Tweets from October 2014

RT @karimyaghmour: OHA/vulnerabilities question makes it to android-security-discuss: https://t.co/g7TQiBqX6d CC @TeamAndIRC @jduck @pof @alsutton @droidsec

7:54pm October 31st 2014 via Falcon Pro

RT @runasand: In which @RogerDingledine explains how Facebook generated facebookcorewwwi.onion: https://t.co/Q95RwGISji

7:50pm October 31st 2014 via Falcon Pro

RT @xdadevelopers: Add Frequency Bands to Your Qualcomm Device http://t.co/7JbDmrlrXr

7:47pm October 31st 2014 via Falcon Pro

RT @Mobile_Sec: Another great presentation, Man In the Binder: Paper: https://t.co/KjzTkmuuxW Slides: https://t.co/VKUnbNEEH4 by @NitayArt & Idan Revivo

7:44pm October 31st 2014 via Falcon Pro

RT @Mobile_Sec: Great Work! Hide Android Apps In Images: Slide: https://t.co/uVvTlrECfb Paper: https://t.co/gkuieahgzi by @angealbertini & @cryptax

7:43pm October 31st 2014 via Falcon Pro

RT @Mobile_Sec: Great Collection: Android Malware Analysis Tools: http://t.co/gFhtRQwGng

7:41pm October 31st 2014 via Falcon Pro

RT @AndroidTamer: DroidTracer : http://t.co/5Ik91JMNc5 Intercepting Android without platform changes. Need Root and kernel module.

4:46pm October 31st 2014 via Falcon Pro

RT @AndroidTamer: Analysis of Malware exploiting android icon processing flaw : http://t.co/h3nrMgdNSi via @cheetahGlobal

4:45pm October 31st 2014 via Falcon Pro

RT @AndroidTamer: Mobile Security Bundlr : by @simps0n curated mobile security news : http://t.co/3T5sGoLI4x #mobile #security

4:41pm October 31st 2014 via Falcon Pro

RT @AndroidTamer: Malware’s have started leveraging xposed framework . Be careful while downloading modules: http://t.co/rPNqhumnAp (non-english)

4:38pm October 31st 2014 via Falcon Pro

RT @AndroidTamer: A Systematic Security Evaluation of Android's Multi-User Framework : http://t.co/aDONLtPeKa : PDF link : http://t.co/7PM6V2lPLd via @rifec

4:37pm October 31st 2014 via Falcon Pro

Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services - [PDF] http://t.co/04WyuheXAk

8:07am October 29th 2014 via Twitter Web Client

RT @againsthimself: #SnapdraCon 2015 QCOM Mobile Security Summit, 4/30-5/1, San Diego. If interested in speaking or attending, reach out to request an invite.

8:06am October 29th 2014 via Twitter Web Client

RT @virqdroid: Android apps that fail to validate SSL - https://t.co/JYLKJc7BuW [list]

8:05am October 29th 2014 via Twitter Web Client

A sweet Lollipop, with a kevlar wrapping: New security features in Android 5.0 - http://t.co/TmbdsRQGgl

4:19pm October 28th 2014 via Twitter for Websites

RT @adi1391: #AppWatch - the cloud based Android security scanner is open to public. Register and scan your apps at http://t.co/NJyFA8KYW7 for free.

2:46pm October 27th 2014 via Falcon Pro

If you haven't followed up, Samsung's reply to the KNOX drama: https://t.co/rnhomSaIHF and Ares' reply to the reply: http://t.co/eppWxIiDkD

8:48am October 27th 2014 via Twitter Web Client

@jduck congrats!! enjoy every moment :D

7:22pm October 26th 2014 via Falcon Pro in reply to jduck

RT @lcamtuf: OK, PSA: just don't run 'strings' on untrusted files: http://t.co/un7uPwYez4

8:54pm October 25th 2014 via Falcon Pro

RT @collinrm: Mobile Security News Update Oct 2014 (I've been slacking of due to other work stuff!) http://t.co/XTIYuQTE2q

4:27pm October 24th 2014 via Falcon Pro

RT @j4istal: How trustable is your Android device? Do you even know? Bluebox Labs just released a free app for you to find out! https://t.co/tQfApmBlQ7

12:44pm October 24th 2014 via Falcon Pro

RT @Gunther_AR: Android UXSS阶段性小结及自动化测试 - http://t.co/ycj5rOGHPm

12:41pm October 24th 2014 via Falcon Pro

RT @hack_lu: SherlockDroid, an Inspector for Android Marketplaces slides are now online http://t.co/i7YSNGa2XH given by @cryptax at @hack_lu

12:38pm October 24th 2014 via Falcon Pro

RT @Seifreed: Python POC AngeCryption=Hiding a malicious Android APK in images as evasion method #malware #cybersecurity http://t.co/yxQ4HP6zt3

12:38pm October 24th 2014 via Falcon Pro

@MordodeMaru si :D tiene muy buena pinta, gracias!

