Month: March 2013

GSA Database May Have Leaked Information: Kevin Johnson was Interviewed

Recently it was announced that there was a security flaw found in one of the GSA systems that could have allowed for vendors to see other vendor information.  The original article, which you can read in its entirety, can be found at GSA Database May Have Leaked Contractor Banking and Proprietary Information.  Kevin Johnson, CEO, …

GSA Database May Have Leaked Information: Kevin Johnson was InterviewedRead More »

Admin Consoles, Default Creds, and Sweet Pwnage

When performing internal network penetration tests, one thing that really gets us excited is finding administrative consoles.  Tomcat and PHPMyAdmin are two of the most common that I’ve found from my experience.  The reason we get excited is that many of these consoles have never had the default credentials changed.  Why?  Because they’re on the …

Admin Consoles, Default Creds, and Sweet PwnageRead More »