Monthly Archives: October 2011
The story of how qemu met MIPS and created netcat
Earlier this week I found myself in a predicament when I was reversing a stripped down MIPS embedded device. The device had minimal available memory and the only real executables on it were an even more stripped down busybox executable, tftp, and tcpdump. My goal was to obtain tcpdump logs being captured on device, but [...]
Protect your Apple Developer Certificates
A discussion of Apple Developer certificates came up. The conversation was focused on how a third party developer wanted access to an organizations certificate so they could build the application for the organization and (potentially) publish it to the Apple App Store. The developer’s request did not surprise me, but it did surprise a couple [...]
Intrepidus hosting a Convergence notary
Suffice to say, the Certificate Authority trust model seems to be fundamentally broken, and with increasing attention paid to it from numerous angles, it’s likely to need a massive overhaul before getting any better. However, there are efforts underway to change the way we think about trust in this capacity. Moxie Marlinspike, known for his [...]
Mutual Authentication in Android and iOS
This is a post on implementing mutual authentication while programming for Android and iOS. For the sake of brevity and focusing on the technical side of things, I’m assuming here that: 1. You know what client authentication is 2. You know how to issue certificates to your clients 3. You know how to configure IIS/Apache/webserver_that_floats_your_boat [...]
Rochester Security Summit
If you live in Rochester, October marks the time of year when you once again prepare for Winter and and attend the Rochester Security Summit. Since 2006, RSS has been organized by the local chapters of OWASP and ISSA, and other interest groups like RIT, University of Rochester, and local businesses. The conference has three tracks [...]
