-
Update on August Ping Storms
Oct 1, 2024 - 3900 Words |
Still poking around the Noise Storm rabbit hole. I think I've figured out the four main packet types in this storm.
-
Ping Storms at GreyNoise
Sep 27, 2024 - 2600 Words |
GreyNoise has been seeing crazy noise storms full of pings for years. I may have figured out what some of them are.
-
1Password - Full Trip from Unlock to Encryption
Nov 12, 2018 - 1900 Words |
Pulling the whole series together to demonstrate the 1Password vault system from unlock to item decryption
-
BSidesDE - A deep dive into 1Password Security
Nov 9, 2018 - 100 Words |
Slides from my BSidesDE talk, November 9, 2018. A detailed description of how 1Password client unlocking and shared vault encryption works.
-
1Password - Wrapping up with a few quick topics
Nov 9, 2018 - 1400 Words |
Finishing the Inside 1Password series with some miscellaneous topics
-
1Password - Local Vaults
Nov 9, 2018 - 2400 Words |
Looking at how Local Vaults are encrypted, and how that affects unlocking 1Password clients
-
1Password - Into the Vaults!
Nov 9, 2018 - 1500 Words |
How 1Password's shared vaults work
-
1Password - Unlocking Windows Clients
Nov 9, 2018 - 2100 Words |
How the Encrypted Master Key works to unlock the Windows 1Password client
-
1Password - MUKing about on the Mac
Nov 9, 2018 - 2000 Words |
The Master Unlock Key and unlocking 1Pass on macOS
-
How 1Password Works - Getting under the hood
Nov 9, 2018 - 800 Words |
Beginning of a deep dive into how 1password works
-
iPhone Secure Enclave Firmware Key Found
Aug 17, 2017 - 1700 Words |
The key to decrypt the firmware for the Secure Enclave Processor (SEP) on the iPhone 5S has been disclosed. It's actually potentially a good thing.
-
BSidesROC - A (not so quick) Primer on iOS Encryption
Apr 23, 2016 - 100 Words |
Slides from my BSidesROC talk, April 23, 2016. An overview of how iOS encryption works, with emphasis on passcoes and potential attacks.
-
Put away the tin-foil: The Apple unlock case is complicated enough
Feb 19, 2016 - 2100 Words |
A high-level summary of what we know, what we think we know, and what we know we don't know, as well as some words of caution.
-
Mobile App Authentication using TouchID and Tidas
Feb 10, 2016 - 1000 Words |
A first, rough look at a new mobile app authentication service from Trail of Bits
-
ShmooCon - My Hash Is My Passport: Understanding Web and Mobile Authentication
Jan 17, 2016 - 400 Words |
Slides from my ShmooCon talk, January 17, 2016. A detailed overview of how Digest, NTLM, and OAuth work in the context of web and mobile applications.
-
DLP Considered Harmful - A Rant about Reliable Certificate Pinning
Nov 24, 2015 - 1600 Words |
Yet another uninformed, unrealistically idealistic rant about how things *ought* to be. Most readers will probably strongly disagree.
-
Thoughts on CyberUL and Infosec Research
Jul 29, 2015 - 1900 Words |
A discussion of ideas I've been kicking around about security research in general, and how current CyberUL speculation fits in.
-
Salt as a Service: Interesting approach to hashing passwords
Apr 21, 2015 - 1100 Words |
A new service called Blind Hashing, that incorporates salts taken from petabyte-sized cloud databases, hopes to make password cracking obsolete.
-
Nails in the Crypt - White Paper
Mar 6, 2015 - 100 Words |
Nails in the Crypt - White Paper
-
Lenovo, CA Certs, and Trust
Feb 20, 2015 - 1000 Words |
The Lenovo-installed SuperFish man-in-the-middle malware has me thinking again about how the CA system is still broken.
-
ShmooCon - Knock Knock: A Survey of iOS Authentication Methods
Jan 23, 2015 - 1700 Words |
Slides from my ShmooCon talk. A short review of multiple iOS apps and how they handle server authentication, looking at both network use and on-device storage of credentials.
-
Bypassing the lockout delay on iOS devices
Nov 18, 2014 - 700 Words |
A bug in iOS (fixed in 8.1.1) allows a well-timed reboot to bypass the forced lockout timeout, allowing for multiple PIN attempts.
-
What's the deal with keyless entry car thefts?
Oct 28, 2014 - 1100 Words |
Videos of people breaking into cars, and reports of hijacked dealer equipment. Real-world example of why backdoors are bad?
-
MCX - a lousy substitute for proven technology
Oct 27, 2014 - 700 Words |
MCX - a lousy substitute for proven technology
-
iPhone SMS forwarding -- cool, but may be risky
Oct 24, 2014 - 700 Words |
If you've enabled SMS forwarding on your iPhone, you might want to ensure that messages don't get displayed on your Mac when it's locked.
