Tag

In many ways this is much worse than the LinkedIn and Facebook Plist vulnerability exposed last week. Both social apps exposed plain text OAuth Tokens which enable a large amount of personal information to be snaffled from accounts, and in the case of Facebook, access any website...

Given the number of requests I’m currently recieving re using the keychain following my post regarding the use of plain text credientials in plists I’ve decided to reprint an excellent series of articles from Use Your Loaf which helped me get to grips with Keychain...

1Password, a cross platform passwords management solution  by Agile Bits snatched the crown for the first app developers to publicly test their own iOS app, own up to having, and subsequently fix the plist vulnerability discussed on my April 3rd Post Re Facebook Credential Theft...

I’ve made posts about various iOS games and the fact that developers, rather than encode add to keychain or save values in the binaries, choose to save those values in plain text plists. The majority of traffic to this site is to the pages relating to using these oversights for...