Today's Question:  What does your personal desk look like?        GIVE A SHOUT

 CODE SECURITY


  Here is what XcodeGhost author says

The first compiler malware in iOS was disclosed by Chinese iOS developers on Wednesday(Beijing time). The name of this malware is XcodeGhost as described by Alibaba researchers who released the analysis of this malware. The malicious code is located in a Mach-O object file that was repackaged into some versions of Xcode installers. These malicious installers were then uploaded to Baidu’s cloud file sharing service for used by Chinese iOS/OS X developers. Xcode is Apple’s official tool for developing iOS or OS X apps and it is clear that some Chinese developers have downloaded ...

7,700 0       APPLE SECURITY IOS APP STORE XCODEGHOST


  The Curious Case of App Store Optimization

You may have heard of App Store Optimization (ASO) and feel your brains go into overdrive! Chances are you probably have no idea what that means or that it appears pretty much the same as Search Engine Optimization (SEO), only to realize that it is not so. Despite being warily relatable to SEO, the reality of ASO is far more deep and complex. A key differentiator of ASO and SEO is what happens when a visitor or user enters the website or the app, in this case. The moment a user enters the site the purpose of SEO is over, whereas the purpose of ASO begins when a user lands on an app page and th...

2,178 0       IOS APP DEVELOPMENT COMPANY IPHONE APP DEVELOPMENT COMPANY MOBILE APP COMPANY MOBILE APPLICATION


  A new SSL 3.0 vulnerability named POODLE is released

Today a new SSL v3 security vulnerability is released by Google and it affects all products which is using SSL v3 protocol as this vulnerability is introduced by a design flaw.Google revealed details of the design flaw on Tuesday, and dubbed it POODLE – short for Padding Oracle On Downgraded Legacy Encryption. It is a blunder within the blueprints of SSL 3.0 rather than a software bug, so it affects any product following the protocol – from Google Chrome and Mozilla Firefox to Microsoft Internet Explorer.If this vulnerability is exploited by the attackers, the session cookies from ...

6,152 1       GOOGLE VULNERABILITY SSL V3 POODLE


  Severe SSL 3.0 vulnerability to be released

According to The Register, another severe security vulnerability has been found in the widely used SSL v3 protocol. Until now, it's still in patch phase and the details of this vulnerability is expected to be released today.There are a few widely impacted security vulnerabilities revealed this year and they bring people's attention to the long existing security concerns. Previously, we have seen the HeartBleed issue and also the recently ShellShock issue. Both of them occur in popular libraries or frameworks. The HeartBleed issue happens in OpenSSL and the ShellShcok issue happens in bash shel...

5,763 0       SSL SECURITY VULNERABILITY THE REGISTER


  HeartBleed: OpenBSD now starts to clean up OpenSSL

Since the disclosure of HeartBleed bug in OpenSSL, some arguments emerge around the safety of OpenSSL, the largest open source SSL/TLS library used by large number of servers, applications. Some people are even starting to create their own version of SSL library. This includes OpenBSD, a famous Unix like open source operating system.Just a few days after the HeartBleed bug, OpenBSD forked a new branch of OpenSSL and started to clean up the forked branch and plans to merge it to its own code base. So far these changes done on the forked OpenSSL library include:Splitting up libcrypto and li...

4,394 0       HEARTBLEED OPENBSD


  HeartBleed: Inside the heart, what happens to a normal WEB user?

To be brief, our email, IM, facebook etc. are at the risk, so try to minimize the access in these few days. Especially we should try to avoid log into our internet-banking, because we may expose our user id and password. Also later when the service providers fix the bug, we would better to change a new password for all the web accounts that are important to us.Here comes the technical explanation.You might notice before that a lot of websites use URL starting with "https". For example, https://www.google.com.sg. HTTPS literally means secure HTTP, as the "s" stands for secure. Both HTTP and HTT...

4,199 0       ANALYSIS HEARTBLEED


  HeartBleed: Inside the heart, what causes the bleeding?

Just after a few weeks since Apple's famous goto fail bug, there is one bug in OpenSSL which catches the attention from the world again. The bug is named HeartBleed, found in OpenSSL library, a famous open source library supporting lots of  SSL/TLS communication among server/client applications.The reason why this bug catches the attentions from the world is it affects almost all sites which are using the affected OpenSSL library, these includes many applications like Nginx server, some versions of Linux and many famous websites including Yahoo, Amazon. Private keys on the web server may ...

7,619 0       OPENSSL HEARTBLEED


  Password-less login

Most websites need user login in order to provide personalized content to visitors. The usual way is to request user to register an user account.Actually, this is not so appealing since if we need to remember one password for each website, it's troublesome, while for developers, it's their responsibility to protect password, once password is leaked, then it's a big headache to a website's business and reputation.So long time ago people started thinking about password-less login, this is a big release for both users and websites. We discuss some common ways of password-less login.1. OpenIDOpenI...

6,451 0       PASSWORD-LESSLOGIN AUTHENTICATION