You can't secure what you don't acknowledge.SM

Friday, June 26, 2009

My latest security content

Here's my latest information security content you may be interested in:

Testing rich Internet applications for security holes

The pros and cons of host-based vs. appliance-based tape encryption

As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and more.

Tuesday, June 23, 2009

Running a computer without malware protection?

I'm so glad other people are experiencing anti-malware bloat as well. It seems like I'm having to disable real-time anti-virus, etc. protection quite often to get certain things done. I'm sure Microsoft's forthcoming MSE will fix this. [not holding my breath...]

Monday, June 22, 2009

Charles Schwab hard drive removed & then stolen

Yet another one for the hall of shame list. You know how I am about it, I'm sure this hard drive was encrypted. ;-)

My latest security content

OK, I've been busy and my articles have been stacking up. Here's the first set that were recently published. More to come later this week.

Dumb things IT consultants do

Why it may not be ideal for your lawyer to be your compliance officer

Keys to finding your IT consulting niche

Is all the PCI DSS compliance whining and complaining justified?

Scoping your Web app security assessments for success

Enjoy!

As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and more.

Windows BitLocker's false sense of security

In this piece Tony Bradley provides some great insight into how Windows BitLocker "drive" encryption works in Vista and Windows 7. Actually BitLocker is not drive - or whole-disk - encryption after all...As Tony states it's more like whole-volume encryption.

Keep this in mind when securing your laptop and mobile drives. This could create a pretty serious false-sense of security that everything's locked down when indeed it's not. Same as the false-sense of security Windows EFS has created over the years.

Anyway, the piece is a good read providing a nice overview of how BitLocker works and is worth checking out.

Web application security - ignorance or idiocy?

You've heard me rant about common management and developer views of Web security here and in the articles I write for TechTarget. Here's some third-party validation of my thoughts. Entertaining yet sad.