Panel Rob Napier (twitter github blog) Andrew Madsen (twitter github blog) Jaim Zuber (twitter Sharp Five Software) Charles Max Wood (twitter github Teach Me To Code Rails Ramp Up) Discussion
00:38 - Rob Napier Introduction iOS 7 Programming Pushing the Limits by Rob Napier & Mugunth Kumar RNCryptor 01:30 - Apple and Security
04:21 - Security Concerns Passwords Personal Information 06:10 - Prevention SSL Verisign 09:50 - Generating Certificates Rob's Practical Security Talk, Slides and Sample Code from CocoaConf Rob Napier: Get Security and Privacy Right PBKDF2 13:05 - Initialization Vector AES Cipher Block Chaining (CBC) 16:06 - RNCryptor
17:34 - Formats OpenSSL HMAC AES Crypt 20:55 - Device Encryption
25:28 - Server Security and Storing Passwords Hashing Salting Shor’s Algorithm 37:48 - Breaking Passwords Rainbow Table BitTorrent John the Ripper 41:47 - Keeping Passwords Safe 1Password LastPass Convenience and Security 47:35 - Obfuscation Picks Use Option as Meta Key in Mac OS X Terminal (Jaim) iTerm2 (Chuck) Duct Tape Marketing Revised & Updated: The World's Most Practical Small Business Marketing Guide by John Jantsch (Chuck) Security Now (Chuck) Reflections on Trusting Trust by Ken Thompson (Rob) Coursera: Cryptography I (Rob) Learn You a Haskell for Great Good: A Beginner's Guide by Miran Lipovača (Rob) Next Week
AFNetworking with Kevin Harwood
Transcript
CHUCK: Hey everybody and welcome to episode 32 of iPhreaks. This week on our panel, we have Andrew Madsen. ANDREW: Hi from Salt Lake City. CHUCK: Jaim Zuber. JAIM: I'm still recovering from the Black Friday deals with the pawn shop. I waited in line for three hours to save $5 on an Xbox 360. Totally worth it. CHUCK: [Laughs] I'm Charles Max Wood from devchat.tv. And we have a special guest this week and that’s Rob Napier. ROB: That's right. I'm here in Raleigh, North Carolina. CHUCK: So do you wanna introduce yourself really quickly for people who don’t know who you are? ROB: Sure. I'm an iOS and Mac developer. I was a Mac developer before iOS come around in the iPhone. I write the book iOS Pushing The Limits. And I do a lot of work in the security world, so I keep a security cryptography package called RNCrytor, for simplifying cryptography. CHUCK: Oh, nice. Isn’t that just a bunch of fancy math? ROB: It is just a lot of fancy math. But it’s easy to do it wrong. CHUCK: [Chuckles] That’s for sure. ROB: [Chuckles] ANDREW: Isn’t that computers? Just fancy math? ROB: It’s so true. We need more math. CHUCK: “So easy to do it wrong.” Don’t tell Adobe that. ROB: [Chuckles] CHUCK: So, speaking with security with iOS, it seems like Apple does a lot of things to provide you with security. I mean, they have sandboxing and all the other stuff that they do. Do we really need to worry about security when we are programming for the iPhone? ROB: Oh certainly, yeah. Apple has done a really great job -- I feel -- in iOS. While over the years, there have been various problems; some of the earliest locks didn’t really work well and early device encryption have trouble, but they’ve improved over the years. But iOS is really the first main stream operating system that came out with least privilege as the default, which was really brilliant, that they said day 1, “You are going to be locked in a little sandbox and you can't do anything,” which made it very hard to write malware against the iPhone. But it still doesn’t get us off the hook of managing user information carefully. While we may not get infected with the virus, we still have lots of ways that we could leak our customer information. CHUCK: What are some of those ways? If it’s just a self-contained app and it doesn’t talk to anything else, is that still a risk? ROB: That's true.
