Hi and welcome to the DevelopSec newscast for October 20th,
2015. I am James Jardine and I wanted to take a few moments
to talk about some recent news stories over the past week.
- Apps installed a root certificate on device.
- Could allow monitoring of data, even SSL/TLS traffic.
- Recommended to uninstall the apps, unfortunately it was not
made clear which ones they are.
- com CSRF bug pays security tester $25,000 -
- Wesley Wineberg found a Cross-Site Request Forgery flaw in the
Microsoft Outlook.com website.
- Could hijack user sessions.
- Responsible/Coordinated disclosure allowed flaw to be resolved
before publicly disclosed.
- Medicaid Data Breach, Security Issue at NC and CA Facilities -
- Spreadsheet sent via email unencrypted.
- Highlights importance of attention to detail. Sometimes the
simplest mistakes create a potential risk.
- Difficult to prove if data was accessed by unauthorized
- What options could be used instead of emailing the
- Thumb drive stolen from employees home
- Data should be encrypted.
- Ensure policies exist that cover acceptable use of portal
- Ensure that employees are trained on the policies.
Join the conversation on google+
(https://www.google.com/+Developsec) and Twitter (@DevelopSec)