"iOS Security" - Link- und Literaturverzeichnis

Dipl.-Inform. Carsten Eilers

Startseite

Über mich

Angebotsspektrum

Konferenzen

Texte

About Security
Online-Artikel
Magazin-Artikel
PHP Magazin Workshops
Aktuelle Bücher
Ältere Bücher

Advisories

zum Blog ...

Impressum

Datenschutzerklärung

 

"iOS Security" - Link- und Literaturverzeichnis

Zurück

A

• [AB42_13] Beschreibung der Archivbombe 42.zip
• [Amit_13] Yair Amit, Skycure Blog: "Malicious Profiles – The Sleeping Giant of iOS Security"
• [Amit_13.1] Yair Amit, Skycure Blog: "HTTP Request Hijacking"
• [Appl_93] Apple: "socketpair -- create a pair of connected sockets"
• [Appl_94] Apple: "getsockopt, setsockopt -- get and set options on sockets"
• [Appl_10] Apple: "NSKeyedUnarchiverDelegate Protocol Reference: unarchiver:didDecodeObject:"
• [Appl_12] Apple: "iOS Security"; Version vom Oktober 2012 (PDF)
• [Appl_12.1] Apple: "iPhone-Konfigurationsprogramm"
• [Appl_12.2] Apple: "iPhone-Konfigurationsprogramm - Einstellungen im Bereich "Einschränkungen""
• [Appl_12.3] Apple: "Secure Coding Guide"
• [Appl_12.4] Apple: "Cryptographic Services Guide"
• [Appl_12.5] Apple: "Certificate, Key, and Trust Services Reference"
• [Appl_12.6] Apple: "Keychain Services Programming Guide"
• [Appl_13] Apple: "Konfiguration des VPN-Servers für iOS-Geräte"
• [Appl_13.1] Apple: "iOS: Supported Bluetooth profiles"
• [Appl_13.2] Apple: "iPhone 5s: About Touch ID security"
• [Appl_13.3] Apple: "Entitlement Key Reference"
• [Appl_13.4] Apple: "App Distribution Guide: Adding Capabilities"
• [Appl_13.5] Apple: "In-App Purchase Programming Guide"
• [Appl_13.6] Apple: "Receipt Validation Programming Guide"
• [Appl_13.7] Apple: "Local and Push Notification Programming Guide"
• [Appl_13.8] Apple: "iOS App Programming Guide: App States and Multitasking"
• [Appl_13.9] Apple: "iOS App Programming Guide: Advanced App Tricks - Communicating with Other Apps"
• [Appl_13.10] Apple: "NSFileManager Class Reference"
• [Appl_13.11] Apple: "Keychain Services Reference"
• [Appl_13.12] Apple: "Keychain Services Programming Guide: Keychain Services Tasks for iOS"
• [Appl_13.13] Apple: "Networking Overview: Making HTTP and HTTPS Requests"
• [Appl_13.14] Apple: "Networking Overview: Using Sockets and Socket Streams"
• [Appl_13.15] Apple: "URL Loading System Programming Guide"
• [Appl_13.16] Apple: "URL Loading System Programming Guide: Authentication Challenges and TLS Chain Validation"
• [Appl_13.17] Apple: "Networking Programming Topics: Overriding TLS Chain Validation Correctly"
• [Appl_13.18] Apple: "Apple Knowledge Base: iOS 7"
• [Appl_13.19] Apple - iOS 7 - Business
• [Appl_13.20] Apple: "iOS App Programming Guide: Advanced App Tricks - Protecting Data Using On-Disk Encryption"
• [Appl_13.21] Apple: "NSObject Class Reference: awakeAfterUsingCoder:"
• [Appl_13.22] Apple: "CFStream Reference: CFStreamCreatePairWithSocket"
• [Appl_13.23] Apple: "iOS App Programming Guide - Advanced App Tricks: Supporting AirDrop"
• [Appl_13.24] Apple: "iOS: Using AirDrop"
• [Appl_13.25] Apple: "iOS Technology Overview: Core OS Layer - Generic Security Services Framework"
• [Appl_13.26] Apple: "iOS Technology Overview: Core OS Layer - Security Framework"
• [Appl_13.27] Apple: "Certificate, Key, and Trust Services Programming Guide"
• [Appl_13.28] Apple: "Randomization Services Reference"
• [Appl_13.29] Apple: "Secure Transport Reference"
• [AppS_13] AppSec Labs iNalyzer

B

• [Bele_11] Andrey Belenko, Black Hat USA 2011: "Overcoming iOS Data Protection to Re-enable iPhone Forensic"
• [BeSk_11] Andrey Belenko, Dmitry Sklyarov; Black Hat Abu Dhabi 2011: "Evolution of iOS Data Protection and iPhone Forensics: from iPhoneOS to iOS 5"
• [BeSk_12] Andrey Belenko, Dmitry Sklyarov; Black Hat Europe 2012:""Secure Password Managers" and "Military-Grade Encryption" on Smartphones: Oh Really?"

