Preview Mode Links will not work in preview mode

DevelopSec: Developing Security Awareness

Oct 20, 2015

Hi and welcome to the DevelopSec newscast for October 20th, 2015.  I am James Jardine and I wanted to take a few moments to talk about some recent news stories over the past week.


  • Apps installed a root certificate on device.
  • Could allow monitoring of data, even SSL/TLS traffic.
  • Recommended to uninstall the apps, unfortunately it was not made clear which ones they are.
  • com CSRF bug pays security tester $25,000 -
    • Wesley Wineberg found a Cross-Site Request Forgery flaw in the Microsoft website.
    • Could hijack user sessions.
    • Responsible/Coordinated disclosure allowed flaw to be resolved before publicly disclosed.
  • Medicaid Data Breach, Security Issue at NC and CA Facilities -
    • Spreadsheet sent via email unencrypted.
      • Highlights importance of attention to detail. Sometimes the simplest mistakes create a potential risk.
      • Difficult to prove if data was accessed by unauthorized users.
      • What options could be used instead of emailing the attachment?
    • Thumb drive stolen from employees home
      • Data should be encrypted.
      • Ensure policies exist that cover acceptable use of portal storage.
      • Ensure that employees are trained on the policies.


Join the conversation on google+ ( and Twitter (@DevelopSec)