Intrepidus Group
Insight

Monthly Archives: April 2011

Is the iOS 4 location tracking privacy issue overblown?

Posted: April 20, 2011 – 4:20 pm | Author: dschuetz | Filed under: Geolocation, iOS, jailbreak, Privacy

Earlier today, a story broke about a database on the iPhone that appeared to track the user’s location. The implication was that anyone could discover where, and when, the device’s owner had been. As far as I can see, this is only partially true. I looked at the database on my own phone, and could [...]

Notacon 8: At Least We’re Not Detroit

Posted: April 18, 2011 – 9:54 am | Author: mmanning | Filed under: Conferences, iOS, NFC

This weekend was Notacon 8, Cleveland, Ohio’s longest running hacker con.  Normally I don’t expect a lot of info sec related talks because in years past, Notacon emphasized the creative interpretation of the term hacker. This year, you could have almost given an entire track just to security related talks; there was even a two [...]

Hey, Skype: the mid-90′s called…

Posted: April 15, 2011 – 12:25 pm | Author: quine | Filed under: android, Cryptography, Mobile Security, Skype

…and they want their flaws back. A recent post by Justin Case over at Android Police discusses some file permission issues (as in “world readable” file permission issues) in the Skype client for Android. Skype’s CISO even posted a terse, slightly boilerplate response to Justin’s finding. As a user of said software, and a natural-born-skeptic, I [...]

Pulling and finding APKs without root on Android

Posted: April 14, 2011 – 9:22 am | Author: benn | Filed under: android, Conferences, Mobile Security

A number of us attended the NY/NJ OWASP meeting last night in New York. It featured great talks from Brad Antoniewicz on proximity card cloning and Jason Rouse on mobile pen-testing. Hats off to Jason who got crazy and donned one of our luchadora masks for his section on Android app testing. Nacho was proud. [...]

Mallory Used to Discover Apps are Watching You

Posted: April 6, 2011 – 3:46 pm | Author: jeremy.allen | Filed under: Conferences, Mallory, Mobile Security, Risk Analysis

There is a good bit of discussion today regarding privacy and mobile applications. Specifically, the folks at Veracode ripped apart Pandora for Android and made some interesting discoveries. This research was spurred by this WSJ article: Mobile-App Makers Face U.S. Privacy Investigation. Referenced in the most recent WSJ article is an older article regarding research [...]

Apple iOS 4.3 adds additional IPv6 user security

Posted: April 4, 2011 – 4:03 pm | Author: wuntee | Filed under: iOS

A little bit of background on IPv6, NDP, Auto-config, Host Address Randomization, and EUI-64 Note: If you understand IPv6, NDP, Auto-config, Host Address Randomization, and EUI-64, please skip In IPv4, there is a requirement to have an external entity handle IP address assignments. Typically this is done by a DHCP server where that server keeps track of host [...]

image

This site is protected with Urban Giraffe's plugin 'HTML Purified' and Edward Z. Yang's Powered by HTML Purifier. 11844 items have been purified.