Structure and Interpretation of Computer Programmers

I make it easier and faster for you to write high-quality software.

Thursday, February 25, 2010

Pre-order professional Mac security books!

You too can own a piece of the magic. Professional Cocoa Application Security and Enterprise Mac: Mac OS X Snow Leopard Security are both already in pre-order; use the Amazon affiliate links below if you want to give me a little extra kick-back from the sales of each. You’re most kind :).

posted by Graham at 02:01  

Monday, February 22, 2010

Look what the feds left behind…

So what conference was on in this auditorium before NSConference? Well, why don’t we just read the documents they left behind?

folder.jpg

Ooops. While there’s nothing at higher clearance than Unrestricted inside, all of the content is marked internal eyes only (don’t worry, feds, I didn’t actually pay too much attention to the content. You don’t need to put me on the no-fly list). There’s an obvious problem though: if your government agency has the word “security” in its name, you should take care of security. Leaving private documentation in a public conference venue does not give anyone confidence in your ability to manage security issues.

posted by Graham at 13:48  

Sunday, February 21, 2010

More NSConf code signing fun

I’ll be talking at the US NSConference on Tuesday, with an extended version of my talk on code signing. I’ll cover how it works, what it does, what it doesn’t do, and what it should do. Importantly, there are still a few seats left for the conference so if you can get to Atlanta by Tuesday, come and watch me talk!

posted by Graham at 21:06  

Monday, February 15, 2010

iPh0wnage

I just reviewed a blog post I wrote for Graham Cluley a while back, in which I looked at the impact a common vulnerability on the iPhone and Mac would have. I think in the run-up to the iPad’s release, it’s a risk worth bearing in mind.

posted by Graham at 12:15  

Thursday, February 11, 2010

Anatomy of a software sales scam

A couple of days ago, Daniel Kennett of the KennettNet micro-ISV (in plain talk, a one-man software business) told me that a customer had fallen victim to a scam. She had purchased a copy of his application Music Rescue—a very popular utility for working with iPods—from a vendor but had not received a download or a licence. The vendor had charged her over three times the actual cost of the application, and seemingly disappeared; she approached KennettNet to try and get the licence she had paid for.

Talking to the developer and (via him) the victim, the story becomes more disturbing. The tale all starts when the victim was having trouble with her iPod and iTunes, and contacted Apple support. The support person apparently gave her an address from which to buy Music Rescue, which turned out to be the scammer’s address. Now it’s hard to know what she meant by that, perhaps the support person gave her a URL, or perhaps she was told a search term and accessed the malicious website via a search engine. It would be inappropriate to try and gauge the Apple support staff’s involvement without further details, except to say that the employee clearly didn’t direct her unambiguously to the real vendor’s website. For all we know, the “Apple” staffer she spoke to may not have been from Apple at all, and the scam may have started with a fake Apple support experience. It does seem more likely that she was talking to the real Apple and their staffer, in good faith or otherwise, gave her information that led to the fraudulent website.

The problem is that if you ask a security consultant for a solution to the problem of being scammed in online purchases, they will probably say “only buy software from trusted sources”. Well, this user clearly trusted Apple as a source, and clearly trusted that she was talking to Apple. She probably was, but still ended up the victim of a scam. Where does this leave the advice, and how can a micro-ISV ever sell software if we’re only to go to stores who’ve built up a reputation with us?

Interestingly the app store model, used on the iPhone and iPad, could offer a solution to these problems. By installing Apple as a gateway to app purchases, customers know (assuming they’ve got the correct app store) that they’re talking to Apple, that any purchase is backed by a real application and that Apple have gone to some (unknown) effort to ensure that the application sold is the same one the marketing page on the store claims will be provided. Such a model could prove a convenient and safe way for users to buy applications on other platforms, even were it not to be the exclusive entry point to the platform.

As a final note, I believe that KennettNet has taken appropriate steps to resolve the problem. As close as I can tell the scam website is operated out of the US, making any attempted legal action hard to pursue as the developer is based in the UK. Instead the micro-ISV has offered the victim a discounted licence and assistance in recovering the lost money from her credit card provider’s anti-fraud process. I’d like to thank Daniel for his information and help in preparing this article.

posted by Graham at 07:29  

Thursday, February 11, 2010

Code snippit from NSConference presentation

Here’s the code I used to display the code signature status within the sample app at NSConference. You need to be using the 10.6 SDK, and link against Security.framework.

#import <Security/SecCode.h>
- (void)updateSignatureStatus { SecCodeRef myCode = NULL; OSStatus secReturn = SecCodeCopySelf(kSecCSDefaultFlags, &myCode); if (noErr != secReturn) { [statusField setIntValue: secReturn]; return; } CFMakeCollectable(myCode); SecRequirementRef designated = NULL; secReturn = SecCodeCopyDesignatedRequirement(myCode, kSecCSDefaultFlags, &designated); if (noErr != secReturn) { [statusField setIntValue: secReturn]; return; } CFMakeCollectable(designated); secReturn = SecCodeCheckValidity(myCode, kSecCSDefaultFlags, designated); [statusField setIntValue: secReturn]; }

That’s all there is to it. As discussed in my talk, the designated requirement is a requirement baked into the signature seal when the app is signed in Xcode. Application identity is verified by testing whether:

  • the signature is valid;
  • the seal is unbroken;
  • the code satisfies its designated requirement.

