Month: January 2014

Webcast: Vulnerabilities in Your Medical Practice: Security Testing for Healthcare

Later this month I will be presenting a free webcast:  “Vulnerabilities in Your Medical Practice: Security Testing for Healthcare”.  I’ll be talking about the HIPAA Security Rule, the potential impact at the practice level and actions that can be taken to comply with these requirements and protect your data. The webcast is scheduled for the …

Webcast: Vulnerabilities in Your Medical Practice: Security Testing for HealthcareRead More »

Its more than Healthcare.gov: Lets fix the problem

There has been a lot of buzz around the Healthcare.gov website and the possible security vulnerabilities that it has.  While many people focus on the political side of the story, or just the vulnerabilities themselves, there is a bigger issue here.  An issue that spreads further than just Healthcare.gov or even government sites, but to …

Its more than Healthcare.gov: Lets fix the problemRead More »

HealthCare.gov: Basic Security Failures and IT Bloopers

Secure Ideas has tested hundreds, if not thousands, of applications over the years we have been in business.  Based on this experience, along with our public classes and presentations around application security, Dave Kennedy of TrustedSec asked me to review the details of security flaws within HealthCare.gov.  As part of this review, Dave provided a …

HealthCare.gov: Basic Security Failures and IT BloopersRead More »

Professionally Evil Speaking: Addressing the Real Issues Around Compliance in the Cloud Panel

Secure Ideas is excited to announce that I will be speaking as part of a panel later this month.  On January 30th in Denver, Colorado, the Addressing the Real Issues Around Compliance in the Cloud panel will be held at Mile High Station.  This panel will run from 4pm to 6pm. Faced with HIPAA, PCI, FISMA …

Professionally Evil Speaking: Addressing the Real Issues Around Compliance in the Cloud PanelRead More »

SamuraiWTF Training with Charlotte ISSA

Charlotte ISSA will be hosting a two-day Samurai-WTF (Web Testing Framework) course led by myself (Jason Gillam of Secure Ideas) January 21st and 22nd.  Students will learn the latest Samurai-WTF open source tools and the latest manual techniques to perform an end-to-end penetration test. After a quick overview of pen testing methodology, the instructors will …

SamuraiWTF Training with Charlotte ISSARead More »

Intercepting DNS

Recently during a penetration test, I discovered a Linksys WRT54G wireless router that had been installed on a customer’s network. Surprisingly, this device was accessible from the Internet with default credentials. Watching the client list, I noticed several clients connecting on & off throughout the day. We all know that this is bad, but how …

Intercepting DNSRead More »