Category: security
2015
January
Crypto weaknesses in the Ectual energy meter2014
October
Vulnerability in Apple portal compromised iOS keychain access groupsApril
Phishing out iOS URL schemesMarch
The definitive guide to cookie domains and why a www-prefix makes your website saferFebruary
Why your certificate authority rarely matters, and expensive certificates are not saferJanuary
But where is the decryption key?Watch that cache: Dropbox and Evernote insufficiently protecting iOS 6 user's data
2013
December
An appeal for security for the ordinary developerJune
A basic guide to when and how to deploy HTTPSApril
Proof of concept: arbitrary remote code execution through pickle-backed cookie-based sessions