isciurus.blogspot.com
Untilted blog: January 2015
http://isciurus.blogspot.com/2015_01_01_archive.html
Mostly about info H Hsecurity, but who knows. Maintained by a humble, crazy russian. Thursday, January 8, 2015. Android app with full control over your Google account. Some time ago after I had defended my diploma thesis on OAuth security my groupmate asked me: "Hey, have you looked into Android OAuth? And I felt slightly lost since I realized there is yet another OAuth implementation, and I didn't know how it works. I would just add a few notes about my own findings to the existing sbktech's post:.
browser-shredders.blogspot.com
Browser Shredders: June 2014
http://browser-shredders.blogspot.com/2014_06_01_archive.html
Saturday, June 21, 2014. Browser Shredders Challenge #1. For some time now I haven't succeeded in triggering password autofill in any iOS browser from a downloaded HTML file (which would allow another easy way to steal passwords). There are no Same Origin Policy constraints for local HTML files, so it seems easy to just open the target website and read the password, but there are some problems:. Password autofill does not work in cross-domain frames in iOS browsers based on UIWebView. 1 Load as plain text.
isciurus.blogspot.com
Untilted blog: Android app with full control over your Google account
http://isciurus.blogspot.com/2015/01/android-app-with-full-control-over-your.html
Mostly about info H Hsecurity, but who knows. Maintained by a humble, crazy russian. Thursday, January 8, 2015. Android app with full control over your Google account. Some time ago after I had defended my diploma thesis on OAuth security my groupmate asked me: "Hey, have you looked into Android OAuth? And I felt slightly lost since I realized there is yet another OAuth implementation, and I didn't know how it works. I would just add a few notes about my own findings to the existing sbktech's post:.
browser-shredders.blogspot.com
Browser Shredders: Exploring and Exploiting iOS Web Browsers - local HTML files
http://browser-shredders.blogspot.com/2014/06/exploring-and-exploiting-ios-web_21.html
Saturday, June 21, 2014. Exploring and Exploiting iOS Web Browsers - local HTML files. A quick summary of the possible methods for preventing UXSS when loading untrusted local HTML files into iOS UIWebView:. 1 Load as plain text. This would probably break the planned functionality of the application, but you can always decide to use loadData method with mimeType text/plain and forget about all the HTML problems. The only application implementing similar solution that I know of is currently Onion Browser.
browser-shredders.blogspot.com
Browser Shredders: iOS UIWebView baseURL
http://browser-shredders.blogspot.com/2014/02/ios-uiwebview-baseurl.html
Sunday, February 09, 2014. UIWebView is one of the most popular components in Cocoa Touch library. It can be used to easily embed web content into iOS applications and - of course - to equally easily introduce Cross-Site Scripting vulnerabilities. When loading content into webView on iOS, a programmer can choose one of three methods:. Did you notice baseURL in the first two? This inconspicuous parameter is quite important when dealing with XSS. Alternatively to loading untrusted local file with loadReque...
browser-shredders.blogspot.com
Browser Shredders: WebView security in iOS - presentation from OWASP Poland meeting
http://browser-shredders.blogspot.com/2014/02/webview-security-on-ios-presentation.html
Sunday, February 02, 2014. WebView security in iOS - presentation from OWASP Poland meeting. English translation: http:/ www.slideshare.net/lpilorz/webview-security-on-ios-en. Original (Polish) version: http:/ www.slideshare.net/lpilorz/webview-security-on-ios-pl. Subscribe to: Post Comments (Atom). Decrypting iOS Applications (Automatically). Hack in the Box Amsterdam 2014. Decrypting iOS Applications (Manual). JavaScript Off for iOS. WebView security in iOS - presentation from OWASP .
browser-shredders.blogspot.com
Browser Shredders: Browser Shredders Challenge #1
http://browser-shredders.blogspot.com/2014/06/browser-shredders-challenge-1.html
Saturday, June 21, 2014. Browser Shredders Challenge #1. For some time now I haven't succeeded in triggering password autofill in any iOS browser from a downloaded HTML file (which would allow another easy way to steal passwords). There are no Same Origin Policy constraints for local HTML files, so it seems easy to just open the target website and read the password, but there are some problems:. Password autofill does not work in cross-domain frames in iOS browsers based on UIWebView. In other words it c...
androiddevice.info
Android Device Inventory
https://www.androiddevice.info/about
This project collects and aggreates information about Android devices. It is designed to be open and trasparent. All data is available and can be downloaded by everyone. We do our best to not collect any data that could identify a particular device or user. If you find an information that could be abused in this sense, please let us know so we can remove it. You want to contribute to this project, have ideas or questions? Jargetz [at] gmail [dot] com. Friends and Related Projects.
SOCIAL ENGAGEMENT