Richard Taylor

THE SPECTRE OF THE ZYGOTE

Wed 10 January 2018 By Richard Taylor

Category: Threats

In part1 of this blog I provided an overview of the Meltdown and Spectre and in this blog I look at the potential impact for mobile security.

Read More

YOU JUST NEED TO SPECULATE TO EXFILTRATE

Tue 09 January 2018 By Richard Taylor

Category: Threats

There is much to discuss in the wake of the security news flow last week. It was dominated by the Meltdown and Spectre CPU bug announcements — 2018 has certainly got off to an interesting start. In part one of this two part blog I will look at these bugs from a high level. In part two I shine the spotlight on the implications for mobile security, and for Android in particular.

Read More

ARE YOU HUMAN, ROBOT OR JUST IMPATIENT?

Tue 28 November 2017 By Richard Taylor

Category: Integration, Business

Recently I was doing some API analysis on a video sharing app aimed at the teenage market. As is typical in these types of apps, before you can do anything you need to sign up with an account. You’d think that would be straightforward enough, right?

Read More

SWIPE LEFT TO SCRAPE

Tue 02 May 2017 By Richard Taylor

Category: Scrapers, Bots, Threats

Yesterday morning security forums reported news that an AI researcher had published a dataset of 40,000 photos that had been scraped from the dating app Tinder. The purpose was simply to extract a real world data set that can be used for training Convolutional Neural Networks (CNN) to tell the difference between men and women. This seems innocent enough, although the author's choice of variable naming caused a bit of a stir. He quickly changed the variable name "hoe" to "subject" soon after the story broke. Apparently this original naming was inherited from the Tinder Auto-Liker code.

Read More

HOW TO RIDE THE BUS FOR FREE (HACKERS NEED NOT APPLY)

Mon 01 May 2017 By Richard Taylor

Category: Mobile App Authentication

(Image by Cory Doctorow licensed under CC BY 2.0)

Read More

RICHER CLIENT, POORER SECURITY?

Wed 19 April 2017 By Richard Taylor

Category: News, Mobile App Authentication, Threats

(Image courtesy of Steve F)

Read More

GRAND THEFT AUTO IRL: TESLA AND NISSANS INSECURE AUTOMOTIVE APPS

Wed 12 April 2017 By Richard Taylor

Category: Mobile App Authentication, Threats

(Image by Nam-ho Park)

Read More

DIGITAL HEALTHCARE: MU3 AND API SECURITY

Fri 10 March 2017 By Richard Taylor

Category: Integration

There is a revolution underway in healthcare in the USA. At its heart is MU3, Meaningful Use Stage 3 of the Electronic Health Record incentive program. One of the goals of this program is to empower patients and give them greater access to their medical records. Healthcare providers will have a legal responsibility to allow patients to access their data and they also have a responsibility to ensure the security of the data they provide. They have to walk a fine line between ease of access and security, and they have to do it by 2018.

Read More

BANK ACCOUNT AGGREGATION APPS - SETTING BOUNDARIES

Mon 14 November 2016 By Richard Taylor

Category: API Keys, Aggregators, Fintech

In the world of banking, security has always been important and the recent breach at Tesco Bank is a timely reminder. With an increased appetite for regulation in the banking sector and in the realms of data protection it is becoming ever more important for responsible companies to take action to tighten up their defences against the constant threat of data theft and fraud. Regulation is becoming a powerful lever to encourage banks to have robust mechanisms in place to protect their customers. The EU's General Data Protection Regulation (GDPR) raises the possibility of heavy fines if you fail to take steps.

Read More

THE PROBLEM OF API ABUSE

Tue 18 October 2016 By Richard Taylor

Category: Mobile App Authentication, Bots

The number of devices connected to the internet has exploded in recent years as everyone becomes permanently attached to their phone or tablet. As the number of mobile users has increased, there has been movement away from websites towards mobile apps. Large companies can gain more information about users when they use their app, and can also provide a more fully featured experience by offering offline functionality or by making use of the phone’s camera, accelerometer or GPS. Users tend to prefer them as well because they offer a richer experience. 

Read More

Page 1 of 2