-
Rebutting FUD and privacy issues surrounding Yosemite Spotlight
Oct 21, 2014 - 300 Words |
A response from Apple downplays security concerns raised over how Spotlight search works on Yosemite.
-
NoVA Hackers - iOS Cryptography Slides
Oct 14, 2014 - 700 Words |
Slides from a quick NoVA Hackers talk I pulled together based on recent blog posts about Apple iOS encryption and privacy changes.
-
Even more posts about iOS encryption
Oct 8, 2014 - 700 Words |
The "Apple can't decrypt devices for law enforcement" conversation continues to spawn excellent posts and explanations.
-
A (not so) quick primer on iOS encryption
Oct 6, 2014 - 3900 Words |
Making sense of how iOS encryption works, especially what's changed in iOS 8 and how Apple made it harder for law enforcement, can be difficult. I'll try to help.
-
Stealing user events from foreground apps on Android
Aug 22, 2014 - 200 Words |
Quick description and demo videos for activity hijacking to steal user-entered data like passwords, credit card numbers, and check images. Includes links to USENIX paper.
-
BSLV 2014 - Breaking PRNGs
Aug 6, 2014 - 400 Words |
Quick review of BSidesLV Talk, in which they describe problems with the Mersenne Twister and other similer pseudo-random number generators.
-
Duo Security Bypasses PayPal 2FA for Mobile Apps
Jun 25, 2014 - 300 Words |
Paypal mobile app authenticates, then kicks you out because it's not two-factor compliant. They show how to leverage this into non 2FA access.
-
More Mobile Malware Melodrama
Jun 17, 2014 - 500 Words |
Lots of press recently about a potentially serious malware called Svpeng. A nice case study in the use of FUD in mainstream tech press.
-
iOS Malware - Still FUDish, not quite a Real Problem (yet)
Jun 10, 2014 - 800 Words |
A consolidated list of known malware for iOS. Depending on your definition of malware.
-
Apple ID Compromise and Device Lockout
May 27, 2014 - 400 Words |
Recent reports of users getting locked out of their iOS devices, probably due to compromise of their Apple ID password.
-
Inadvertent OS X Mail Loading of Images in SPAM
May 8, 2014 - 300 Words |
Mail.app's protection against loading images on suspected SPAM messages is broken when forwarding the email to a spam-reporting service.
-
Referrer considered harmful: Leaking location of obscurely shared docs
May 6, 2014 - 300 Words |
Shared files, hidden by the obscurity of their URLs, may be revealed to third parties if the files contain a link to an external site. The remote site can find the file via the referrer header.
-
Sanitize your outputs: Apple ID Password Logfile Disclosure
Mar 10, 2014 - 1500 Words |
-
CVE-2014-1279 - Password Disclosure via Apple TV Touch Setup
Mar 10, 2014 - 1400 Words |
-
iOS 7 and Mavericks: New feature roundup from a security perspective
Jun 11, 2013 - 1300 Words |
-
Apple, Forensics, Law Enforcement, and FUD
May 13, 2013 - 1400 Words |
-
iOS Configuration Profile Ransomware
Apr 11, 2013 - 600 Words |
-
Evading evasi0n: iOS 6 Jailbreak Prevention
Feb 5, 2013 - 600 Words |
-
Tracking Down the UDID Breach Source
Sep 10, 2012 - 1500 Words |
-
Apple's iOS Security Overview
Jun 20, 2012 - 600 Words |
-
Quick Look at Apple Configurator
Mar 9, 2012 - 800 Words |
-
Changes to Apple MDM for iOS 5.x
Jan 31, 2012 - 300 Words |
-
ShmooCon 2012 - Apple MDM Slides
Jan 28, 2012 - 100 Words |
-
iOS MDM Command Reference
Jan 26, 2012 - 100 Words |
-
Finding Which Root CAs You Actually Use
Sep 2, 2011 - 500 Words |
-
BlackHat 2011 - Apple MDM Paper
Aug 4, 2011 - 100 Words |
-
BlackHat 2011 - Apple MDM Slides
Aug 4, 2011 - 100 Words |
-
Inside Apple's MDM Black Box -- Black Hat USA 2011
Jul 28, 2011 - 500 Words |
-
Great Googly Moogly! I'm speaking at Black Hat!
Jul 28, 2011 - 800 Words |
-
Analysis of iOS Location Data from Multiple Devices
Apr 25, 2011 - 2100 Words |
-
Simple Bypass of Safari Restrictions on iOS
Feb 15, 2011 - 600 Words |
-
Bypassing MDM Restrictions for Mobile Safari on iOS 4.2
Feb 15, 2011 - 700 Words |
-
Half-Baked Idea: Isolate Browser Security Contexts to Limit XSS Attacks
Apr 14, 2010 - 1300 Words |