iOhYes Retired

iOhYes

A podcast by iOS developers for iOS developers, delivering news, tips, and rants for professional iOS/Mac developers, with something for enterprise and indie developers alike.

Hosted by Darryl Thomas and John Sextro.



← Previous Episode   |   Next Episode →

26: Episode 26 - Worm in the Apple

March 7, 2014 at 2:00PM • 54 minutes • Wiki Entry

The News

  1. OmniGroup Open Sources OmniGraphSketcherFree
  2. Flesky, a keyboard app with an SDK
  3. StackMob sudden end of life
  4. New Apple device configuration options

Tweet Shoutouts

  1. @marksands - Unfair to call Flappy Bird Crappy Bird?

The Discussion

  1. Worm in the Apple, Apple TLS bug - Discussion of what this means to support of iOS 6.
    1. Actual Source
    2. What is it? Description of bug, Deep Dive Description
      1. “Note the two goto fail lines in a row. The first one is correctly bound to the if statement but the second, despite the indentation, isn't conditional at all. The code will always jump to the end from that second goto, err will contain a successful value because the SHA1 update operation was successful and so the signature verification will never fail.”
      2. Lack of curly braces on single line conditional to blame, or lack of testing the code?
    3. What does it mean for users?
    4. How could this have happened and gone undiscovered for so long?
  2. Background User Input recording discovered - Reported Monday night. Ars Article
    1. Can you actually infer keyboard touch events?
    2. Potential attackers can use such information to reconstruct every character the victim inputs
      1. Note that the demo exploits the latest 7.0.4 version of iOS system on a non-jailbroken iPhone 5s device successfully
    3. The only way to prevent attacks is to open the iOS task manager and stop questionable apps from running in the background

Picks

John (@johnsextro)

  • MindNode for mind mapping on the Mac and iPad. Allows for document sharing via Dropbox and MyMindNode

Joe Hainline (@josephhainline)

Neem Serra (@teamneem)

  • Ray Wenderlich’s blog - Simplified tutorials that are easy to follow with complex results
  • Xscope - measuring, inspecting & testing on-screen graphics and layouts, $30 but very helpful for making apps match the mocks.  Cool color blindness testing!

Adam Hitt