The unencrypted iOS kernel and you

So Apple has decided to ship an unencrypted kernel in iOS 10. What does this mean, and what are the practical considerations around this decision? Shipping an unencrypted kernel will now allow for the inspection of the code at the very core of the Apple device, something that we have not had the ability to

Read More

Social engineering construed as blackmail by Halifax Examiner

I fear that the need for salacious headlines from the Halifax Examiner( has grossly misconstrued how social engineering works: So, say one of the city’s IT guys has a down-low life as a S&M fetishist; he’s not hurting anyone beyond his self-selected group of fellow BDSM enthusiasts, but still, it’s not the kind of information he

Read More

Atlantic Security Conference 2014

So, Atlantic Security Conference 2014 is done! It was quite a ride. First off, the weather sucked, no doubt about it. Expect next year to take place in April, if not later(the nicer the weather, the more expensive space becomes). Thanks to our out of town speakers that busted their asses to get to Halifax!

Read More

Bypassing chip and PIN

‘Tis the season, and all that other stuff. What better time for the contact pad on a “chip and PIN” card to be disconnected from the micro-controller inside of my credit card. While inconvenient, it has let me know the fallback modes of various payment system users/providers. It’s difficult to say who decides the variation

Read More

Firmware Reversing (Part 1)

My latest interest has been spawned by an awesome post by (Ruben Santamarta @Reversemode) of IOActive. I always had a rough idea what was going on with applying a firmware image to a device, but it was never anything that I investigated. After reading the article, I was ready to go! I conceptually understood what

Read More

Getting started with GDB

At my work I have access to very smart people, it has become apparent that I needed to learn GDB to be able to advance to some of the more interesting things that are going on. Well, for me, GDB is not the most intuitive thing going, so I decided to learn by doing. My

Read More

Enumerating Supported Ciphers

Sometimes you need to know the supported ciphers on a remote site, well, hopefully this will help (look here but grab it from Github)