9:25pm October 23rd 2014 via Falcon Pro in reply to MordodeMaru

Why Samsung Knox isn't really a Fort Knox - http://t.co/0SZQ34EPVC (via @marcograss)

11:32am October 23rd 2014 via Twitter for Websites

RT @FreedomCoder: Android NFC hack allow users to have free rides in public transportation https://t.co/Aoq6TZqrHO via @feedly

7:27am October 22nd 2014 via Falcon Pro

RT @jduck: At #droidconUK and interested in Android security? Check out the Android Hacker's Handbook! http://t.co/KX9meHkjDr

7:25am October 22nd 2014 via Falcon Pro

Alleged RCE in Android CTS by locally modifying an XSL file - http://t.co/KaILxYDae6 (see also reply from Nick Kralevich)

2:23pm October 21st 2014 via Twitter Web Client

RT @AndroidTamer: Cryptolint tool based on Androguard to identify cryptographic flaws https://t.co/MciUNI8Ssc thanks to @sunnyrockzzs for pointing to it.

12:02pm October 21st 2014 via Falcon Pro

RT @carlosacastillo: Man in the Binder: He Who Controls IPC, Controls the Droid [Slides] http://t.co/eLCP5cirtr [Paper] http://t.co/dQvGH6qqgK

11:55am October 21st 2014 via Falcon Pro

RT @dennismantz: My #hackrf spectrum analyzer for Android is now available on GitHub: https://t.co/CMhWElYFlT Also see my blog: http://t.co/XrTJmb33Ow

11:54am October 21st 2014 via Falcon Pro

RT @kapitanpetko: It does seem that only system apps can provide trust agents though. #android #lollipop http://t.co/GHsbVg7jvQ

11:53am October 21st 2014 via Falcon Pro

RT @kapitanpetko: Smart Lock now works in #lollipop , but no details on exactly how smart (or secure) it is (yet?). http://t.co/QKSmv3POho

11:53am October 21st 2014 via Falcon Pro

RT @cryptax: Android security is not useless (hiding apk in img) 1/ app permissions to be requested 2/ DexClassLoader &co works only < Android 4.4.2

11:50am October 21st 2014 via Falcon Pro

RT @ChainfireXDA: Here's some more info on the LPX13D root and SELinux on L. Devs should probably read. https://t.co/HLZt9ggPCG

11:44am October 21st 2014 via Falcon Pro

RT @vince2_: SSLsplit - transparent and scalable SSL/TLS interception (SSLsplit) http://t.co/bNDXFNxmtV

11:42am October 21st 2014 via Falcon Pro

RT @jduck: Disable all Trusted CA CERTs on Android 4.x and later (requires root) https://t.co/DSPU9qRMVU cc @j4istal @timstrazz @TeamAndIRC @pof

12:11am October 20th 2014 via Falcon Pro

RT @jduck: Updating the system browser engine regularly closes a huge gap in Android security. Kudos to everyone that made it happen.

1:44pm October 18th 2014 via Falcon Pro

RT @Techmeme: Kill switch in Android Lollipop is opt-in, making it a less effective theft deterrent http://t.co/yGaTuzq5no http://t.co/OvVk7rN82q

1:41pm October 18th 2014 via Falcon Pro

RT @alsutton: So the Chrome version which backs the WebView in #Lollipop can be updated via the Play Store... Wondering how clean the API is :)

8:26am October 18th 2014 via Falcon Pro

RT @AndroidPolice: [Lollipop Feature Spotlight] Two-Factor Authentication Is Finally Built In To The Setup Process http://t.co/9QYmKn7PKb

8:26am October 18th 2014 via Falcon Pro

RT @billpollock: Android Security Internals. Just picked this up at my hotel. Looks amazing! @kapitanpetko http://t.co/RdzIpHwe4w

8:25pm October 17th 2014 via Falcon Pro

RT @0xroot: Breaking Mobile Secure Applications - http://t.co/wR8lvZ0xNb

8:24pm October 17th 2014 via Falcon Pro

RT @antitree: Really good research on what exactly the threat of the baseband is. We know it's bad but this is why. https://t.co/rMz5Jrifdb

7:40pm October 17th 2014 via Falcon Pro

RT @Amon_RA: @PaulOBrien it's actually a non embedded eUICC... the standards for remotely provisioning these has been there for a while.

7:38pm October 17th 2014 via Falcon Pro

RT @alsutton: So far I've not been able to determine if the #Android #Lollipop "factory reset protection" covers someone doing a recovery or fastboot wipe

7:35pm October 17th 2014 via Falcon Pro

RT @msolnik: @thegrugq @windsheep_ http://t.co/nI9PC6UB5x no big deal just OTA code exec on almost all platforms... Including IOS. The mob is fickle.

