Monthly Archives: December 2010
Civil War Ciphers Fall!
About a week ago, a story hit the wires about a recently-discovered coded message from the Civil War. It had been sealed in a vial, in The Museum of The Confederacy, for years, and was only recently unfolded and decoded. The story was relayed to me with the challenge “extract the key,” so I did. Actually, [...]
To JavaScript Crypto or Not
The short answer is: if it is in a browser, then no, you probably should not be doing it. A nice discussion on Hacker News regarding a new SRP service, autho.me came up today. SRP is the Secure Remote Password protocol, and it is a wonderful little authentication protocol that has slowly been gaining recognition [...]
Rainbow Tables for Unix DES Crypt(3) Hashes
Some time ago, I started thinking about the possibility of using Rainbow Tables to crack old-school Unix crypt(3) passwords. Nobody had done this, and the reason most often cited was the presence of the two-character salt at the beginning of the hash. This didn’t make a whole lot of sense to me. I mean, 2 [...]
The Secret is Out: WSJ on Mobile Application Privacy
Good morning! Like many of us, my morning includes a warm cup of coffee, working my way through some E-Mails, and skimming through the blogosphere. About halfway though this ritual I came across one very interesting piece by the Wall Street Journal. To call this article a simple blog post doesn’t do it justice. This [...]
Mallory and Me: Setting up a Mobile Mallory Gateway
Over the past few months, we have put Mallory through its paces. Scores of mobile applications have had their network streams MiTMd by Mallory. It has become one of a few important tools that we use on a daily basis. Because we use it so often, we sometimes forget that it may seem quite difficult to [...]
Gawker: DES crypt fun using John the Ripper with MPI
When I heard about Gawker getting compromised I knew it was not going to be pretty. Particularly with regards to their password database. Once again, the ugly warts of shared secret authentication systems are brought to the headlines. We got our hands on a copy of the password database. For reasons only Gawker administration know [...]
Jailbreaks, iPhone, iPad, and MDM
This article is part 2 of our gripping thriller on mobile platform trustworthiness, which focuses on the iOS platform and some of the new features in iOS 4.x. This article assumes you have made the leap of faith and are ready to bring iOS devices onto your network as full participants. Now you need to [...]
NFC: RFID enabled smartphones and mobile devices are coming
History Lesson: Who is this guy in the picture and what saying of his is most often misquoted? Answer: …at the end of this post. There as been a great deal of buzz about “contactless shopping” being enabled in the next generation of cell phones here in the United States. Google will be including APIs [...]
