the spirit is weak. woe be the spirit. the body is weaker still. Siërra R
.
ask me about horses
.


somewhere on website league
username will be botflymother
really if you wanna find me just look for botfly mother
gonna keep that name around for a good while

hellgnoll
@hellgnoll

* this article has solidified a thought i was having trouble articulating until now

* the thing about web apps is that tons of people know how to pentest them, like that's literally what "script kiddies" refers to

* but mobile apps, especially on iOS, are such a closed ecosystem that actually you can get away with writing less secure software, because it's way less likely that a 16-year-old may try to break it

* i think we should inherently distrust the security of anything that is only an app.


You must log in to comment.

in reply to @hellgnoll's post:

From experience, this is quite true I was shocked when it turned out an iOS game I decompiled didn't check the certificate when doing HTTPS requests. Like at all. You could supply a completely invalid certificate and it would blindly accept requests.

Pinned Tags