If you read a few of my other blog posts like Naomi85 – password generator, it might surprise you to know I don’t like passwords, And that I find passwords to be horrible both from a usability and security point of view.Managing passwords is hard. If you try to do it right, you must keep […]
Common Encryption PitfallsPart 3 - Rethinking AccessURL Security Design
This is the last part of a three part blog series about AccessURL – Password Security and Cookies Security issues with AccessURL original implementation Solving all the issues by simple design change In the previous post we saw a few security issues in the way AceessURL generates the passphrase and the id for the share […]
Common Encryption PitfallsPart 2 - Security Issues Found
This is the second part of a three part blog series about AccessURL – Password Security and Cookies Security issues with AccessURL original implementation Solving all the issues by simple design change Security issues found After using AccessURL browser extension I found a few issues which allowed me to get almost any credentials. To have […]
Common Encryption PitfallsWhen Using AES256 Is Not Enough - Part 1
I recently came across AcessURL. AccessURL is an online service which offers an easy way to allow access to online accounts without sharing the account password. Unfortunately, their initial implementation had some security issues. In this post, I will describe and suggest how to fix these issues. It is important to say that AcessURL since […]
Rethinking Ember
It’s been 20 months since I publish my first post about Ember.js. It was suppose to be two part series and I already had the second part ready to go, but I wanted to get more intimate knowledge of Ember before publishing it. it took longer then I thought and the more I learned about […]
Securing Private Piwigo Albums
TL;DR if you just wanna see the code and simple install instructions see the Github repo Update – The original code had a major rewrite to be used as a plugin that will not require any NGINX/Apache special features. Yet it can use advance features like X-Accel-Redirect/X-send-files if available. Though the ideas and methods described […]
Should you use Ember Cli ?
If you are considering using Ember and still comparing it to other frameworks this is not the article for you. Ember has some really strong and positive sides, overall I think Ember is one of the best JavaScript frameworks available today. The way it handles some of the common needs in modern web apps like […]
Bitcoin security back to front
An article written by me has been published in Digital Whisper, the Israeli hacking and information security magazine.
Hacking and Debugging FirefoxOS Part 1 – Gaia
How to Debug Gaia for Firefox OS in emulator and on actual Device (like the ZTE Open)
ZTE open phone – upgrading to firefoxOS 1.1 / 1.3 how to
If you read my previous post about the ZTE Overview, you know I was planning to upgrade my phone to version 1.1 after finding instructions on MDN I thought its going to be easy, but apparently its not as straight forward as one might think. This guide is basically going to organize the information on how to build updated version of firefox OS and Install it on the ZTE Open