So Apple has decided to ship an unencrypted kernel in iOS 10. What does this mean, and what are the practical considerations around this decision? Shipping an unencrypted kernel will now allow for the inspection of the code at the very core of the Apple device, something that we have not had the ability to
I fear that the need for salacious headlines from the Halifax Examiner(http://www.halifaxexaminer.ca/featured/richard-butts-wants-to-use-your-private-facebook-messages-against-you-morning-file-monday-october-5-2015/) has grossly misconstrued how social engineering works: So, say one of the city’s IT guys has a down-low life as a S&M fetishist; he’s not hurting anyone beyond his self-selected group of fellow BDSM enthusiasts, but still, it’s not the kind of information he
Just a quick note on a project that I’ve been working on at work. It’s a REST client written in Python to scan from the CLI. Never pointy-clicky again with Nessus! https://github.com/tenable/nessrest
So, Atlantic Security Conference 2014 is done! It was quite a ride. First off, the weather sucked, no doubt about it. Expect next year to take place in April, if not later(the nicer the weather, the more expensive space becomes). Thanks to our out of town speakers that busted their asses to get to Halifax!
‘Tis the season, and all that other stuff. What better time for the contact pad on a “chip and PIN” card to be disconnected from the micro-controller inside of my credit card. While inconvenient, it has let me know the fallback modes of various payment system users/providers. It’s difficult to say who decides the variation
My latest interest has been spawned by an awesome post by (Ruben Santamarta @Reversemode) of IOActive. I always had a rough idea what was going on with applying a firmware image to a device, but it was never anything that I investigated. After reading the article, I was ready to go! I conceptually understood what
At my work I have access to very smart people, it has become apparent that I needed to learn GDB to be able to advance to some of the more interesting things that are going on. Well, for me, GDB is not the most intuitive thing going, so I decided to learn by doing. My
Sometimes you need to know the supported ciphers on a remote site, well, hopefully this will help (look here but grab it from Github)
if [ -z $1 ]; then
echo "Usage: $0 site:port"
for i in `openssl ciphers|tr ":" " "`
echo "GET /\n\n"| openssl s_client -connect $1 -cipher $i 2>&1|grep "no ciphers available" >/dev/null
if [ $? -eq 1 ]; then
echo "========== Supported Ciphers for $1: $max =========="
while [ $i -lt $max ]; do
echo "========= Unsupported Ciphers for $1: $max ========="
while [ $i -lt $max ]; do
I have some particularly strong thoughts on drones/UAVs, and the worst part is that they don’t even agree with each other. I can see both sides of the argument, and I can also see how you can abuse both sides of the argument. The Argument for Drones I live in Canada, it’s big, really big.