Author Archives: Kevin Lam

Kevin Lam, CISSP has over 10 years of experience in information security and has been publicly recognized in 2008, 2009 and 2010 by companies such as Microsoft for his online security contributions and vulnerability research. In 2010 he was awarded a Developer Security Most Valuable Professional (MVP) award from Microsoft Corporation.

Prior to 2007, Kevin was a senior security team member at Microsoft Corporation. At Microsoft he was responsible for protecting and assessing (penetration testing, vulnerability research and application security code review) the security of high-valued highly-targeted products, infrastructure and assets, as well as envisioning and delivering corporate security strategies. He was also a trusted security advisor and trainer to the executive and security teams of some of Microsoft’s largest customers on malicious hacker techniques, best practices and security strategies. Before Microsoft, Kevin was a lead penetration tester at a Big 4 audit firm where he led simulated malicious hacker attacks against Fortune 100 customer networks and trained other global security consultants.

Kevin is the lead author of the book Assessing Network Security (ISBN: 9780735620339), has contributed to several other books and has published several magazine and online articles. He was also responsible for releasing the initial two versions of the Microsoft Anti-Cross Site Scripting Library, which is used by enterprises world-wide to provide protection from the #1 online attack today.

iPad Accounts Exposed: Finally Someone Got It Right

Perhaps you heard some news about 100k+ iPad user emails and other info getting exposed?  Well turns out that the leak happened due to an unprotected AT&T web server, not due to any flaws related to Apple’s iPad.  What’s interesting about this story is not the data leak itself, but rather how it seems that [...]

A Little Man Bites Dog: Digital River Gets Data Hacked

http://fpn.advisen.com/fpnHomepagep.shtml?resource_id=121037564133993730#top Company gets hacked into. These days stories like are pure man bites dog (no surprise here), but what did interest me here (a la man bites dog) is the fact that investigators involved suspect that the hack may have been an inside job.  It’s refreshing to see that insider threats are getting some spotlight, [...]

LOCKBOX Secure File Transfer Services Sneak Peak

Hi everyone, if you don’t already have a LOCKBOX beta account and wanted to take a sneak peak at our Secure File Transfer service, head on over to http://www.golockbox.com.  We’ve got some more interim information about the service along with some screenshots at the bottom.  Thanks, –Kevin

“Security issues won’t stop cloud ‘tidal wave’”

That was a quote from Barry Briggs, CTO for Microsoft’s internal IT department, from the article at http://www.techflash.com/seattle/2010/05/microsoft_cto_cloud_computiing_an_inevitable_tidal_wave.html.  In the article Mr. Barry was asked what he thought might slow down the growth or adoption of clouds and he brought up the topic of cloud security and some of the security question marks around this topic.  If [...]

Impacta and Microsoft Corporation work together in April 2010 (and December 2009) to protect online customers

Impacta was once again recognized by Microsoft Corporation in the month of April 2010 (and this past December  2009) for helping them to find vulnerabilities in their online services and protecting their customers through responsible reporting. Check out Microsoft’s security researcher acknowledgement page for more information. –Kevin

LOCKBOX Beta 1 is Launched!

“OK … here comes the pain …” –Scarface In August 2009, I booted up the home computer to offload some photos taken during a recent trip across Europe only to find (to my “delight” of course) that both primary and backup drives had failed. Failed drives on a home computer. No big deal normally; however [...]

Impacta donates 10% of its 2009 revenue to local charities

2009 was yet another amazing year for Impacta, so I am proud to announce that we donated nearly 10% of gross profits for 2009 to local and non-local charities. Giving back to the community has always been a key tenet of Impacta’s core values, and we look forward to giving again in 2010. –Kevin

Kevin Lam of Impacta receives 2010 developer security Microsoft MVP Award

Over the weekend I learned that I had received a developer security Microsoft Most Valuable Professional (MVP) award, and I just have to say what an honor this is.  Working with MSRC to resolve vulnerabilities, contributing to the WCF security guide, etc., all that was already fun for me – but when you get an award for something you love doing [...]

What a Year 2009 Was!

Hey All, With 2010 arriving soon, just wanted to give thanks to our customers and say what a great year 2009 was for this company.  When I look back on 2009, here are some of the highlights that come to mind: Delivering some really outstanding results to our customers (we never talk about specific findings, [...]

Sorry, I No Speak (Security) …

Last week I came across two stories about PayChoice (a payroll processing company) and the United States National Security Agency (NSA) getting hacked and really didn’t think twice about them.  Every organization is susceptible to online risk regardless of best-efforts employed, in-house expertise yada yada. A trip to Vancouver, British Columbia this past weekend however got me thinking deeper about those stories and the lessons [...]

Follow

Get every new post delivered to your Inbox.