Category Archives: iPad

On SSL Pinning for Cocoa [Touch]

Posted on 2011-12-07 by Graham

Moxie Marlinspike, recently-acquired security boffin at Twitter, blogged about SSL pinning. The summary is that relying on the CA trust model to validate SSL certificates introduces some risk into using an app – there are hundreds of trusted roots in … Continue reading →

Posted in code-level, iPad, iPhone, ssl | 6 Comments

TDD/unit testing video training for iOS developers

Posted on 2011-07-18 by Graham

I recently recorded a series of videos on unit testing and test-driven development for iOS developers with Scotty of iDeveloper.tv. The videos and associated source code is now available for purchase and download.

Posted in code-level, iDeveloper.TV, iPad, iPhone, software-engineering, Talk, TDD, tool-support | Comments Off

On what Marcus said

Posted on 2011-06-05 by Graham

This post is a response to Why so serious? over at Cocoa is my Girlfriend. Read that. Welcome back. OK, so firstly let’s talk about that damned carousel. Kudos to the developer who wrote a nice smoothly scrolling layer-backed image … Continue reading →

Posted in code-level, iDeveloper.TV, iPad, software-engineering | 1 Comment

A Cupertino Yankee in the Court of King Ballmer

Posted on 2011-05-25 by Graham

This post summarises my opinions of Windows Phone 7 from the Microsoft Tech Day I went to yesterday. There’s a new version of Windows Phone 7 (codenamed Mango) due out in the Autumn, but at the Tech Day the descriptions … Continue reading →

Posted in Business, iPad, iPhone, Mac, tool-support, WebObjects, WinPhone | 1 Comment

On the top 5 iOS appsec issues

Posted on 2011-05-20 by Graham

Nearly 13 months ago, the Intrepidus Group published their top 5 iPhone application development security issues. Two of them are valid issues, the other three they should perhaps have thought longer over. The good Sensitive data unprotected at rest Secure … Continue reading →

Posted in buffer-overflow, code-level, Crypto, Data Leakage, Encryption, iPad, iPhone, ssl, Updates, user-error, Vulnerability | 2 Comments

On platform-specific strategies

Posted on 2011-05-07 by Graham

I’m writing some library code at the moment that needs to work on both Mac OS X and iOS. The APIs I need to use on each platform are different, so I need different code on each platform. I also … Continue reading →

Posted in code-level, iPad, iPhone, Mac, software-engineering | 2 Comments

Storing and testing credentials: Cocoa Touch Edition

Posted on 2011-04-29 by Graham

This article introduces the concept of key stretching, using code examples to explain the ideas. For code you can use in an app that more closely resembles current practice, see Password checking with CommonCrypto. There’s been quite the media circus … Continue reading →

Posted in Authentication, code-level, Crypto, iPad, iPhone, Mac, password, PCAS | 7 Comments

What happens when you jailbreak an iPad

Posted on 2011-03-31 by Graham

Having played around with an iPad running a jailbreak OS yesterday, I thought it would be useful to explain one possible attack that doesn’t seem to get much coverage. As I’ve discussed in numerous talks, the data protection feature of … Continue reading →

Posted in Encryption, iPad, iPhone, ssh | 2 Comments

On NSInvocation

Posted on 2011-03-16 by Graham

I was going to get down to doing some writing, but then I got some new kit I needed to set up, so that isn’t going to happen. Besides which, I was talking to one developer about NSInvocation and writing … Continue reading →

Posted in Foundation, iPad, iPhone, Mac, software-engineering | Leave a comment

On Fuzzy Aliens

Posted on 2010-12-03 by Graham

I have just launched a new company, Fuzzy Aliens[*], offering application security consultancy services for smartphone app developers. This is not the FAQ list, this is the “questions I want to answer so that they don’t become frequently asked” list. … Continue reading →

Posted in Business, code-level, iPad, iPhone, Privacy, software-engineering, threatmodel | Leave a comment