Attacking the Keypad

As electronics have become cheaper, and thereby more prolific machinery which use to be strictly mechanical are being replaced with electronic equivalents. Locks are no different. Electronic locks are both simpler to manufacture and offer features which are very hard to achieve with mechanical systems. One of the major benefits to electronic locks is the ability to […]

August Lock Firmware Keys

David Wang, the guy who has done some absolutely amazing research on Apple’s secure enclave technology recently reached out to me on twitter, asking if August had stopped leaking the firmware keys for their locks. Unfortunately this is not a question I can answer in 140 characters. I will provide a more detailed writeup on […]

Microsoft MVC’s Doggy Door

TLDR: Microsoft MVC has a ‘secret’ backdoor which is not very useful for developers or hackers. Recently I was poking around in the Microsoft MVC codebase trying to figure out how to make my own bundler. While there I came across the following rather peculiar looking code:

The August Smart Lock’s not so smart password reset (Part 2)

If you have read my earlier article on the August Smart Lock you know it does not have a two factor authentication system in-spite of the claims of its creators. This article will be about an exploitable vulnerability in August’s authentication system. August was first notified of this weakness on December 19, 2014. As of writing this […]

The August Smart Lock’s not so 2-Factor Authentication (Part 1)

TLDR: August really doesn’t have two-factor authentication, but what they have maybe good enough. I recently got my hands on the new August Smart Lock, but not to put on my door (well at least not yet). Instead I was interested in the security of a product which is claimed to be “completely secure”. No joke […]

The case of Sparkfun ‘security’

Sparkfun is an online store which sell , electronics for hobbyist. They also are my go to store when I need any small electronics (arduino, raspberry pi, etc.). Unfortunately while their store and service is great the security of their site leaves something to be desired. I am writing this article prior to disclosure, but by the […]

Web browser security model

Working in software development I am always surprised by how often developers don’t understand the security model of the platforms they work on. In this article I would like to share with you some of the basics of browser security. The topic has a lot of depth but I believe if one understands several fundamental principle […]

CSRF in MVC asp.net

Sometime 140 characters is not enough to explain your point. Recently on twitter Troy Hunt [someone you should be following] said the following in response to my claim that asp.net mvc did not offer out of the box protection from CSRF. @jmaxxz classic ASP (which this article refers to) has no anti forgery token paradigm, […]

BDD Part 1 of N

Lets talk about software development. Recently I have worked to get a team I am part of using a new development methodology called BDD, or behavior driven development. If you develop software at all, and have not been living under a rock for the past 10 years you maybe wonder if BDD is anything like TDD. The answer is […]

Fibonacci Interview Question

Assessing someone’s technical skill level is a quite difficult thing when one only has 30 minutes.  Let me start by saying I am no expert at how to do this, but I would like to share my favorite interview question for assessing a developer’s experience the question is targeted for C# developers. However, most of it the […]