Rob Napier (twitter github blog) Andrew Madsen (twitter github blog) Jaim Zuber (twitter Sharp Five Software) Charles Max Wood (twitter github Teach Me To Code Rails Ramp Up)
00:38 – Rob Napier Introduction
iOS 7 Programming Pushing the Limits by Rob Napier & Mugunth Kumar RNCryptor
01:30 – Apple and Security
04:21 – Security Concerns
Passwords Personal Information
06:10 – Prevention
09:50 – Generating Certificates
Rob's Practical Security Talk, Slides and Sample Code from CocoaConf Rob Napier: Get Security and Privacy Right PBKDF2
13:05 – Initialization Vector
AES Cipher Block Chaining (CBC)
16:06 – RNCryptor
17:34 – Formats
OpenSSL HMAC AES Crypt
20:55 – Device Encryption
25:28 – Server Security and Storing Passwords
Hashing Salting Shor’s Algorithm
37:48 – Breaking Passwords
Rainbow Table BitTorrent John the Ripper
41:47 – Keeping Passwords Safe
1Password LastPass Convenience and Security
47:35 – Obfuscation
Use Option as Meta Key in Mac OS X Terminal (Jaim) iTerm2 (Chuck) Duct Tape Marketing Revised & Updated: The World's Most Practical Small Business Marketing Guide by John Jantsch (Chuck) Security Now (Chuck) Reflections on Trusting Trust by Ken Thompson (Rob) Coursera: Cryptography I (Rob) Learn You a Haskell for Great Good: A Beginner's Guide by Miran Lipovača (Rob)
AFNetworking with Kevin Harwood
CHUCK: Hey everybody and welcome to episode 32 of iPhreaks. This week on our panel, we have Andrew Madsen.
ANDREW: Hi from Salt Lake City.
CHUCK: Jaim Zuber.
JAIM: I’m still recovering from the Black Friday deals with the pawn shop. I waited in line for three hours to save $5 on an Xbox 360. Totally worth it.
CHUCK: [Laughs] I’m Charles Max Wood from devchat.tv. And we have a special guest this week and that’s Rob Napier.
ROB: That’s right. I’m here in Raleigh, North Carolina.
CHUCK: So do you wanna introduce yourself really quickly for people who don’t know who you are?
ROB: Sure. I’m an iOS and Mac developer. I was a Mac developer before iOS come around in the iPhone. I write the book iOS Pushing The Limits. And I do a lot of work in the security world, so I keep a security cryptography package called RNCrytor, for simplifying cryptography.
CHUCK: Oh, nice. Isn’t that just a bunch of fancy math?
ROB: It is just a lot of fancy math. But it’s easy to do it wrong.
CHUCK: [Chuckles] That’s for sure.
ANDREW: Isn’t that computers? Just fancy math?
ROB: It’s so true. We need more math.
CHUCK: “So easy to do it wrong.” Don’t tell Adobe that.
CHUCK: So, speaking with security with iOS, it seems like Apple does a lot of things to provide you with security. I mean, they have sandboxing and all the other stuff that they do. Do we really need to worry about security when we are programming for the iPhone?
ROB: Oh certainly, yeah. Apple has done a really great job — I feel — in iOS. While over the years, there have been various problems; some of the earliest locks didn’t really work well and early device encryption have trouble, but they’ve improved over the years. But iOS is really the first main stream operating system that came out with least privilege as the default, which was really brilliant, that they said day 1, “You are going to be locked in a little sandbox and you can’t do anything,” which made it very hard to write malware against the iPhone. But it still doesn’t get us off the hook of managing user information carefully. While we may not get infected with the virus, we still have lots of ways that we could leak our customer information.
CHUCK: What are some of those ways? If it’s just a self-contained app and it doesn’t talk to anything else, is that still a risk?
ROB: That’s true.