Archive for January 28, 2014

 

What do you mean my password is not secure?

January 28, 2014

Almost all of the applications we use have one big thing in common:  they all use a username and password combination.  A common theme we see is the re-use of […]

 

What Do YOU Think About Privacy?

January 23, 2014

“What do you think about privacy?” That’s the question I asked my wife last week. We had just received an email from Target explaining that our personal data was stolen […]

 

Webcast: Vulnerabilities in Your Medical Practice: Security Testing for Healthcare

January 20, 2014

Later this month I will be presenting a free webcast:  “Vulnerabilities in Your Medical Practice: Security Testing for Healthcare”.  I’ll be talking about the HIPAA Security Rule, the potential impact […]

 

Its more than Healthcare.gov: Lets fix the problem

January 17, 2014

There has been a lot of buzz around the Healthcare.gov website and the possible security vulnerabilities that it has.  While many people focus on the political side of the story, […]

 

HealthCare.gov: Basic Security Failures and IT Bloopers

January 16, 2014

Secure Ideas has tested hundreds, if not thousands, of applications over the years we have been in business.  Based on this experience, along with our public classes and presentations around […]

 

Scary Web Services: Part 2

January 7, 2014

This post may seem timely in light of the recent Snapchat compromise.  Although Snapchat’s breach appears to be due to some poor assumptions around an “internal” Snapchat API, it is […]

 

Webcast: Defending Against Web App Attacks Using ModSecurity

January 7, 2014

Later this month I will be presenting a free webcast on ModSecurity and how we can make better use of it.  This is going to be very close to the […]

 

Professionally Evil Speaking: Addressing the Real Issues Around Compliance in the Cloud Panel

January 6, 2014

Secure Ideas is excited to announce that I will be speaking as part of a panel later this month.  On January 30th in Denver, Colorado, the Addressing the Real Issues […]

 

SamuraiWTF Training with Charlotte ISSA

January 3, 2014

Charlotte ISSA will be hosting a two-day Samurai-WTF (Web Testing Framework) course led by myself (Jason Gillam of Secure Ideas) January 21st and 22nd.  Students will learn the latest Samurai-WTF […]

 

Intercepting DNS

January 2, 2014

Recently during a penetration test, I discovered a Linksys WRT54G wireless router that had been installed on a customer’s network. Surprisingly, this device was accessible from the Internet with default […]