Network Security

A Bluetooth vulnerability was released this week for devices using up to version 5.1 of the Bluetooth specification allowing an attacker to influence the key length of the encryption key needed to setup a secure connection between to devices.  According to the Bluetooth SIG (Special Interest Group), an attacker can attempt to perform this attack if two vulnerable devices are wit

If you have ever gathered connection metrics using URLSessionTaskTransactionMetrics then you may have noticed that this year Apple has now exposed a few TLS properties to the public API.  The first is negotiatedTLSCipherSuite and the next negotiatedTLSCipherSuite.  The reason this is interesting is that these values seem to have been around since iOS 7, but now are being released in the Security framework in the new iOS 13 beta.  These properties will be very useful for connection diagnostics

Today after reviewing the public disclosure from Jonathan Letischuh on Medium about the Zoom webcam exploit I decided to take a look at my local copy of macOS 10.15 and detail my tests for anyone wanting to test this on their machine or prevent this from happening to them too.  This exploit is covered in full detail at

Now the Google I/O’ 19 is officially in the books I wanted to do a short overview on some of the interesting Android Encryption updates announced at this years event.

On December 6th, 2018 iOS 12.1.1 came out and now requires that all publicly-trusted Transport Layer Security (TLS) server authentication certificates issued after October 15th, 2018 meet the Certificate Transparency policy to be trusted on Apple's platforms.  This will mean that all certificates used in iOS applications will need to include

As a long time mobile and server side engineer I have been involved in many different types of projects over the years.  Some small, and some large, but all with one recurring trend; the mobile clients need to consume data from a server to perform a task.  Sometimes this data being consumed is small, and other times the application needs to continuously poll or be notified of new data to keep the application up to date it real time.

On September 11th, 2018 the OpenSSL team released a Long Term Support (LTS) version (1.1.1) of OpenSSL which will be supported by the community and the core team for the next five years.  This LTS release includes many new features such as TLS 1.3, ABI version compatibility, new cryptography algorithms, and an overhaul in many areas to the random number generators included in OpenSSL.

Python just received a minor version update to Python 3.7 with many new performance enhancements, added features, and module improvements to the language.   One of the existing Python modules in 3.7 that received some nice new enhancements is the ssl module.

One of my favorite sessions I attended at WWDC this year was entitled "Your Apps and Evolving Network Security Standards."  I highly encourage anyone to watch the video who has not already.  It was a session covering all of the latest network security enhancements that Apple is supporting across their platforms.