BitTorrent Analysis!!!

By -
Bittorrent Analysis (Source: theRegister.co.uk)
 Interesting research that analyzes bittorrent traffic to find content providers.

Popular posts from this blog

Potential DoS Vulnerability with Android System

By S G -
Image
I had reported a potential flaw in the Android system that could be used to perform DOS (Denial-of-Service) on an Android Phone. The issue was caused by a poor programming assumption which could have been avoided with a good programming 101 course . I had developed a tool called c-ray to help me with quick and dirty pentest and analysis of android applications and system. I stumbled on the issue while playing around with android core system and c-ray application. The issue was caused by an input validation error caused by assumption of the developer. An intent to "android.accounts.GrantCredentialsPermission" class of android core system results in system crash and reboot of the system. Further analysis and reasons below.
Read more

iOS Credential Leakage

By S G -
Now that iOS 5 has released and Apple CLAIMS to have fixed the issue, I believe its time for a full disclosure... What Users/Enterprises MUST know: I had reported a security vulnerability with iOS 4 implementation to Apple in OCT 2011. This vulnerability allows an attacker with physical possession of an iOS device or an attacker with the ability to remotely jailbreak a device to retrieve the victims EXCHANGE/Account (email or exchange account) credentials (username + password) in clear text. Hence, if an iOS 4 device is lost/unwillingly jailbroken, immediate steps MUST be taken to ensure that the users credentials are RESET or account locked. Remote administration options like Remote Wipe/Lock/Locate are not effective as an attacker can easily bypass or block remote administration options. This issue has been partially addressed and fixed by Apple in iOS 5. New changes in iOS 5 ensures that the credentials on an iOS device remain secure if a device is lost/stolen. However, the ri...
Read more

Why does my Android App READ SMS?

By -
I have been wanting to write a blog on this topic for quite a while and finally here I'm. With the rampant adoption and popularity of Android phones, Android apps and android market place are gaining wide spread popularity. I have noticed that most of the apps that we see/use now ask for seemingly harmless permissions like "READ PHONE STATE", "READ_SMS" etc. This post highlights the dangers and security flaws associated with "READ_SMS" permission on Android devices.
Read more