C

• [Chan_12] Mark Chang: "Hipster uploads part of your iPhone address book to its servers"
• [Clul_09] Graham Cluley, Sophos: "Hacked iPhones held hostage for 5 Euros"
• [Clul_09.1] Graham Cluley, Sophos: "First iPhone worm discovered - ikee changes wallpaper to Rick Astley photo"
• [Clul_09.2] Graham Cluley, Sophos: "Worm author tells media he initially infected 100 iPhones"
• [Clul_09.3] Graham Cluley, Sophos: "Tool for hacking jailbroken iPhones discovered"
• [Clul_09.4] Graham Cluley, Sophos: "Lightning strikes again: iPhone malware gets truly malicious"
• [Clul_10] Graham Cluley, Sophos: "8000 iPhone and Android users duped into joining smartphone botnet"
• [Clul_10.1] Graham Cluley, Sophos: "Surveillance firm sells Apple iPad spyware"
• [Clul_10.2] Graham Cluley, Sophos: "JailbreakMe: Security warning for iPhone and iPad owners"
• [Clul_10.3] Graham Cluley, Sophos: "JailbreakMe: Apple issues emergency iPhone/iPad security patch"
• [Clul_11] Graham Cluley, Sophos: "JailBreakMe site rings security alarm for iPhone and iPad users"
• [Crai_12] Paul Craig, SyScan Singapore 2012: "iOS Applications - Different Developers Same Mistakes" (ZIP-Archiv)

D

• [DeEl_12] Bobby DeSimone, Scott Ellis; eEye Digital Security: "Mobile Pwn2Own Exploits in Action ¦ Mobile Monday Update"
• [Dhan_11] Nitesh Dhanjani, Black Hat Europe 2011: "New Age Attacks Against Apple's iOS (and Countermeasures)" (Präsentation (der Link in der Beschreibung ist falsch) als PDF)
• [DoMa_12] Mark Dowd, Tarjei Mandt; Hack in the Box 2012 Malaysia: "iOS 6 Security" (Präsentation dazu als PDF)
• [Duck_09] Paul Ducklin, Sophos: "How to clean up the Duh iPhone worm"
• [Duck_12] Paul Ducklin, Sophos: "Apple's App Store bypassed by Russian hacker, leaving developers out of pocket"

