Security

Keep yourself secure - Always run third-party CLI tools inside Docker

Nillion and one-time pads

WebView debugging can be enabled via “WebView.setWebContentsDebuggingEnabled(true)”. Leaving WebView debugging enabled in production Android apps is a bad idea. Anyone who gets hold of the unlocked phone can access the app’s data forever.

Deciphering Snapchat’s security hole

A lot of work is happening in academia and industry on tools to perform dynamic analysis, static analysis, and reverse engineering of android apps. A list of those tools can be seen at https://github.com/ashishb/android-security-awesome.

Came across a few interesting posts like this on my wall today.

As the world moves towards cloud-based storage and computing, the task of storing our data on a PC hard disk is being replaced with cloud-based storage providers. This includes our emails, social data, professional data, and financial data. Accessing this data requires authentication, despite its various limitations, username and password are still the standard way of authentication [though OpenID is slowly becoming popular]. One thing which is crucial in this case is how web services store user’s password.

If you have been already a victim of this, then change your password and unlike the page as soon as possible. A malicious app called “aprilfoolsprank” which likes a page on a user’s behalf and tries to phish a user into disclosing his/her Facebook login and password is taking its toll on Facebook users.

If you are looking for how to avoid or recover: read this one instead. In the past few weeks, a lot of Facebook users have received the following (or similar) messages posted by their friends Hi Friends see Face-book images rotate 360* see here » https://SHADYCLOUDS.TK/ Really cool Facebook revolving images. MUST SEE https://rotatingimage2.tk/. Following are observations and analysis of the same.

The post is written in honor of Sh. Hari Prasad, the winner of EFF Pioneer Award 2010