iPad POS

While traveling in the US, I noticed that a considerable number of smaller food establishments used an iPad Point of Sale (POS) system. Given the number of POS vulnerabilities reported in the past year, I wondered if the iPad would be a more secure POS platform compared to the traditional ...

1FA

Applications such as Pushbullet strive to integrate our devices by mirroring notifications received on an android phone onto a windows laptop. I can read and even reply SMSes without the need to pick up my phone. Nevertheless, we must be careful when using them since One Time Passwords(OTP) are ...

IJIS plaintext offender

I am always pissed off when I discover that a site I use is a plaintext offender. Well, if they are mom and pop establishments that do not deal with money or personal data, I might exhibit a wee bit of tolerance. However, large cooperations have no excuse especially since salting and hashing is ...

Information Leakage

Piazza is a learning management system that allows students to post questions which are then answered by fellow students or the lecturer. One of the features of Piazza is anonymous posting where students can choose not to reveal their names. Unfortunately, correlations can be made through ...

Uber's github slip up

Background : Uber or one of its contractors uploaded a security key to a public github gist. Malicious actors were able to use the key to access the database and made away with personal details of 50,000 Uber drivers. Article here. This is one of those pesky little problems with version ...

Online text binning tool

I was doing my crypto homework and found that there was no text binning tool available online. Hence, I decided to write my own. A text binning tool is useful for: Encryption using a rail cipher Cryptanalysis of a vigenere cipher after you know the key length - useful to separate each bin so ...