E

• [Eile_10] Carsten Eilers: "Drive-by-Infektionen - Gefahren drohen überall"
• [Eile_11] Carsten Eilers: "Onlinebanking: Cyberkriminelle reagieren auf Chip- und SMS-TAN"
• [Eile_11.1] Carsten Eilers: "Digitale Schutzimpfung"
• [Eile_11.2] Carsten Eilers: "Apples Umgang mit Schwachstellen und deren Entdeckern"
• [Eile_11.3] Carsten Eilers: "Trojaner - Der Feind im harmlosen Programm"
• [Eile_11.4] Carsten Eilers: "Trojaner - Die Geschichte digitaler Holzpferde"
• [Eile_11.5] Carsten Eilers: "Kritische Schwachstellen, Schadsoftware - und Apple steckt den Kopf in den Sand"
• [Eile_12] Carsten Eilers: "Apple geg. Kaspersky, Angreifer geg. PHP, Irgendwer geg. den Iran, und mehr"
• [Eile_12.1] Carsten Eilers: "Kommentare zum DNS-Changer, der ersten "Schadsoftware" in Apples App Store und mehr"
• [Eile_12.2] Carsten Eilers: "Virenscanner ignorieren einen Schädling, und Facebook überwacht Chats"
• [Eile_12.3] Carsten Eilers: "HTML5 Security - Eine Einführung"
• [Eile_12.4] Carsten Eilers: "Man-in-the-Middle-Angriffe auf HTTPS"
• [Eile_12.4] Carsten Eilers: "SQL-Injection im Schnelldurchlauf"
• [Eile_13] Carsten Eilers: "Websecurity - Angriffe über Logikfehler, Teil 2"
• [Eile_13.1] Carsten Eilers: "Websecurity - Logikfehler in der Authentifizierung"
• [Eile_13.2] Carsten Eilers: "Websecurity - Logikfehler in der Authentifizierung und auf der Flucht"
• [Eile_13.3] Carsten Eilers: "Authentifizierung: Ein Faktor reicht nicht (mehr)"
• [Eile_13.4] Carsten Eilers: "Schutzmaßnahmen: Canary und DEP gegen Pufferüberlauf-Schwachstellen"
• [Eile_13.5] Carsten Eilers: "Schutzmaßnahmen: ASLR gegen Pufferüberlauf-Schwachstellen"
• [Eile_13.6] Carsten Eilers: "Gefährliche Peripherie: USB - Bösartige Ladegeräte"
• [Eile_13.7] Carsten Eilers: "HTTP Request Hijacking - Ein neuer Angriff unter der Lupe"
• [Eile_13.8] Carsten Eilers: "HTTP Request Hijacking - Kein Grund zur Panik!"
• [ELDV_12] Justin Engler, Seth Law, Joshua Dubik, David Vo; Black Hat USA 2012: "iOS Application Security Assessment and Automation: Introducing SiRa"
• [Esse_11] Stefan Esser, Black Hat USA 2011: "Exploiting the iOS Kernel"
• [Esse_12] Stefan Esser, CanSecWest 2012: "iOS5 - An Exploitation Nightmare?" (PDF)
• [Esse_12.1] Stefan Esser, SyScan Singapore 2012: "iOS Kernel Heap Armageddon" (ZIP-Archiv)
• [Esse_12.2] Stefan Esser, Black Hat USA 2012: "iOS Kernel Heap Armageddon revisited"
• [Esse_13] Stephan Esser, CanSecWest 2013: "iOS6.1 - Exploitation 280 Days Later" (PDF)
• [Esse_13.1] Stefan Esser, SyScan'13 Singapore: "Mountain Lion/iOS Vulnerability Garage Sale" (Präsentation als PDF, Whitepaper als PDF)
• [evad_13] evad3rs: evasi0n - iOS 6.0-6.1.2 Jailbreak
• [evad_13.1] evad3rs auf Twitter: "Still working hard on the iOS7 ..."

F

• [FIPS_46-3] Federal Information Processing Standards Publication 46-3, Data Encryption Standard (DES) (PDF)
• [FIPS_180-2] Federal Information Processing Standards Publication 180-2, Secure Hash Standard (PDF)
• [FIPS_180-4] Federal Information Processing Standards Publication 180-4 Secure Hash Standard (SHS) http://csrc.nist.gov/publications/PubsFIPS.html#fips180-4
• [FIPS_197] Federal Information Processing Standards Publication 197: Specification for the ADVANCED ENCRYPTION STANDARD (AES) (PDF)
• [Fish_11] Dennis Fisher, ThreatPost.com: "iPhone, BlackBerry Fall on Second Day of Pwn2Own"

G

• [Gore_12] Brian Gorenc, Tipping Point DVLabs: "Mobile Pwn2Own 2012"
• [Gore_12.1] Brian Gorenc, Tipping Point DVLabs: "EUSecWest Mobile Pwn2Own 2012 Recap"
• [Goud_13] Heather Goudey: "Keen Team exploits Safari in mobile browser category"
• [Goud_13.1] Heather Goudey: "Mobile Pwn2Own Tokyo 2013 – Crash bang boom"
• [Gupt_12] Prashant Gupta, McAfee: "Windows 8 Metro Brings New Security Risks"

H

• [HaXi_12] Xu Hao, Chen Xiaobo; SyScan360: "Find your own iOS kernel bug" (ZIP-Archiv)
• [HiCB_12] Joshua Hill, Cyril, Nikias Bassen; Hack in the Box 2012 - Amsterdam: "Part 1: Corona Jailbreak for iOS 5.0.1" (Präsentation als PDF)
• [HiCB_12.1] Joshua Hill, Cyril, Nikias Bassen; Hack in the Box 2012 - Amsterdam: "Part 2: Absinthe Jailbreak for iOS 5.0.1" (Präsentation als PDF)
• [HITB_12] "iOS Jailbreak Dream Team releases Absinthe 2.0 – iOS 5.1.1 Jailbreak at #HITB2012AMS"
• [Holt_12] Kris Holt, Daily Dot: "Hackers take over Gizmodo's Twitter"
• [Hona_12] Mat Honan: "Yes, I was hacked. Hard."
• [Hona_12.1] Mat Honan, Wired: "How Apple and Amazon Security Flaws Led to My Epic Hacking"
• [Hona_12.2] Mat Honan, Wired: "Mat Honan: How I Resurrected My Digital Life After an Epic Hacking"
• [HP_13] Mobile Pwn2Own 2013

