// archives

linkedin

This tag is associated with 16 posts

App World Dynamic Licensing HOWTO

By December 14, 2009 Post a comment

I started releasing commercial applications on BlackBerry App World and yesterday was the first time I used the Dynamic Licensing model.  I devised a quick solution for working with Dynamic Licensing based on Google App Engine and this post shows how this can be achieved and also includes sample source code for other developers in [...]

The theory behind BlackBerry phone taps

By October 31, 2009 8 comments

The new version of FlexiSpy (which I dissected and posted about) promises to allow a user to spy on a target when he is on a call.  They call it Call Interception.  The site says: “Call Interception is the ability to listen in to an active phone call on the target device. You specify the [...]

The Anatomy Of A Spyware Application – Part 1

By October 31, 2009 14 comments

In keeping with the spirit of raising awareness, I’m pleased to present an in-depth look at the commercial spyware application known as FlexiSpy.  Looking at its creation date, the FlexiSpy domain started its online life in July of 2008 April of 2006, more than a three years ago [thanks Spyphoneguy for pointing that out].  The [...]

Kiss your BlackBerry spyware goodbye

By October 27, 2009 15 comments

I have released the latest version of Kisses.  I promised everyone in my Hack In The Box presentation that I would release newer versions of the toolkit Bugs & Kisses.  Today, I hopefully deliver on that promise.  As far as I’m aware, this tool is the first of its kind to be offered to BlackBerry [...]

BlackBerry OS 5.0.0 knows what you install

By October 25, 2009 4 comments

I took a look at the new BlackBerry version 5.0.0 Operating System API.  RIM is offering the simulator and development kit as a Beta release and I think the OS has already been leaked online.  One excellent feature that RIM have added is the CodeModuleListener.  This interface allows a developer to design an application that [...]

Remote Listening for the BlackBerry

By October 23, 2009 57 comments

I first blogged about PhoneSnoop, a component of Bugs, a few days ago.  PhoneSnoop demonstrates how a BlackBerry can be used to spy on its owner.  It cannot listen into phone conversations or conduct phone taps on BlackBerry handhelds at the moment.  It is, however, possible to add a feature that makes phone taps work.  [...]

PhoneSnoop – Turn a BlackBerry into a portable bug

By October 19, 2009 36 comments

I’m back at work after attending Hack in the Box security conference.  It was an excellent conference and I managed to catch up with a few friends and industry professionals.  The Malaysian conference is still by far bigger than the one held in Dubai.  This year saw roughly 600 people.  I also heard that the [...]

BlackBerry QRCodes – A look inside

By October 17, 2009 2 comments

So I was curious about what the new BlackBerry Messenger 5.0 QRCodes actually contained.  More than that, I was curious to find out if someone can inject weird characters and make the handhled do weird things.  So the first thing I did was get a hold of my own QRCode.  Then I grabbed a copy [...]

@ HITB in KL

By October 7, 2009 Post a comment

I’m at HackInTheBox in KL at the moment.  Delivered my presentation early on today.  The tools I spoke about, Bugs and Kisses, are available in the Resources section.  I’ll do a more detailed write up sometime in the future.

How I tell my clients that XSS is bad

By September 14, 2009 One comment

The mixed bag of reactions to XSS or Cross Site Scripting vulnerabilities is interesting to watch.  As a security professional, I’ve audited banking applications based on web technologies and have in all cases come away with at least one XSS vulnerability.  When presented to the client and to the vendor, I get some interesting reactions. [...]

«Previous