Clik here to view.
Does the end user care about security? Do they have to?
Consequences. Or rather experiencing the consequences… that, can inspire change. A perfect example; most people I know that are serious and disciplined about regular system backups do it because...
View ArticleRIM Security: Employer BES vs. Employee BIS – Part 1
When we perform security testing of blackberry applications for our customers, we have to consider the device from 5 points of view: BES managed blackberry application that pushes data over the carrier...
View ArticleClik here to view.
Identifying Malware via User-Agent Headers
Can you tell if a host is remotely infected just by a single HTTP request? For some malware the answer is yes. By now, I think our readers are pretty familiar with PhishMe. As you can imagine, we see a...
View ArticleClik here to view.
Mobile Rooting Jailbreaking: Feature vs Privilege Escalation
I had the opportunity to take a very interesting Android Forensics course last week offered by ViaForensics. They’ve compiled great research and have developed some excellent tools for Android devices...
View ArticleMobile Platform Trustworthiness
How trustworthy are mobile platforms and devices? For the maintainers of corporate networks and those charged with protecting sensitive data on those networks this is a very serious question. Corporate...
View ArticleClik here to view.
NFC: RFID enabled smartphones and mobile devices are coming
History Lesson: Who is this guy in the picture and what saying of his is most often misquoted? Answer: …at the end of this post. There as been a great deal of buzz about “contactless shopping” being...
View ArticleClik here to view.
Gawker: DES crypt fun using John the Ripper with MPI
When I heard about Gawker getting compromised I knew it was not going to be pretty. Particularly with regards to their password database. Once again, the ugly warts of shared secret authentication...
View ArticleDiscussion: Application Security Debt
I am going to break a rule of good blogging and straight-away direct my readers to some background material with the promise of a quick summary in this post: Application Security Debt and Interests...
View ArticleBug Bounties: Do they work?
Two years ago at CanSecWest Charlie Miller, Alex Sotirov and Dino Dai Zovi declared there would be no more free bugs. One of the leading philosophies for the “no more free bugs” statement is that an...
View ArticleiOS 7 and Mavericks: New feature roundup from a security perspective
Yesterday Apple unveiled the latest versions of OS X (code-named Mavericks) and iOS 7, at the annual World Wide Developer Conference (WWDC). The general focus was on end-user features and items of...
View Article
