To continue on with the series of “who we are” here at secure ideas, here is the second profile post. Please feel free to reach out to each of us with any comments or questions you may have! Who am I: James Jardine, Principal Security Consultant at Secure Ideas. What do I do at Secure …
Recently it was announced that there was a security flaw found in one of the GSA systems that could have allowed for vendors to see other vendor information. The original article, which you can read in its entirety, can be found at GSA Database May Have Leaked Contractor Banking and Proprietary Information. Kevin Johnson, CEO, …
GSA Database May Have Leaked Information: Kevin Johnson was InterviewedRead More »
Mobile security is a very hot topic and there are some pretty cool events just around the corner. If you are looking for great information, check these events out. No, This is not an April Fools Joke, James Jardine and Kevin Johnson will be doing a webcast on April 1st “Ask the Expert Webcast: Mobile …
As one of the founders of Secure Ideas, I am often asked how someone gets into InfoSec and/or how do they get hired at Secure Ideas. So I thought it would make sense to discuss this here on the blog… So the first thing to understand is that I think that it is critical to …
Kevin Johnson and John Strand recently gave a presentation at RSA 2013 titled “Tactical Sec Ops: A Guide to Precision Security Operations.” Not surprisingly, this has been something that we’ve been talking quite a bit about internally. So much so that Secure Ideas will be teaching Tactical Security Ops at Black Hat USA. We initially …
So here at Secure Ideas we have decided to do a small series of posts. The purpose of these posts is to provide a quick introduction to each of the consultants on staff. Its kind of a fun and quick post. Please feel free to reach out to each of us with any comments or …
A while back I had to deal with a compromised web server for some folks. They had some WordPress sites with a vulnerable plugin and found that attackers were putting up malicious web pages for other victims to view. The owners of the sites were understandably upset. The malicious files names didn’t follow much of …
When performing internal network penetration tests, one thing that really gets us excited is finding administrative consoles. Tomcat and PHPMyAdmin are two of the most common that I’ve found from my experience. The reason we get excited is that many of these consoles have never had the default credentials changed. Why? Because they’re on the …
Kevin and James just finished up recording episode 2 of the Professionally Evil Perspective podcast. In this episode there is a brief discussion from Kevin on his experience at RSA and then we start talking about the topic of passwords. Although we are now into 2013, passwords still are a very hot topic. This is …
Podcast Show Notes: Why are Passwords so DifficultRead More »
Over the past three months, James Jardine and Kevin Johnson were featured in a webcast trilogy titled “Ninja Developers.” The series was presented through the SANS Institute and an archive of each episode can be found on the SANS website (links provided below). The purpose of the presentations is to reach out to developers and …