly nada] I can't imagine too many people would go this far ...
Continue Reading... -
26 Jan 2009
A primer on WEP/WPA hacks & why it doesn’t matter
If you can't justify spending $18.99 on the book I co-authored Hacking Wireless Networks For Dummies, then there's an alternative resource for you to at least be able learn about how WEP and WPA can be exploited. In this recent SearchNetworking.com tip, Lisa Phifer has taken the volumes and volumes of technical jabber about the known attacks against WEP and WPA and distilled them into a simple 5 minute read. ...
Continue Reading... -
26 Jan 2009
Looking for some software to exploit?
If you're learning the ins and outs of Metasploit (one of the most underrated and underused tools in our field) but don't have the software to exploit in a test environment, check out www.securinfos.info/old-softwares-vulnerable.php. Also don't forget about any old copies of Windows, etc. CDs you have lying around....Just load them up on a test machine, VMWare image, or similar and off you go. I can't imagine a more cost-effective ...
Continue Reading... -
20 Jan 2009
Change we can finally “believe in”
Well it's our big day here in the U S of A. The Messiah has become our new leader. Let the four years of us being talked down to with "charisma" and "captivation" begin. Time for the use of the government as an instrument of plunder to grow beyond our wildest imaginations. An era where we push aside our selfish desires for individuality and all become "one".I suspect when he's ...
Continue Reading... -
15 Jan 2009
I laughed out loud when I saw this
From the recent CVE 2008-5754 alert:Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753. Notice anything ironic?Moral of the story: keep your marketing people reigned in....
Continue Reading... -
14 Jan 2009
How much is your product worth?
Henry Ford put it nicely when he said "It is not the employer who pays wages - he only handles the money. It is the product that pays wages." A good quote to remember when it comes to tweaking the quality of your work and proving your value to others....
Continue Reading... -
14 Jan 2009
Are you goofing off too?
In this age, we're all concerned about the well-being of our companies and especially the viability of our jobs. Things are certainly not looking up for at least the foreseeable future in '09. I hear it, I read about it - everyone seems to be concerned. All of this and there's one thing that STILL blows my mind. It's people goofing off on the job.I do a fair portion of ...
Continue Reading... -
12 Jan 2009
My latest security content
Welcome to the first real (i.e. productive) week back in the New Year. These have been stacking up a bit while I've been out fighting this sinus junk that everyone seems to have. So here you go.First off, here's an article I wrote for SearchSoftwareQuality.com:Five predictions for Web security trends and changes for 2009And here's an article I wrote for SearchEnterpriseDesktop.com:Building credibility and getting others on your sideFinally, here's a ...
Continue Reading... -
09 Jan 2009
Are you enslaved by trivial matters?
Here's a really good quote that complements my post on setting goals rather than those silly New Year's resolutions very nicely:"In the absence of clearly-defined goals, we become strangely loyal to performing daily trivia until ultimately we become enslaved by it." -Robert HeinleinSo, sit down - even if it's just for 10 minutes - and set some real goals. Once you get the ball rolling and hold yourself accountable you'll ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
