Author: Dan Vasile

TLS, CAs, chains of trust and certificate pinning

I’ve been mocking Sun Tzu and trying to make 3D printing useful in my last articles. It’s time for some hardcore InfoSec action. More specifically how to prevent mobile apps eavesdropping. When a TLS (Transport Layer Security) certificate is assigned, there is a trust chain that is created to verify everyone from the root CA (Certificate Authority)… Continue reading TLS, CAs, chains of trust and certificate pinning

Look too much into the Sun (Tzu) and you will be blinded

You can’t go to a security conference nowadays and not hear at least 700 references to Sun Tzu and his writing, The Art of War. And how important and relevant that book is to the world of Information Security. But let’s not limit our focus to the InfoSec guys. Life coaches (whatever they are) are abusing… Continue reading Look too much into the Sun (Tzu) and you will be blinded

More 3D printing: fixing a broken car key

I’ve been told that my 3D printing hobby is not practical in the real world. And it’s mostly true. That’s why it’s a hobby. However, I managed to solve an otherwise costly problem. Due to domestic accidents (don’t ask), the hook of the detachable car key of the Suzuki Swift can break. With a 3D… Continue reading More 3D printing: fixing a broken car key

The revised and compressed OWASP Top 3 Web Application Vulnerabilities

I love Top 10s. They’re everywhere and about everything: Top 10 Fascinating Facts About Neanderthals, Top 10 Crazy Bridal Preparation Customs, Top 10 Alleged Battles Between Humans And Aliens, etc. But my question was always: why 10? Why not 11? Or 9. Or whatever else? I guess 10 sounds more important than 11 or 9. It’s the decimal system, 10… Continue reading The revised and compressed OWASP Top 3 Web Application Vulnerabilities

Short URLs are Harmful for Cloud Data Sharing

I was never a big fan of sharing cloud data through a unique link, rather than nominating the specific people that can access the data. To me it feels like security through obscurity. It looks something like this: https://{cloud_storage_provider}/?secret_token={some_unique_token} All the security of this model relies in the randomness and length of the secret token.… Continue reading Short URLs are Harmful for Cloud Data Sharing

A slightly more complex 3D printing project – The Pirate

I bought a Prusa i3 kit some time ago, in an effort to experiment a little bit around 3D printing. In parallel, I had a discussion about everything with Dani (like most of our discussions).  Things like Kickstarter, games, prototyping and USB sticks were predominant in that particular one. A few days later he came back… Continue reading A slightly more complex 3D printing project – The Pirate

Updating Kali Linux from behind a restrictive proxy

I installed Kali Linux from the mini ISO, so I ended up with a fully functioning Linux system but with little to no tools (just nmap and ncat). In order to install the tools that are making Kali what it is, I had to install the metapackages. For me, the easiest option was to install all of… Continue reading Updating Kali Linux from behind a restrictive proxy

http vs https performance

A while ago I had a huge argument with a development team regarding the usage of https. Their major concern was that the impact on performance would be so big that their servers wouldn’t be able to handle the load. Their approach was to use https just for the login sequence and plain text communication… Continue reading http vs https performance

Is application security an agile process?

No. Judging by the way it is marketed and sold today, application security is not, by any means, agile. Can it be? Well, Microsoft says so.  When it comes to security, Microsoft changed a lot in the past decade. The development frameworks they offer have built-in security features nowadays. So, if they say security can be built… Continue reading Is application security an agile process?