Author Archives: Graham

About Graham

I make it faster and easier for you to create high-quality code.

On the Mac App Store

Posted on 2010-12-13 by Graham

I’ve just come off iDeveloper.TV Live with Scotty and John, where we were talking about the Mac app store. I had some material prepared about the security side of the app store that we didn’t get on to – here’s … Continue reading →

Posted in AAPL, Business, code-level, Encryption, government, iDeveloper.TV, Mac, Policy, Talk | 1 Comment

Did the UK create a new kind of “Crypto Mule”?

Posted on 2010-12-08 by Graham

It’s almost always the case that a new or changed law means that there is a new kind of criminal, because there is by definition a way to contravene the new law. However, when the law allows the real criminals … Continue reading →

Posted in Crypto, IANAL | 1 Comment

On how to get crypto wrong

Posted on 2010-12-07 by Graham

I’ve said time and time again: don’t write your own encryption algorithm. Once you’ve chosen an existing algorithm, don’t write your own implementation. Today I had to look at an encryption library that had been developed to store some files … Continue reading →

Posted in code-level, Crypto, Encryption | 1 Comment

A site for discussing app security

Posted on 2010-12-04 by Graham

There’s a new IT security site over at Stack Exchange. Questions and answers on designing and implementing IT security policy, and on app security are all welcome. I’m currently a moderator at the site, but that’s just an interim thing … Continue reading →

Posted in code-level, Policy, Privacy, Talk, threatmodel | Leave a comment

On Fuzzy Aliens

Posted on 2010-12-03 by Graham

I have just launched a new company, Fuzzy Aliens[*], offering application security consultancy services for smartphone app developers. This is not the FAQ list, this is the “questions I want to answer so that they don’t become frequently asked” list. … Continue reading →

Posted in Business, code-level, iPad, iPhone, Privacy, software-engineering, threatmodel | Leave a comment

On secrets

Posted on 2010-11-29 by Graham

Secrets are hard. Especially in the digital domain, but we can see examples in other environments too. Let’s take a look at a couple of historical examples. It used to be the case that all of Britain’s diplomatic traffic was … Continue reading →

Posted in Uncategorized | Leave a comment

On utilities

Posted on 2010-11-24 by Graham

When I worked on an antivirus application, we used to have a joke in our team that we’d choose which one of us would accept the Apple Design Award for our product. Not that we weren’t striving for ADA-quality work; … Continue reading →

Posted in Uncategorized | Tagged antivirus | 1 Comment

On phone support scams and fake AV

Posted on 2010-11-17 by Graham

A couple of weeks ago, I posted on Twitter about a new scam: Heard about someone who was phoned by a man “from Windows” who engineered his way into remote access to the mark’s computer. Fast forward to now, the … Continue reading →

Posted in antivirus, Malware, Phishing, Scam, user-error | 2 Comments

On free Mac Anti-Virus

Posted on 2010-11-04 by Graham

On Tuesday, my pals at my old stomping ground Sophos launched their Free home edition Mac product. I’ve been asked by several people what makes it tick, so here’s Mac Anti-Virus In A Nutshell. What is the AV doing? So … Continue reading →

Posted in antivirus, Business, Malware, PCAS | 8 Comments

Rumors of your runtime’s death are greatly exaggerated

Posted on 2010-10-23 by Graham

This is supposed to be the week in which Apple killed Java and Flash on the Mac, but it isn’t. In fact, looking at recent history, Flash could be about to enter its healthiest period on the platform, but the … Continue reading →

Posted in AAPL, Business, Updates | Leave a comment