Of course there’s nothing to stop you testing code against any requirement you may come up with: the designated requirement just provides “I am the same application that my developer signed”.

posted by Graham at 03:04  

Tuesday, February 9, 2010

On multitasking

TidBITS unwittingly hits the nail on the head while talking about iPad OS multitasking (emphasis added):

It’s easy to imagine wanting to use an iPad to read text in Mobile Safari, copy some text to a Pages document, and send that document to a colleague via Mail. That specific example may turn out to be possible with the current iPhone OS, but it points toward needing more ways for iPad apps to work together in the future.

Let me break down the user’s workflow here:

  1. User reads text in Mobile Safari.
  2. User copies text to a Pages document.
  3. User e-mails that document to a colleague.

The flow of tasks is linear. The user does not need Mail open while reading the text in Safari, nor Safari open while pasting text in Pages. Whether a platform supports multiple simultaneous applications or not, users typically work with one at a time.

The advantage of multiple open apps is that the user can switch tasks really quickly (the other oft-quoted benefit, of being able to see context in multiple places at the same time, is actually a feature of a windowing UI: a different technology, and one that iPhone OS lacks). The disadvantage is a technical one—the operating system must allocate resources to applications that the user isn’t currently working with. The iPhone (and, I presume, the iPad) provides fast task-switching anyway, through its recommendation that app developers retain app state on termination and recover it on launch. The act of moving between apps via the home screen is supposed to feel like switching tasks, even if it’s implemented by a kind of pause-and-resume.

posted by Graham Lee at 11:36  

Friday, February 5, 2010

Oops. (updated twice)

Q: What caused this?

A: this. A Vodafone employee used the corporate Twitter account to post the message:

[@VodafoneUK] is fed up of dirty homo’s and is going after beaver

And as the Vodafone apology attests, this was no hacking attack, instead a case of TGI Friday on the part of an employee. This goes to show that you don’t need an external attacker to ruin your corporate image if you hire the right staff.

Update: according to an article in the Register, the problem tweet was caused by an employee on a different team in the same office misusing an unlocked terminal with access to Vodafone’s Twitter account. They have fired the employee, but no word on whether they’re reviewing their security practices. I’m reminded of the solution taken to combat safe-cracking at LANL when Richard Feynman showed how easy it was to open the safes with their confidential contents: don’t let Richard Feynman near the safes.

Update again: Vodafone’s official reply:

On Friday afternoon an employee posted an obscene message from the
official Vodafone UK Twitter profile. The employee was suspended
immediately and we have started an internal investigation. This was not
a hack and we apologise for any offence the tweet may have caused.

This sounds like there’s the potential for their practices to be altered as a result of their “internal investigation”, hopefully they’ll make more information available. It would definitely make an interesting case study on responding to real-world security issues.

posted by Graham at 09:40  

Thursday, February 4, 2010

Core Data Haiku competition results!

I was sent a review copy of Core Data: Apple’s API for Persisting Data on Mac OS X by Marcus Zarra. The problem is that I already own a copy. So I held a Core Data Haiku competition on Twitter; best haiku about core data posted with the #coredatahaiku tag wins the book. Sorry if you wrote a great haiku without using the hashtag, but I didn’t read it.

Anyway, the results. My decision is final, no correspondence regarding the judgement shall be entered into, the squirrel flies south to Leningrad.

Non-entering sample haiku for comparison purposes

This is mine:

Archiving does not
Make schema changes easy
So #lickahoctor

very much of its time, you’ll agree.

Dishonourable mentions

A couple of people sent entries via Facebook, which didn’t count within the rules of the game. So without naming the guilty parties:

I don’t want the book

I just like writing haiku

Nothing wrong with that!

When learning Cocoa,

Reasonably new to it,

The more books the bett-

Honourable mentions

The standard was very high, so I’m pleased to publish every entry, congratulations to you all for some inspired poetry. In a way, there are no losers, because you all helped to make the world a better place. In reverse chronological order (because I’m pasting from the Twitter search page):

I do not know what

Core data is. Need the book.

Please let me win it. — OrigamiTech

Lost In Winter Ills

Result Sets Unsorted Again

Managed Object Found — chwalters

With multiple stores

Inside one application

Little kittens weep — inquisitiveCode

object tree…

query is made

leaves rustle — ErikAderstedt

Core Data Haiku

NSManagedObjectCon

Text just doesn’t fit — hatfinch

its way too complex

painful big design upfront

I’ll Archive instead — alancfrancis

Core Data framework

You manage object models

NSPredicate — adurdin

Core data is fun

makes storage easy and fast

elastic wombat — GreyAreaUK

The Winner!

Core Data haiku winners and immortal beings played by Sean Connery share an important characteristic: in the end, there can be only one. And it’s this one, from adurdin:

SELECT * FROM thing

WHERE value =… fuck it—

just use Core Data.

Congratulations! I’ll contact the winner via Twitter to send him his prize.

posted by Graham Lee at 11:40  

Powered by WordPress