Monthly Archives: December 2010

Protecting source code

Posted on 2010-12-15 by Graham

As I mentioned on the missing iDeveloper.tv Live episode, one of the consequences of the Gawker hack was that their source code for their internal software was leaked into the Internet. I doubt any of my readers would want that … Continue reading →

Posted in Business, code-level, Data Leakage, Encryption, Policy, Responsibility, software-engineering | 5 Comments

On the Mac App Store

Posted on 2010-12-13 by Graham

I’ve just come off iDeveloper.TV Live with Scotty and John, where we were talking about the Mac app store. I had some material prepared about the security side of the app store that we didn’t get on to – here’s … Continue reading →

Posted in AAPL, Business, code-level, Encryption, government, iDeveloper.TV, Mac, Policy, Talk | 1 Comment

Did the UK create a new kind of “Crypto Mule”?

Posted on 2010-12-08 by Graham

It’s almost always the case that a new or changed law means that there is a new kind of criminal, because there is by definition a way to contravene the new law. However, when the law allows the real criminals … Continue reading →

Posted in Crypto, IANAL | 1 Comment

On how to get crypto wrong

Posted on 2010-12-07 by Graham

I’ve said time and time again: don’t write your own encryption algorithm. Once you’ve chosen an existing algorithm, don’t write your own implementation. Today I had to look at an encryption library that had been developed to store some files … Continue reading →

Posted in code-level, Crypto, Encryption | 1 Comment

A site for discussing app security

Posted on 2010-12-04 by Graham

There’s a new IT security site over at Stack Exchange. Questions and answers on designing and implementing IT security policy, and on app security are all welcome. I’m currently a moderator at the site, but that’s just an interim thing … Continue reading →

Posted in code-level, Policy, Privacy, Talk, threatmodel | Leave a comment

On Fuzzy Aliens

Posted on 2010-12-03 by Graham

I have just launched a new company, Fuzzy Aliens[*], offering application security consultancy services for smartphone app developers. This is not the FAQ list, this is the “questions I want to answer so that they don’t become frequently asked” list. … Continue reading →

Posted in Business, code-level, iPad, iPhone, Privacy, software-engineering, threatmodel | Leave a comment