Thursday, December 29, 2011

Setting up Proxy for Blackberry Simulators

Setting up Proxy for Blackberry Simulators:

1. Install MDS and email simulator

2. Install Device simulator

3. Open the file. The file can be found at \Program Files\Research In Motion\BlackBerry Email and MDS Services Simulators #.#.#\MDS\config
(Please note location differs if you are using a Blackberry JDE (Java Development Environment))

4. Under the [HTTP HANDLER] section, update the following:

application.handler.http.proxyEnabled = true

Wednesday, November 16, 2011

Android 4.0 Face Unlock bypass

Google recently launched its latest Android version (4.0). One of the new features it has is Face Unlock. This is in news with some videos demonstrating how this feature can be fooled by simply showing it a digital image of the user.

A key learning for any developer/vendor is to make sure that they have tested their product for the basic test cases before launching. Think about the bypass vectors for your feature, frame test cases for these vectors, and finally test it to see the result. If you find the test case to fail, then fix the code.

A simple test case for a feature like Face Unlock is to "show it a printed photograph" or "show it a digital image". I am sure Google must have done their part well. Lets wait to listen some official announcement on this.

Tuesday, November 15, 2011

About IPT & 2FA

I read an article today which says-

MasterCard today became the latest company to employ Intel's Identity Protection Technology (IPT) -- which basically converts a laptop or client device into a second factor of authentication -- for online commerce.

Full details here:

My thoughts-

Hardcoded Intel chip plays the role of software token, thus providing the token for Two Factor Authentication (2FA). Entire security lies on the fact that it is very very difficult to break into the hardcoded chip. This sounds promising for now.