Beranda · · · ·
Home » Archive for February 2013

New When you save photos from twitter app, where does it goes? By Patricbensen


Have you tried to save pictures from twitter application on your android phone? Finding where it is now after saving is kinda bit puzzled if you're having too many folders on your phone storage.

Don't get lost, it is only saved at specific directory.




First, go to your 'My files'





DCIM







Camera







And you will find there your recent saved picture.


at No comments:

New How to enable / disable Packet Data? By Patricbensen


First go to your Settings



then tap Wireless and networks

























then tap Mobile networks





and last, check/unchecked Use packet data to enable/disable it.
at No comments:

New Mobile Client Side Certificate Pinning By Patricbensen


I just completed giving a training on Secure Mobile application development and Code reviews and one of the attendees asked me query whether we can limit a Mobile application to allow only the servers certificate to be a trusted one rather than relying on the Mobile's own Trusted Certificate Store?

Well... there is a way actually. Its called as "Certificate Pinning". Rather than relying on the device trusted store, set the application to trust only the servers SSL certificate. This way, when you are connecting to your specific SSL server, you don’t need anyone else to tell you the server’s identity. Compromises of any of the CA in the device trusted store too does not matter as the connection does not rely on it any more. 

There are ways to implement it on both Android and iOS. Twitter for example; implements certificate pinning and i was not able to intercept traffic even after forcing my certificate on to the OS level trusted certificate list.

Good Reads:

Certificate Pinning on iOS:

Certificate Pinning in Android:

Way to achieve this can be seen here, which is a OWASP page explaining the various details on Certificate Pinning.

However, like all other good things, this too can be bypassed :D .. This link will tell you how you can bypass it on iOS using Mobile Substrate and on Android using JDWP.

Understandably this would not be of much use against remote attacks but atleast would help in cases where attacker tries to fuzz for local vulnebilities in the application right? 

I wonder why none of the other applications are not using it and whether there would be any drawback of suggesting it to the client. 
Open for discussion :)
at No comments:

New Instagram for Samsung Galaxy Phones By Patricbensen


Download Instagram

Instagram allows you to add effects on your photos and share them to your followers.



Here's how the effects of instagram looks like.


Normal










Amaro










Rise










Hudson










Sierra










X-Pro










Lo-Fi










Earlybird










Sutro










Toaster










Brannan










Inkwell










Walden










Hefe










Valencia










Nashville










1977
 Kelvin


samsung s3 mobile ipad phones laptop android iphone samsung galaxy ipad mobile ipod touchpad tablet laptop accessories gadgets apple samsung nokia ericson. mobile ipone3 cellphone tablet asia samsung galaxy pocket samsung galaxy y  gadgets SIII iphone5 ipone4 laptop sony vaio mobile phone. cellphone nseries
at No comments: