Security

HULK BASH! - The Internet is Broken, But My Part is Fine

Well, the Internet is broken again. It sucks to be us (and by “us” I mean “people whose income depends on a working Internet”).

I Am Chroot But as for my piece of the Internet, I'm not too worried. I'm paranoid, but not worried.

I’ve been hacked a lot over the years. The first Unix machine I ever had root on was hacked within a week of me becoming responsible for it — because it was one of the few unmetered machines at the university where I was working my way through school.

Published at September 25, 2014 ·  2 min read

Steal This Code and Protect Their Data: Simplifying KeyChain Access

Invalidname Meet iPhone Explorer Invalidname Learn Keychain Noel Llopis Keychain is Obtuse

 

 

##The Code

The last couple of months, I’ve been working on my first Mac App (more on that in a later post).  As part of this App, I’m calling a REST API that requires that I have the user’s password for that service to use in the API calls.  Although that API is a minor part of the App, and although the service doesn’t have horrible consequences if someone gets the user’s password for it (in my opinion at least), there was no way I was going to store that password on disk unencrypted.  After all, users have a bad tendency to use the same password for multiple services, and one of those other services might contain important information.

Published at September 3, 2011 ·  4 min read

Hidden VPN/DNS Gem in Apple's iOS4.1 announcement today

I’ve been on-again, off-again fighting with getting my iPhone 4 to talk to a Cisco VPN concentrator to connect to a company internal network.  The iPhone would connect, but it couldn’t resolve any names, but my iPad worked with no issues.Turns out, the problem was with iOS 4.0.x’s implementation of  Multicast DNS.  According to this IETF draft, ‘…Any DNS query for a name ending with “.local.” MUST be sent to the mDNS multicast address…’, which Apple took literally for iOS 4.  Turns out the company whose VPN I’ve been having trouble with uses .local as their internal DNS domain.Although there’s no documentation I’ve been able to find, it seems that iOS 4.1 changes this behavior, because after updating my iPhone 4 to the iOS 4.1 GM seed today, it started being able to resolve the .local addresses just fine.As an added bonus, under 4.0, the iPhone would ask for a password every time I tried to connect to the VPN.  Under 4.1 (or 3.2), the password is saved like you would expect.

Published at September 2, 2010 ·  1 min read