Information Security Archives
Technology, tricks, bugs, and current events, in the world of Information Security
- Update on August Ping Storms
- Ping Storms at GreyNoise
-
1Password - Full Trip from Unlock to Encryption
Nov 12, 2018 - 1900 Words -
-
BSidesDE - A deep dive into 1Password Security
Nov 9, 2018 - 100 Words -
-
1Password - Wrapping up with a few quick topics
Nov 9, 2018 - 1400 Words -
-
1Password - Local Vaults
Nov 9, 2018 - 2400 Words -
-
1Password - Into the Vaults!
Nov 9, 2018 - 1500 Words -
-
1Password - Unlocking Windows Clients
Nov 9, 2018 - 2100 Words -
-
1Password - MUKing about on the Mac
Nov 9, 2018 - 2000 Words -
-
How 1Password Works - Getting under the hood
Nov 9, 2018 - 800 Words -
-
Encrypting for Apple's Secure Enclave
May 31, 2018 - 2200 Words -
-
iPhone Secure Enclave Firmware Key Found
Aug 17, 2017 - 1700 Words -
-
BSidesROC - A (not so quick) Primer on iOS Encryption
Apr 23, 2016 - 100 Words -
-
Put away the tin-foil: The Apple unlock case is complicated enough
Feb 19, 2016 - 2100 Words -
-
Mobile App Authentication using TouchID and Tidas
Feb 10, 2016 - 1000 Words -
-
ShmooCon - My Hash Is My Passport: Understanding Web and Mobile Authentication
Jan 17, 2016 - 400 Words -
- DLP Considered Harmful - A Rant about Reliable Certificate Pinning
-
Thoughts on CyberUL and Infosec Research
Jul 29, 2015 - 1900 Words -
-
Salt as a Service: Interesting approach to hashing passwords
Apr 21, 2015 - 1100 Words -
-
Nails in the Crypt - White Paper
Mar 6, 2015 - 100 Words -
- Lenovo, CA Certs, and Trust
- ShmooCon - Knock Knock: A Survey of iOS Authentication Methods
- Bypassing the lockout delay on iOS devices
-
What's the deal with keyless entry car thefts?
Oct 28, 2014 - 1100 Words -
- MCX - a lousy substitute for proven technology
- iPhone SMS forwarding -- cool, but may be risky
- Rebutting FUD and privacy issues surrounding Yosemite Spotlight
-
NoVA Hackers - iOS Cryptography Slides
Oct 14, 2014 - 700 Words -
- Even more posts about iOS encryption
-
A (not so) quick primer on iOS encryption
Oct 6, 2014 - 3900 Words -
- Beacons being deployed in NYC phone booths
-
Stealing user events from foreground apps on Android
Aug 22, 2014 - 200 Words -
-
BSLV 2014 - Breaking PRNGs
Aug 6, 2014 - 400 Words -
-
Duo Security Bypasses PayPal 2FA for Mobile Apps
Jun 25, 2014 - 300 Words -
-
Early look at iOS 8 configuration profile changes
Jun 18, 2014 - 200 Words -
-
More Mobile Malware Melodrama
Jun 17, 2014 - 500 Words -
- iOS Malware - Still FUDish, not quite a Real Problem (yet)
- Apple ID Compromise and Device Lockout
-
How much of your email goes through Google?
