Mobile apps have become increasingly widespread compared to their desktop counterparts. In addition, many apps often have stricter security requirements since they incorporate micropayments. We also perform sensitive transactions through mobile apps. For example, there are no desktop internet ...

I was doing some reverse engineering and I could not find any tool which expands a 56 bit DES key into a 64 bit key with the parity bit included. Expanding the key is a pretty laborious process involving hex to bin conversions and plenty of manual counting. To add on, some online tools truncate ...

The media initially attributed the hack to a couple of cheap second-hand $10 switches. However, according to further reverse engineering, this is not a snatch and grab but a full scale bank heist perpetrated by determined adversaries with resources at their disposal. Even if the bank had ...

Technical prowess, Legal expertise and Guts. That is what you need to go up against a Nation State Adversary. We shall take the Apple vs US Government debate as an example. Apple obviously has the technical prowess to store the iPhone's PIN code securely. If it were easily retrievable, the ...

Many people have the misconception that biometrics such as fingerprint readers are more secure than passwords. It probably stems from Hollywood spy movies showing Top Secret facilities protected by biometric devices. However, for the vast majority of us who use sensible 8-12 character passwords ...

A number of friends have recently sought my advice on NAS and RAID solutions for storing their personal data. I do not usually give brand recommendations but I will discuss the technology involved. I have never used RAID nor found a need for it, this is because RAID (Redundant Array of ...

Earlier this year, TSA master keys were leaked and ordinary folks were supposedly able to 3D print these keys and open any luggage with a TSA lock. Despite the huge uproar, I personally feel that it is not that big of a deal because Valuables go in hand carry, clothes go in luggage. Few people ...

Yesterday, a CDN was hacked and malicious JS was served to a number of domains. Most websites make use of CDNs to serve up JS so as to reduce page load time. How do we protect ourselves from such attacks? I posed a similar question on Sec.SE some time back. Subresource Integrity is a new ...