• 25 Jan 2008

    My articles from this week

    Here's my one information security article from this week that you may be interested in:How secure is your SQL Server network design? (from SearchSQLServer.com)For all of my past information security tips and tricks be sure to check out www.principlelogic.com/resources.html.Enjoy!...

    Continue Reading...
  • 24 Jan 2008

    The difference between personal security and information security

    With it being an election year here in the U.S. we're surrounded by all this talk of big promises by power-hungry politicians. This nauseating process made me start to think about the difference between information security and personal security.Let's start with personal security. The politicians say "Elect me and I'll give you the things you need! I'll take someone else's money - by force - and give it to you ...

    Continue Reading...
  • 22 Jan 2008

    Great show to get inside the mind of the bad guys

    I don't watch a ton of TV but when I do I often lean towards shows that teach me something (Seinfeld, Reno 911!, and South Park aside). If you haven't see it yet, check out the Discovery Channel show called It Takes a Thief. The premise of the show is home security and how weaknesses can/are exploited by burglars. You'll learn about how to keep your home locked down (lots ...

    Continue Reading...
  • 21 Jan 2008

    Crooks will always find a way

    I was perusing the latest issue of Security Technology & Design (a trade mag that I write for) and was reminded of some findings of a recent security assessment...It's: where do the bad guys start when attempting to work their way inside a building? Something that's easy to overlook (and often is) is that of unsecured external access to a building. Think about both network type entry points and walk-in ...

    Continue Reading...
  • 18 Jan 2008

    Neat tool to fight off keystroke loggers in web apps

    I came across the XecureCK tool in Brien Posey's recent SearchWindowsSecurity.com article. It's an application-specific program that's downloaded as an ActiveX control that must be installed on the user's browser (sort of ironic, eh?). It essentially creates an encrypted link between the Windows keyboard driver and the Web site to keep the user's credentials safe and secure...at least the credentials for that one Web site. Thinking back to my days ...

    Continue Reading...
  • 18 Jan 2008

    My articles from this week

    Here are my information security articles from this week that you may be interested in.Web application hacking: Inside the mind of an attacker Cross-site scripting 101: XSS attacks plague Web browsersFor all of my past information security tips and tricks be sure to check out www.principlelogic.com/resources.html.Enjoy!...

    Continue Reading...
  • 17 Jan 2008

    Cox Communications telecom outage highlights the need for better security processes

    This is one of those often-overlooked security operations weaknesses that ends up being one of the most vicious. A fired Cox Communications worker hacks back in and wreaks havoc: https://www.scmagazine.com/former-cox-communications-employee-pleads-guilty-to-hacking-company-network/article/553715/ Also a good reason to watch the "watchers". Funny thing that many people in IT forget: there's this thing called change management that helps quite well in these situations....

    Continue Reading...
  • 16 Jan 2008

    Lax IRS security – yet another reason for the FairTax!

    Apparently a GAO report this week outlines how taxpayer data is at “increased risk of unauthorized disclosure, modification or destruction.” within the IRS: https://web.archive.org/web/20090401053638/http://www.scmagazineus.com/GAO-Lax-IRS-cybersecurity-puts-taxpayer-data-in-danger/article/104008/ Yet another reason to get rid of the IRS! :)...

    Continue Reading...
  • 16 Jan 2008

    So Oracle and Open Source really aren’t that secure…?

    Chock these up and file 'em away in the I-told-so-you category:Apparently Oracle's latest security update contains fixes for 27 flaws including SQL injection:http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1294080,00.html?track=NL-102&ad=617874&asrc=EM_NLN_2899404&uid=1018924Oh, and now our Imperial Federal Government has to spend tax dollars that we've earned that prove that open source software is flawed...?:http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1289637,00.html?track=NL-102&ad=617852&asrc=EM_NLN_2860161&uid=1018924The reality is folks, that regardless of the type of software - I don't care what language it's written in, how much money is charged for ...

    Continue Reading...
  • 14 Jan 2008

    New evidence of wireless way before our time

    This is something that's been out there for a while, but when my Canadian colleague, security guru, and all-around good guy Peter Davis forwarded it to me, I laughed out loud. Had to share it:After having dug to a depth of 10 meters last year, American scientists found traces of copper wire dating back 100 years and came to the conclusion that their ancestors already had a telephone network more ...

    Continue Reading...