Category Archives: Vulnerability

More security processes go wrong

I just signed a piece of card so that I could take a picture of it, clean it up and attach it to a document, pretending that I’d printed the document out, signed it, and scanned it back in. I … Continue reading

Posted in Authentication, Vulnerability | Comments Off on More security processes go wrong

On the top 5 iOS appsec issues

Nearly 13 months ago, the Intrepidus Group published their top 5 iPhone application development security issues. Two of them are valid issues, the other three they should perhaps have thought longer over. The good Sensitive data unprotected at rest Secure … Continue reading

Posted in buffer-overflow, code-level, Crypto, Data Leakage, Encryption, iPad, iPhone, ssl, Updates, user-error, Vulnerability | 2 Comments

On the broken(?) Mac App Store

A day after the Mac App Store was launched, people are reporting that it has been cracked. There are two separate stories here, a vapourware circumvention of the FairPlay DRM used to generate the receipts and a report that certain … Continue reading

Posted in Business, Crypto, Encryption, Mac, Vulnerability | 1 Comment

Careful how you define your properties

Spot the vulnerability in this Objective-C class interface: @interface SomeParser : NSObject { @private NSString *content; } @property (nonatomic, retain) NSString *content; – (void)beginParsing; //… @end Any idea? Let’s have a look at a use of this class in action: … Continue reading

Posted in iPad, iPhone, Mac, Vulnerability | 2 Comments

On localisation and security

Hot on the heels of Uli’s post on the problems of translation, I present another problem you might encounter while localising your code. This is a genuine bug (now fixed, of course) in code I have worked on in the … Continue reading

Posted in buffer-overflow, l10n, Mac, Vulnerability | 2 Comments

Which vendor “is least secure”?

The people over at Intego have a blog post, Which big vendor is least secure? They discuss that because Microsoft have upped their game, malware authors have started to target other products, notably those produced by Adobe and Apple. That … Continue reading

Posted in Business, Responsibility, threatmodel, Vulnerability | 2 Comments

Security flaw liability

The Register recently ran an opinion piece called Don’t blame Willy the Mailboy for software security flaws. The article is a reaction to the following excerpt from a SANS sample application security procurement contract: No Malicious Code Developer warrants that … Continue reading

Posted in Malware, Policy, Responsibility, Vulnerability | Comments Off on Security flaw liability