security awareness

SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority

In this post, I wanted to give something directly to the Blue Teams out there.  I also thought I would call us out a bit for sending mixed messages to our users.  All too often we find internal websites using invalid SSL certificates when we are on an engagement.  Almost every user awareness document or …

SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority Read More »

The Watering Hole: Is it Safe to Drink?

How many times have you been told you have a vulnerability that you just don’t understand  its relevancy?  Cross-Site scripting comes to mind for many people.   Sure, they get the fact that you can execute scripts in the user’s browser, but often times they really don’t fully understand the impact.  Of course, we determine that …

The Watering Hole: Is it Safe to Drink? Read More »

GSA Database May Have Leaked Information: Kevin Johnson was Interviewed

Recently it was announced that there was a security flaw found in one of the GSA systems that could have allowed for vendors to see other vendor information.  The original article, which you can read in its entirety, can be found at GSA Database May Have Leaked Contractor Banking and Proprietary Information.  Kevin Johnson, CEO, …

GSA Database May Have Leaked Information: Kevin Johnson was Interviewed Read More »

Podcast Show Notes: Why are Passwords so Difficult

Kevin and James just finished up recording episode 2 of the Professionally Evil Perspective podcast.   In this episode there is a brief discussion from Kevin on his experience at RSA and then we start talking about the topic of passwords.  Although we are now into 2013, passwords still are a very hot topic.  This is …

Podcast Show Notes: Why are Passwords so Difficult Read More »

Ninja Developers Webcast Trilogy Overview

Over the past three months, James Jardine and Kevin Johnson were featured in a webcast trilogy titled “Ninja Developers.”  The series was presented through the SANS Institute and an archive of each episode can be found on the SANS website (links provided below).  The purpose of the presentations is to reach out to developers and …

Ninja Developers Webcast Trilogy Overview Read More »

Scroll to Top