May 12, 2014 - 200 Words -
- Inadvertent OS X Mail Loading of Images in SPAM
-
Referrer considered harmful: Leaking location of obscurely shared docs
May 6, 2014 - 300 Words -
- Sanitize your outputs: Apple ID Password Logfile Disclosure
- CVE-2014-1279 - Password Disclosure via Apple TV Touch Setup
-
More Fun with Apple TV Hacking (and Manual RSA Signature Validation)
Feb 21, 2014 - 1800 Words -
-
Apple TV Hacking, Counterattacks, and Certificate Pinning
Feb 11, 2014 - 1000 Words -
-
iStupid: the indescreet SSID tool
Jun 19, 2013 - 200 Words -
-
Hijacking accounts using unicode magic
Jun 18, 2013 - 200 Words -
-
Apple's security strategy: make it invisible
Jun 14, 2013 - 200 Words -
-
A chameleon for your streams
Jun 13, 2013 - 200 Words -
-
iOS 7 and Mavericks: New feature roundup from a security perspective – Intrepidus Group - Insight
Jun 11, 2013 - 100 Words -
- iOS 7 and Mavericks: New feature roundup from a security perspective
-
Android Security Overview
Jun 5, 2013 - 100 Words -
-
Skout server leaked nearly-exact location information on users
May 31, 2013 - 200 Words -
-
Auto-updating iOS apps
May 22, 2013 - 100 Words -
-
Two-factor authentication for Twitter: One account at a time
May 22, 2013 - 200 Words -
-
Google Hangouts and XMPP
May 17, 2013 - 400 Words -
-
Recovering iPhone Restrictions Passcode
May 16, 2013 - 100 Words -
-
Social Share Privacy
May 16, 2013 - 200 Words -
-
How To Safely Store A Password
May 16, 2013 - 100 Words -
-
Apple, Forensics, Law Enforcement, and FUD
May 13, 2013 - 1400 Words -
- iSniff your Wi-Fi and GPS your House
-
iSniff your WiFi - Archived Comments
May 10, 2013 - 600 Words - - iOS Configuration Profile Ransomware
-
Getting ready for ShmooCon
Feb 12, 2013 - 300 Words -
- Evading evasi0n: iOS 6 Jailbreak Prevention
-
Tracking Down the UDID Source - Archived Comments
Sep 10, 2012 - 1100 Words -
- Tracking Down the UDID Breach Source
- What the flagnog? The Apple / FBI UDID breach, simplified.
- Apple's iOS Security Overview
-
Apple Using Unsalted Hashes Too?
Jun 7, 2012 - 600 Words -
- Quick Look at Apple Configurator
-
MDM Hacks - Archived Comments
Feb 27, 2012 - 400 Words -
- iOS MDM: Preventing Disassociation DOS and Potemkin Devices
-
Verifying a Detached S/MIME Signature in Python
Feb 21, 2012 - 600 Words -
-
Changes to iOS 5.0 MDM - Archived Comments
Feb 15, 2012 - 1100 Words -
-
Changes to Apple MDM for iOS 5.x
Jan 31, 2012 - 300 Words -
- ShmooCon 2012 - Apple MDM Slides
- iOS MDM Command Reference
- Finding Which Root CAs You Actually Use
-
BlackHat 2011 Preview - Archived Comments
Aug 21, 2011 - 100 Words -
- Strengths and Weaknesses in Apple's MDM System
- BlackHat 2011 - Apple MDM Paper
- BlackHat 2011 - Apple MDM Slides
-
Inside Apple's MDM Black Box -- Black Hat USA 2011
Jul 28, 2011 - 500 Words -
-
Great Googly Moogly! I'm speaking at Black Hat!
Jul 28, 2011 - 800 Words -
-
Nails in the Crypt - Archvied Comments
May 23, 2011 - 400 Words -
- Analysis of iOS Location Data from Multiple Devices
- Is the iOS 4 location tracking privacy issue overblown?
-
NoVAHackers - Nails in the Crypt slides
Apr 11, 2011 - 100 Words -
-
Quantifying the Unknown: Measuring a Theoretical SecurID Attack
Mar 22, 2011 - 1700 Words -
-
The RSA/SecurID Compromise: What is my risk?
Mar 18, 2011 - 900 Words -
-
RSA/SecurID Compromise - Archived Comments
Mar 18, 2011 - 1500 Words -
- VeriFone vs Square - A Draw?
- Simple Bypass of Safari Restrictions on iOS
- Bypassing MDM Restrictions for Mobile Safari on iOS 4.2
-
Nails in the Crypt
Dec 22, 2010 - 800 Words -
-
Rainbow Tables for Unix DES Crypt(3) Hashes
Dec 20, 2010 - 600 Words -
-
Crazy Security Con Weekend!
Apr 23, 2010 - 500 Words -
-
Half-Baked Idea: Isolate Browser Security Contexts to Limit XSS Attacks
Apr 14, 2010 - 1300 Words -