Josh-CO Dev

Solving the worlds problems one line of code at a time.

Leave a comment

Severe Office 365 Token Disclosure Vulnerability

My organization is doing what many organizations that use Microsoft products are doing right now, and that is evaluating Office 365. I think it’s safe to say that the response from the Security team has been overwhelmingly that it is a bad idea from the get go, especially with the amount of confidential data that we have. On top of this, it is a lot more expensive compared to our internal, secure hosting that we are using now. Suffice to say, I was incredibly joyful when I stumbled across an article last night showcasing a severe vulnerability for Office 365. Check it out at: Office 365 Vulnerability

Now, this is being released because Microsoft is about to patch it, but it has been around since at least April, and most likely longer, and there are probably many other security issues as well. It’s always nice to see articles such as this when as Microsoft sales reps are constantly telling you just how secure everything is, how there are no problems, and it is just as secure as the internal hosting we’re using now. We all know it’s a line of bullshit, but it is nice to have the proper validation.


Leave a comment

Dr. Gary McGraw Software Security Keynote

Bug Parades, Zombies, and the BSIMM: A decade of software security!

I had the privilege of attending the HP Protect conference in Washington D.C. this year. I found it to be a great experience and I’ll see if I can’t get a write up of it going sometime in the near future. One thing that I did want to share was an excellent video from the software security keynote by Dr. Gary McGraw of Cigital. Very informative and entertaining.

Leave a comment

Construct 2

Rencently I have been trying out a product by the good people over at called Construct 2. I have only been playing with it for a few days now but have been able to create some pretty cool things. Everything is really intuitive and has a drag and drop type of interface. There is no coding required and all actions are based on an event type system.   Also, you can export your projects to work on any platform: web, desktop, iOS, Android, Windows 8, etc. There is also a free version that you can download to try out the product. Long story short, this is a really cool tool and I plan to write up some tutorials in the near future. Go check them out!

This is what the event editor looks like. You can see how simple the event system works.