mikeash.com: just this guy, you know?

"A failure in the hot air department"
RSS feed (full text feed) - Show Tag Cloud
Showing entries tagged "security". Full blog index.

by Mike AshTags: fridayqna apple security
The big tech news this week is that the FBI is trying to force Apple to unlock a suspect's iPhone. One of the interesting points around this story is that the iPhone in question is an older one, an iPhone 5c. Newer phones have what Apple calls the Secure Enclave, which some say protects against requests of this nature; even if Apple wanted to break into your phone, they couldn't. Which then brings up an interesting question I've seen a lot of people asking: what exactly is the Secure Enclave, and what role does it play here?

by Mike AshTags: fridayqna fuzzing security
With computer security high on everyone's minds these days, tools that help assess and improve the security of our code are extremely useful. Today I'm going to talk about one such tool, afl-fuzz, which has seen a lot of attention lately and produces some interesting results. I'll discuss how it works and how to use it on your own code.

Use strnstr at 2008-03-18 20:49
by Mike AshTags: strnstr security tiger link osbug
A few months ago I told everyone not to use strnstr. This bug was fixed in Leopard, but persisted in Tiger. Today, Apple finally fixed it in Tiger. Now you can safely use strnstr. I assume that this bug probably still exists on Panther and earlier, but as long as you're targeting Tiger and up (as every sane person ought to), you are now safe.

Don't use strnstr at 2007-09-26 00:00
by Mike AshTags: osbug strnstr security
The strnstr function is broken on Mac OS X 10.4 (and presumably earlier) and should be avoided.
Hosted at DigitalOcean.