-
13 Nov 2012Are you doing enough to protect your secrets? It’s unlikely.
If the person who heads the CIA can't keep his "secrets"; nothing's secret. It's as simple as that.What are you doing to ensure your intellectual property is protected?Lawyers will claim their contracts are enough. Management will leave their heads in the sand and claim their IT folks are handling it. Neither are enough.Fix the silly/ridiculous/inexcusable low-hanging fruit on your network and then put the proper technologies and procedures in place ...
Continue Reading... -
01 Mar 2012
My final takeaway from #RSAC
I said my farewell to the RSA Conference Tuesday evening but had some final thoughts about the show that I wanted to share with you.In addition to the keynotes I talked about, I attended a mock trial session involving malware, a digital certificate acquired for ill-gotten gains, and a healthcare company that ignored all things HIPAA (heard that a million times!) as well as a session by HP's Jacob West ...
Continue Reading... -
25 Jan 2012
Complacency, meet APT – How basic oversights lead to complex malware infections
Low-hanging fruit – that is, the missing patches, default passwords, lack of full disk encryption and so on present in practically every environment – is something I’ve ranted about time and again because there’s no reason to have it on your network. Why? Well, for one thing, rogue insiders may just exploit it for ill-gotten gains. But even worse, low-hanging fruit can be the target of malware exploitations that you’re ...
Continue Reading... -
17 Dec 2011
WebInspect: How SQL injection testing *should* be done
SQL injection is arguably the grandest of all security vulnerabilities. It can be exploited anonymously over the Internet to gain full access to sensitive information - and no one will ever know it occurred. Yet time and again it's either: overlooked by people who don't test all of their critical systems from every possible angle overlooked by people who haven't learned how to properly use their Web vulnerability scanners overlooked ...
Continue Reading... -
15 Dec 2011
Going green’s tie-in with infosec
If you've been following my blog and my principles for even a short period of time you've probably figured out that I pull no punches when it comes to personal responsibility and limited government. There's hardly anywhere I'm more passionate in this regard than the marketing smoke and mirrors of "Going Green" and the religion of "global warming". I should say "climate change"; that covers warming and cooling for the ...
Continue Reading... -
09 Nov 2011
Wooo…HIPAA audits are coming & the irony of KPMG’s involvement
I've always believed that compliance is a threat to business [hence why I help businesses take the pain out of compliance by addressing their actual information security issues] and this new bit from HHS's Office of Civil Rights is no different. Apparently the HIPAA audits are coming...KPMG - an audit firm that has already proven they have trouble implementing the basic security controls they audit others against - scored a ...
Continue Reading... -
04 Sep 2011
DNS hack: UPS, National Geographic, Acer, etc. websites affected
Happy (almost) Labor Day...here's the latest from the criminal hackers: a DNS hack has redirected numerous websites of UPS, National Geographic, Acer, The Register and more. Nice. Betcha it was some low-hanging fruit someone, somewhere overlooked....
Continue Reading... -
08 Jun 2011
Weiner fallout: “I got hacked” is the new scapegoat
I recently met up with some technology lawyer colleagues after work and we shared our thoughts on the Anthony Weiner "incident". We were talking about how early on in the saga no one but Weiner and the lucky recipients of his tweets really knew what the truth was. Predictably, as we're seeing and hearing more and more these days, Weiner came out and said "I was hacked. It happens to ...
Continue Reading... -
06 Jun 2011
InfraGard Atlanta hack highlights some lessons for us all
What started with an email from a colleague's compromised Gmail account Friday evening has ended up making international news - the InfraGard Atlanta website has been hacked. With user names, email addresses and passwords - including those associated with the FBI - available via a quick web search I knew that this was a pretty serious issue. Although I've been disconnected from InfraGard Atlanta for the past ~6 years, I ...
Continue Reading... -
04 May 2011
SecureWorld Expo better than ever
I attended this week's SecureWorld Expo in Atlanta and must say that the show is better now than ever before. I cut my professional speaking teeth with these guys speaking at dozens of their events between 2003 and 2007. I've taken some time off since but going back and seeing some of the same friendly faces brought back good memories.The best session I attended was William Hugh Murray's keynote on ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