7:35pm October 17th 2014 via Falcon Pro

RT @Thus0: #BHEU how to encrypt an apk so it looks like a valid png, with a few tricks and #angeCryption. http://t.co/SY4kmQ1wms

7:30pm October 17th 2014 via Falcon Pro

RT @cryptax: that's the code of the PoC in our talk: https://t.co/ogQBkBn2fc, and that's @angealbertini angecryption tool: http://t.co/SqpeWU4mTm #BHEU

7:28pm October 17th 2014 via Falcon Pro

RT @AndroidPolice: Android Lollipop Will Come With Factory Reset Protection That Makes Stolen Phones Useless http://t.co/fc5pN2g7J4

6:22pm October 17th 2014 via Falcon Pro

p2p across NAT: http://t.co/Ug0mLfLXu3 & UDP Hole Punching PoC code in python: https://t.co/GVJsyuxrbj

1:43pm October 14th 2014 via Twitter Web Client

@TeamAndIRC look at ubiquity or mikrotik, different models depending on your needs.

7:18am October 13th 2014 via Falcon Pro in reply to TeamAndIRC

RT @AndroidTamer: Yet Another CSP Bypass on Android prior to 4.4 : http://t.co/qh4fcCrao1 #fullDisclosure #nottested

7:16am October 13th 2014 via Falcon Pro

RT @j4istal: The code that caused the Android FakeID bug was created/contributed to Apache Harmony by Intel in late 2005 http://t.co/1whLEuJqxx

7:09am October 13th 2014 via Falcon Pro

RT @Mobile_Sec: EVOLUTION OF ANDROID EXPLOITS FROM A STATIC ANALYSIS TOOLS PERSPECTIVE slides: https://t.co/RuVpppZQLS

7:01am October 13th 2014 via Falcon Pro

RT @virqdroid: How to patch CVE-2014-3500: quick fix of the latest Cordova vulnerability - http://t.co/UyMUKcizvW

6:56am October 13th 2014 via Falcon Pro

RT @marcograss: The slides for my talk "Reverse Engineering of a commercial spyware for iOS and Android" - https://t.co/4ck8Dz3EmQ #HackInBo

4:54pm October 11th 2014 via Falcon Pro

@scottyab @ahoog42 @marcograss hahaha i swear I have nothing to do with it :D nice work Marco!

4:54pm October 11th 2014 via Falcon Pro in reply to scottyab

Android L, SELinux and Root Apps - http://t.co/cbyN3Nsj0h Interesting write-up about Position Independent Executables (PIE) in Android L

10:30am October 7th 2014 via Twitter Web Client

RT @antitree: Xposed module that adds PGP support to the builtin Android client. Pretty crazy idea. https://t.co/zAeaR8IeWD

3:56pm October 6th 2014 via Falcon Pro

RT @kapitanpetko: Revisiting Android disk encryption http://t.co/D6nTJnkWYz

6:42am October 6th 2014 via Falcon Pro

RT @AndroidPolice: You Can Run Windows 95 On Android Wear, If You're Patient, Methodical, And Slightly Insane http://t.co/44ADBOuoav

6:41am October 6th 2014 via Falcon Pro

RT @gtvhacker: Check out the video from our DC-22 presentation "Hack All The Things" where we released root methods for 22 devices. https://t.co/tR2XfEgBIE

7:50pm October 3rd 2014 via Falcon Pro

RT @AndroidTamer: Another Android AOSP SOP (Same Origin Policy) Bypass : http://t.co/XvARiseJEz

12:42pm October 3rd 2014 via Falcon Pro

RT @AndroidPolice: Chrome APK Packager Gets Booted From The Play Store, Re-Posted As ARChon Packager http://t.co/30YgGsuX0q

12:41pm October 3rd 2014 via Falcon Pro

RT @AndroidTamer: 2 New Attack Vectors to Aggravate the Android addJavascriptInterface RCE Issue (CVE-2014-7224) - https://t.co/wvuppZkmc9 : via : @Gunther_AR

12:33pm October 3rd 2014 via Falcon Pro

RT @Technologeeks: Bindump - Display #Android Framework service users/owner PIDs - from Levin's #Internals book: http://t.co/ZqQqkiXQWs http://t.co/WyNJPaPmP6

12:32pm October 3rd 2014 via Falcon Pro

RT @Technologeeks: imgtool - For extracting #Android system & boot(kernel+ramdisk) images - from Levin's upcoming #internals book: http://t.co/Ut1X3tiuFk

12:32pm October 3rd 2014 via Falcon Pro

RT @mmastrac: Collection of POC exploits/CVEs of Shellshock vulns: https://t.co/8UcT8odUQv TL;DR: there's a lot. We're screwed.

9:06am October 1st 2014 via Falcon Pro