I

• [IEEE_802.1X] IEEE 802.1X-2004 - Port Based Network Access Control (PDF)
• [Info_12] Infosecurity Magazine: "Many iOS apps access personal data without user permission"
• [IoKW_10] Vincenzo Iozzo, Tim Kornau, Ralf-Philipp Weinmann; Black Hat US 2010: "Everybody be cool this is a roppery!"
• [iOSDL_InApp] iOS Developer Library: "In-App Purchase Receipt Validation on iOS"
• [Iozz_10] Vincenzo Iozzo: "ROP and iPhone"
• zzzzzzzzzzzzzzzzzz
• zzzzzzzzzzzzzzzzzz
• zzzzzzzzzzzzzzzzzz
• zzzzzzzzzzzzzzzzzz
• zzzzzzzzzzzzzzzzzz
• zzzzzzzzzzzzzzzzzz
• zzzzzzzzzzzzzzzzzz
• zzzzzzzzzzzzzzzzzz
• zzzzzzzzzzzzzzzzzz
• zzzzzzzzzzzzzzzzzz

J

• [Jarn_08] Jarno, F-Secure: "Trojan Software for iPhone"

K

• [Kata_13] Vladimir Katalov, CanSecWest 2013: "Cracking and Analyzing Apple iCloud backups, Find My iPhone, Document Storage" (PPT-Datei)

L

• [LaJS_13] Billy Lau, Yeongjin Jang, Chengyu Song; Black Hat USA 2013: "Mactans: Injecting malware into iOS devices via malicious chargers"

M

• [Masl_12] Denis Maslennikov, Securelist: "Find and Call: Leak and Spam"
• [MaZa_11] Federico Maggi, Stefano Zanero, Alberto Volpatto: Black Hat Abu Dhabi 2011: "iSnoop: How to Steal Secrets From Touchscreen Devices"
• [Micr_13] Microsoft: Benefits of the SDL
• [MiIo_09] Charlie Miller, Vincenzo Iozzo; Black Hat Europe 2009: "Fun and Games with Mac OS X and iPhone Payloads" (Link zur Präsentation (der angegebene ist falsch) als PDF)

N

• [Nara_12] Ryan Naraine: "Mobile Pwn2Own: iPhone 4S hacked by Dutch team"

O

• [One_96] Aleph One: "Smashing The Stack For Fun And Profit", Phrack 49, Volume 7, Issue 49
• [OWAS_12] OWASP - Web Service Security Cheat Sheet
• [OWAS_13] OWASP Mobile Security Project - Top Ten Mobile Risks
• [OWAS_13.1] OWASP - iOS Developer Cheat Sheet

P

• [pod2_12] pod2g: "Details on Corona"
• [Port_10] Aaron Portnoy, Tipping Point DVLabs: "Pwn2Own 2010"
• [Port_11] Aaron Portnoy, Tipping Point DVLabs: "Announcing Pwn2Own 2011"

R

• [Rama_13] Vivek Ramachandran, Black Hat Europe 2013: "Advanced iOS Application Pentesting"
• [Rena_12] Mathieu Renard, Hack.LU2012: "GOTO:Hack iOS applications - Does your company data are safe when stored on iDevices?" (Präsentation als PDF)
• [RFC_1321] RFC 1321 - The MD5 Message-Digest Algorithm
• [RFC_2616.1] RFC 2616 - Hypertext Transfer Protocol -- HTTP/1.1, Section 10.3.2: "301 Moved Permanently"
• [RFC_2617] RFC 2617 - HTTP Authentication: Basic and Digest Access Authentication
• [RFC_2743] RFC 2743 - Generic Security Service Application Program Interface Version 2, Update 1
• [RFC 3280] RFC 3280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
• [RFC_3394] RFC 3394 - Advanced Encryption Standard (AES) Key Wrap Algorithm
• [RFC_3852] RFC 3852 - Cryptographic Message Syntax (CMS)
• [RFC_4346] RFC 4346 - The Transport Layer Security (TLS) Protocol Version 1.1
• [RFC_4401] RFC 4401 - A Pseudo-Random Function (PRF) API Extension for the Generic Security Service Application Program Interface (GSS-API)
• [RFC_5246] RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2
• [RFC_5545] RFC 5545 - Internet Calendaring and Scheduling Core Object Specification (iCalendar)
• [RFC_6101] RFC 6101 - The Secure Sockets Layer (SSL) Protocol Version 3.0
• [RFC_6194] RFC 6194 - Security Considerations for the SHA-0 and SHA-1 Message-Digest Algorithms
• [RFC_6151] RFC 6151 - Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms
• [RFC_6234] RFC 6234 - US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)
• [RFC_6347] RFC 6347 - Datagram Transport Layer Security Version 1.2
• [Reso_13] Resource Programming Guide: Nib Files
• [RiSA_78] Ronald L. Rivest, Adi Shamir, Leonard Adleman: "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems" (PDF)
• [RSA_12] RSA Laboratories: PKCS #5: Password-Based Cryptography Standard

