My latest security content

Here's my latest information security content...many more to come soon! Hope these prove to be of value to you.

Finding cross-site scripting (XSS) application flaws checklist

The Windows Report - Analyzing the IT Job Market (podcast)

Be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts, my Twitter updates, and more.

Read More

XSS in my article on XSS!?

I "tweeted" about this but I had to post it here as well. I just realized that my new article for SearchSoftwareQuality.com on XSS actually executes JavaScript when loading because of some sample code I inserted into it!! It's not actual XSS but looks like it! Ahh the irony.

Finding cross-site scripting (XSS) application flaws checklist

BTW, I'm working on getting it resolved...

Read More

Know of anyone who is "ignorant of the facts"?

British prime minister Benjamin Disraeli once said "To be conscious that you are ignorant of the facts is a great step to knowledge."

What a great quote related to information security...in the context of both users and management. There are people out there who understand the basics of information security risks. It's all the other people you need to focus on. Here's how you can build credibility and get others on your side with information security.

Read More

Do you have racy photos on Twitter too?

If you're on Twitter you may want to check out your followers - at least their pictures...I'm getting a lot of people with racy photos. Maybe I'm just developing a new fan base of people who feel really comfortable around me! ;-)

And to think that I could have a few hundred more followers on Twitter if I didn't filter out the junk!

Read More

Quoted in today's WSJ

If you can, check out today's Wall Street Journal - page A20. I talk about sensitive information being mismanaged on mobile devices. You may already know how I feel about mobile security...what's it going to take to fix this issue?

Read More

My latest security content

Here are a few new pieces just published. Enjoy!

The lowdown on PCI compliance

Testing rich Internet applications: 2009's best free tools

Big Brother or lowly minion - finding your role in IT

Be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts, my Twitter updates, and more.

Read More

Swimming in Atlanta

We're getting completely drenched here in the South. Pouring rain nonstop for four days and it's not supposed to let up for another few days. Must be all that "global warming". Seriously we've been hearing about reduced sun spot activity as of late (just not so much in the mainstream media because that would go against their religion). Some scientists (likely the ones whose jobs aren't tied to taxpayer funding) believe sunspot activity affects weather here on earth...like the really cold weather we've been having over the past couple of years...and all this rain.

I've always thought that it's quite cocky of man to believe he's powerful enough to change the climate but this guy has beat me to the punch. Some food for thought. That said "man changing the climate" is not what "global warming" is about anyway. But you already knew that.

Anyway, lots of homes and buildings flooded here in my neck of the woods should remind us all that business continuity - even if you work from home - is not something to take lightly. Have a great week, stay dry, and wish us luck!

Read More

4 things you can do right now to find out if your business is at risk

Here's a link to a post I just made that you may be interested in:
4 things you can do right now to find out if your business is at risk

Read More

Reader's choice on best security products

In case you're looking around, here's a good overview of security products that our peers like.

Read More

My latest security content

Here's my latest information security content. Hope you enjoy!

Big IT Lessons Small Businesses Can Learn (an IncTechnlogy.com piece I contributed to)

How often should I change the passwords for my bank and other important online accounts? (a Women's Health magazine piece I contributed to)

Web 2.0 application security troubleshooting, testing tutorial

HIPAA-covered entities, business associates confront HITECH Act rules

Ten sure-fire ways to derail your career in IT

What you should know about cloud backup security (a podcast Q&A)

Be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts, my Twitter updates, and more.

Read More

Third-party apps still a big security issue

A while back I wrote about the importance of patching third-party software on your enterprise desktops. Apparently third-party applications are still out of the security loop. It's a seemingly small problem but it can have pretty big consequences.

Read More

Parental software, is this where we're headed!?

Be careful which parental monitoring software you install on your kids' computers. Looks like some people think their content filtering software is a means to capture the text of IM chats for the purposes of marketing intelligence. Sickening.

Good reason to use a network analyzer to see what's being sent out of your computers/networks! Get an executive or IT admin on one of these computers talking about sensitive subjects and its (unsuspected) data leakage at its finest.

Read More

Have you seen this movie yet?

