Monthly Archives: June 2012
Android Network Analysis Redux
There are a lot of ways to do network analysis of mobile apps. Probably too many. There is no right answer, but there are some solutions that will be better than others depending on how the app is developed and what type of traffic you want to analyze. This post is a summary of some [...]
USRP NFC Post Part II
This is not what you think it is, unfortunately. It has nothing to do with the USRP, but is the second in a series of posts which should really be entitled “Alice’s Adventures in NFC-land”. Since the second post in this series was supposed to be about demodulation/decoding, I’ll continue the title with the hopes [...]
Apple’s iOS Security Overview
In late May, Apple quietly published a document entitled, simply, iOS Security. This short whitepaper describes several aspects of security within their iPad, iPhone, and iPod touch ecosystem, providing a high-level introduction to certain features and some fairly deep technical information for others. The stated goal is to help security-minded customers to better understand the [...]
Apple Using Unsalted Hashes Too?
As the LinkedIn password leak continues to occupy the time and attention of password-crackers, I thought it might be worth mentioning another high-profile site which apparently uses unsalted hashes. Two weeks ago, I discovered that Apple sends an unsalted SHA-256 hash as part of an AppleID authentication process. I was looking at traffic from my [...]