S

• [sara_12] sarah, Fortify Off by On Blog: "Format Strings: Is Objective-C Objectively Safer?"
• [Schn_98] Bruce Schneier: Yarrow
• [Schu_11] David Schuetz, Black Hat USA 2011: "Inside Apple's MDM Black Box"
• [scut_01] scut / team teso: "Exploiting Format String Vulnerabilities", v 1.2, 1.9.2001 (PDF)
• [SDL_13] Microsoft: Microsoft Security Development Lifecycle
• [SDL1_13] Microsoft: Simplified Implementation of the Microsoft SDL
• [SDLP1_13] Microsoft: SDL Process: Training
• [SDLP2_13] Microsoft: SDL Process: Requirements
• [SDLP3_13] Microsoft: SDL Process: Design
• [SDLP4_13] Microsoft: SDL Process: Implementation
• [SDLP5_13] Microsoft: SDL Process: Verification
• [SDLP6_13] Microsoft: SDL Process: Release
• [SDLP7_13] Microsoft: SDL Process: Response
• [Seri_10] Nicolas Seriot; Black Hat DC 2010: "iPhone Privacy"
• [Seri_10.1] Nicolas Seriot: SpyPhone
• [ShAm_13] Adi Sharabani, Yair Amit: RSA Conference Europe 2013: "Did You Read The News? Http Request Hijacking"
• [SP_800-38A] NIST Special Publication 800-38A: Recommendations for Block Cipher Modes of Operation - Methods and Techniques
• [SP_800-38D] NIST Special Publication 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
• [SP_800-121] NIST Special Publication 800-121 Rev. 1: Guide to Bluetooth Security
• [Stoc_11] Mark Stockley, Sophos: "Apple lets malware into App Store"

T

• [Tami_13] Chilik Tamir, Hack in the Box Amsterdam 2013: "iNalyzer: An End to Blackbox iOS Analysis" (Präsentation als PDF)
• [TC_13] Microsoft: Trustworthy Computing
• [Tham_12] Arun Thampi: "Path uploads your entire iPhone address book to its servers"

W

• [Whee_03] David A. Wheeler: "Secure Programming for Linux and Unix HOWTO", v3.010, 3. März 2003
• [Wiki_13] Wikipedia: "Pwn2Own-Wettbewerb auf der CanSecWest"
• [Wiki_13.1] Wikipedia: "Wear leveling"
• [Wisn_09] Chester Wisniewski, Sophos: "Another iPhone worm - and this time it's malicious"
• [Wisn_10] Chester Wisniewski, Sophos: "Jailbreakme.com flaw not a PDF vulnerability"
• [Wisn_11] Chester Wisniewski, Sophos: "Apple releases iOS 4.3.4/4.2.9 to fix JailBreakMe.com flaw"
• [Wisn_12] Chester Wisniewski, Sophos: "Apple to respond to Congressional inquiry, but are guidelines enough?"
• [WLLS_13] Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, Wenke Lee; 22nd USENIX Security Symposium, August 2013: "Jekyll on iOS: When Benign Apps Become Evil" (PDF)

Z

• [Zovi_11] Dino Dai Zovi, Black Hat USA 2011: "Apple iOS Security Evaluation: Vulnerability Analysis and Data Encryption"
• [Zdzi_12] Jonathan Zdziarski, Black Hat USA 2012: "The dark art of iOS application hacking"

Zurück

---

Webmaster, webmaster@ceilers-it.de

Letzte Änderung: 06.07.2017, 14:39