Researchers have done some interesting work about “smudge attacks” on Android phones. All Android phone owners will have guessed that this attack targets the authentication pattern that is used to unlock an Android phone. And all these owners also know that smudge really is dangerous for this authentication technique. I have tried it with a …
The problems of Twitter with their OAuth implementation have made the headlines, and a full analysis can be found on Ars Technica. The (very) basic idea of the first issue highlighted in this article is as follows: Twitter provides “secret keys” (more like API keys) to developers. When a key is compromised, it is revoked, …
There is no better publicity for a security company than a good scare. Apparently, some guys at Smobile are taking publicity seriously. They have published a report entitled Threat Analysis of the Android Market, which got them some news coverage. The report includes some pretty scary statements, like: 3% of all of the Market submissions …
That’s a question that I have been asking myself for quite a while. How dangerous can a mobile application be? How can it be made more dangerous? Or less dangerous? Here’s a grabbag from Internet today. First, the good side, with two Microsoft articles pointed by Bruce Schneier: The first one is about the authorization …
UPDATED: Added slideshare link. Here is a transcript of my invited presentation at Cardis2010, or at least the things that I thought about before getting there. The slides are available on SlideShare.
Ajit Jaokar has published a post on Mobile Cloud Computing, in which he asks some questions about mobile computing. I found his questions very interesting, so here are my answers (I kept them short, but I will try to develop some things later): a) Is ‘mobile cloud computing’ a distinct domain in itself? Or is …
Being from the smart card industry, I usually don’t spend much time looking at things that work better by swiping cards than by using a good old smart card. Then, a few minutes ago, I looked at the promotional video for the Square payment service. Well, it’s definitely worth watching. The basic idea is to …
Yesterday, I attended the Mobile Barcamp on Security at ETSI. Even though attendance was rather low, the exchanges were interesting, and the unconference format made them even more interesting. It was my first Barcamp, and I really enjoyed it. Among the news and messages spread during the meeting, one struck me, even though it is …
I am French, and I must admit that my government spends a lot of time innovating about technology, in particular in relation with artistic creation. After enacting a wonderful antipiracy law that will cause problems to people with poorer network security skills than their neighbors, a recent report is suggesting to tax Google because it …
I read very alarming news today, for a lot of kids around the world: Santa’s naughty-nice database has been hacked. The very good article shows all the typical issues related to privacy, and also to the fact that some records are grossly incorrect; all typical issues encountered when such a massive leak occurs. Now, here …