I took a couple of days off to celebrate the completion of my freshly-updated book Hacking For Dummies, 3rd edition. More on this to come...Anyway, during this time off I went to see the movie District 9 that was most excellent. One of the best flicks I've ever seen. Extremely creative with good acting too! You have to see it while it's still in theaters!!

Read More

Boston Beer a big let down

I heard a Samuel Adams beer commercial on the radio this morning that reminded me of the big let down I had from them recently. I was at a speaking engagement on physical / data center security on behalf of Anixter in Boston (pronounced Bahstun for those of you here in the South with me) and wanted to see some of the sights while I was there.

Being a fan of Sam Adams I hopped (like the pun?) onto their Web site to get tour information. Wasn't there. Seriously....I called their sales # and was told they don't handle tour information there. I was transferred to the "tour guy". No answer - had to leave a message. I kindly asked that he return my call with the basics. Never heard back.

Now, remember, I just wanted basic tour information (where, when, how much). Hey Jim Koch, you're obviously proud of your beer, how hard does it have to be to get tour information??? What a let down...

Now I have a negative association every time I hear a Sam Adams commercial or see Sam Adams beer in the store. Hey at least there's a handful of microbrew alternatives like Flying Dog. And, go figure, they actually have tour information on their Web site. Took me all of 4 seconds to find it. Next time I'm in Maryland maybe I'll pay them a visit.

Anyway, just had to get that off my chest.

Hope you have an excellent week...back in touch soon.

Read More

Loving BitLocker so far...

I recently wrote about Windows BitLocker's false sense of security and I've made it loud and clear that I'm a big advocate of encrypting mobile drives. Well, since I had to reload my laptop recently I decided to take the plunge into Windows 7 la la land and, at the same time, decided to try out BitLocker rather than reload PGP whole disk encryption. I don't know if I'm missing something but, golly, I sure do like it so far....It's seamless. I especially enjoy how it handles removable storage devices so conveniently. [fingers crossed]

Read More

Why Most PowerPoint Presentations Suck

That got your attention, huh? Mine too when I first came across this gem of a book by Rick Altman. It's pretty much all you need to know about what to do - and just as importantly, what not to do - with Microsoft PowerPoint. It has a no nonsense approach to making your presentations better. Mandatory reading for all college students, perhaps??




By the way, Rick Altman is bringing his show to Atlanta in October (the 11th through the 14th). For those of you here in my neck of the woods, Rick is graciously offering a two for one registration here. I'm really looking forward to it and hope to see you there!

Read More

My latest security content

My goodness - it's been over a month since I've posted my latest security content...I've been so busy writing the stuff that posting the links has gotten put on the back burner. Good problem to have! Anyway, here's my latest:

Networking to enhance your IT career

Toeing the company line – is it good or bad for your IT career?

Security and compliance can go together, when done in the right order

Making sense of regulatory compliance and data storage for SMBs

Run encryption the right way to ensure wireless network security

Free Windows security tools every admin must have

Nine common password oversights to avoid

Secure your Windows systems with proper password practices

Secure Windows XP before a Windows 7 upgrade

Essentials of static source code analysis for Web applications

Secure data destruction options for old backup tapes and disk (a piece I contributed to)

Whew...I think that's it for now!

As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts, my Twitter updates, and more.

Read More

Good info on balancing life and work

It's something I work on every day - trying to balance my personal priorities with my work priorities. Being an entrepreneur and a capitalist often conflicts with the responsibilities I have at home. But I've found that it can be done if you choose to do so. Here's a good bit on balancing life and work to get you rolling. Enjoy...and have a nice, long, relaxing weekend!

Read More

Interesting flaw in Sears' Web site all too common

Check out this bit about a security flaw recently revealed on Sears' Web site. As the researcher alluded to, hacking and security are way more than people exploiting known software flaws. There are so many other security issues with Web applications. I see it all the time when doing my manual analyses on Web sites/applications. The sky is the limit for these business logic vulnerabilities and I suspect it'll always be that way. I love being a consultant who performs Web security assessments - there's always something new and challenging!

Read More