Monday, December 1, 2008

Security Learninatin.

Saturday I sent some time at Noisebridge talking about Android and its security model. In addition to learning a bunch about Android specific issues, I learned a lot about security in general. I think Saturday was the first time that I patched code I wrote with a specific security issue in mind. Never mind the fact that the "flaw" was really just me being dumb and at worst would result in an attacker DOS'ing my app by violating Facebook API rpc limits.

We discussed a couple of other flaws, one of which has an immediate fix though it may take a bit to implement. The other being one that I'm not willing to discuss yet. :D One thing I learned is that talking about security vulnerabilities is something that should be done with careful consideration of its impact: I'm not willing to expose an exploit in my app yet.