Remediate the Pixel4 and Galaxy S10 biometric security flaws with Workspace ONE

I am pretty sure you've heard already about the issues with Samsung Galaxy S10 fingerprint sensor and Google Pixel 4 Face Unlock. Both companies have acknowledged the issues and committed to releasing the patches "soon" (Samsung is said to be testing fixes in certain countries already). What can you in the meantime? With Workspace ONE... Continue Reading →

How long will it take to h@ck y3r Pa$$w0rd?

Ever been annoyed by those password policies that say "One digit, one uppercase, one lowercase" and then cap your password at, say 12 characters? Are those passwords secure these days, when cheap processing power is freely available ? A while ago I've stumbled upon an article where, among other info, some really interesting data was shared about... Continue Reading →

Bypassing Android security via backups (PSK recovery)

In my recent Android trainings and the Android security talk I gave at AppForum 2014 I was asked to provide a sort of a demo that can be easily replicated to explain the importance of maintaining a proper security posture. So I created a script that 'recovers' PSKs from the device and displays them. Before... Continue Reading →

JavaScript is powerful indeed :)

JavaScript just got a promotion in my esteem. I knew this stuff existed, but never seen one live until today. Now, I'm a lucky recipient of a JavaScript Virus! (well, not a real virus, but a downloader, nevertheless...). Read on for more details It all started with this message on GMail, that looked really funky... Continue Reading →

ShellShock and Motorola WLAN Equipment

A tech support article has been published on Motorola's support portal regarding ShellShock vulnerability. A brief note: APxxxx, RFSxxxx, WSxxxx, CBxxxx (existing and legacy) - NOT vulnerable, as they don't have bash at all. NXxxxx and VXxxxx - KIND OF. They have unpatched bash, but it's not exposed through any APIs/UIs unless you already somehow... Continue Reading →