Clik here to view.
WhatsApp Retransmission Vulnerability
Last week I already tweeted WhatsApp message not delivered. Contact announces new public key. Auto retransmits messages encrypted under new key. head -> table. That explains this simple bug in the...
View ArticleSecurity: Status Quo
On Tuesday, June 21, 2016, the Commission on Enhancing National Cybersecurity #WHCyberComm met in Berkeley to get input from Industry and others. The main goal of the commission is to produce a...
View ArticleMy Take on The Internet of Things
Right now we are on the way to create a next generation of the Internet, the Internet of Things. The Internet of Things (IoT) will have a huge impact on many aspects of our lives. It will change the...
View ArticleUS Credit Cards Overview
This was written in 2016. If you read this in >= 2018 there is a good chance this is outdated. Usually I don't post commercial stuff. But I think other people moving to the US might find this...
View ArticleApplying for Software Engineering Jobs in the U.S.
I am in the process of applying to some tech companies for the next summer (contact me if you have an open position hehe). Here are some things I experienced and also some tips for the ones also...
View ArticleWhatsApp vulnerability: Bug or Backdoor?
In April last year I reported on a vulnerability in WhatsApp. It now gained public attention as it has not been fixed yet. One question now is: Is it a bug or a backdoor? In other words: Is this flaw...
View ArticleWhat is Facebook going to do? A suggestion.
The WhatsApp retransmission vulnerability has gained a lot of public attention today led by an article published by The Guardian. So what can Facebook (the owner of WhatsApp) do now? I think chances...
View ArticleA response to the denials from moxie and WhatsApp
This post is a direct response to moxie's post, hence the original title "There is a WhatsApp Backdoor", which I have changed now because I find the "Backdoor vs. Vulnerability" discussion...
View ArticleFeelings
The WhatsApp vulnerability debate got quite heated up and polarized people. I wish I could have had this debate with the Facebook Security Team in Whitehat Report #1008534892515816. In private, without...
View ArticleWhere to store your auth token? Cookie or JS? Both!
In the security community, there is a contention on whether an auth token (think OAuth access_token, JSESSIONID, ...) should be stored inside a cookie or if should live within javascript, so e.g. a...
View Article
