Monthly Archives: November 2011
EA Origin vulnerabilities, responsible disclosure, and the Force
If you’re a gamer like me, you’ve probably been waiting for the release of Star Wars: The Old Republic, currently being developed by Bioware. I’ve been looking for beta codes, and came across Penny Arcade’s beta code give-away some time ago (bless their souls). As I was signing up for the beta, I noticed something [...]
USRP for NFC Part 1
The USRP from Ettus Research is an awesome tool for radio analysis. It’s a really complex tool that is capable of doing almost anything involving radio signals (see these two previous Insight posts by Corey and myself, and Raj). That doesn’t even scratch the surface, though. This post will go into the detailed hardware setup [...]
OWASP ATL: Mobile Application Assessment Presentation
I recently gave a presentation at OWASP ATL on the OWASP Mobile Top 10 and how to assess mobile applications. This was a light weight discussion of the OWASP Mobile Top 10 and some topical and technical concerns related to securing mobile applications. Download the presentation here: [download id="276"] These videos show various testing [...]
Manitree: AndroidManifest.xml Auditor
Part of my presentation at this year’s Rochester Security Summit on Android security, included a reference to a tool that would help automate the process of detecting insecure app’s on Android devices. This was basically my research into how effective analyzing the AndroidManifest.xml file was at detecting insecurities in an app. AndroidManifest.xml Insecurities: It turns [...]
NFC Intent Filters in Android 4.0 – Don’t forget the AAR
If you were developing a NFC application on Gingerbread for Android and were using intent filters, you had to be concerned about other applications on the device trying to intercept those intent messages. We did a blog post about this in May titled “Hijacking NFC Intents on Android“. Well with Ice Cream Sandwich, you now [...]
