Panel

Rob Napier (twitter github blog)
Andrew Madsen (twitter github blog)
Jaim Zuber (twitter Sharp Five Software)
Charles Max Wood (twitter github Teach Me To Code Rails Ramp Up)

Discussion
00:38 - Rob Napier Introduction

iOS 7 Programming Pushing the Limits by Rob Napier & Mugunth Kumar
RNCryptor

01:30 - Apple and Security
04:21 - Security Concerns

Passwords
Personal Information

06:10 - Prevention

SSL
Verisign

09:50 - Generating Certificates

Rob's Practical Security Talk, Slides and Sample Code from CocoaConf
Rob Napier: Get Security and Privacy Right
PBKDF2

13:05 - Initialization Vector

AES
Cipher Block Chaining (CBC)

16:06 - RNCryptor
17:34 - Formats

OpenSSL
HMAC
AES Crypt

20:55 - Device Encryption
25:28 - Server Security and Storing Passwords

Hashing
Salting
Shor’s Algorithm

37:48 - Breaking Passwords

Rainbow Table
BitTorrent
John the Ripper

41:47 - Keeping Passwords Safe

1Password
LastPass
Convenience and Security

47:35 - Obfuscation

Picks

Use Option as Meta Key in Mac OS X Terminal (Jaim)
iTerm2 (Chuck)
Duct Tape Marketing Revised & Updated: The World's Most Practical Small Business Marketing Guide by John Jantsch (Chuck)
Security Now (Chuck)
Reflections on Trusting Trust by Ken Thompson (Rob)
Coursera: Cryptography I (Rob)
Learn You a Haskell for Great Good: A Beginner's Guide by Miran Lipovača (Rob)

Next Week
AFNetworking with Kevin Harwood
Transcript
 

CHUCK: Hey everybody and welcome to episode 32 of iPhreaks. This week on our panel, we have Andrew Madsen.

ANDREW: Hi from Salt Lake City.

CHUCK: Jaim Zuber.

JAIM: I'm still recovering from the Black Friday deals with the pawn shop. I waited in line for three hours to save $5 on an Xbox 360. Totally worth it.

CHUCK: [Laughs] I'm Charles Max Wood from devchat.tv. And we have a special guest this week and that’s Rob Napier.

ROB: That's right. I'm here in Raleigh, North Carolina.

CHUCK: So do you wanna introduce yourself really quickly for people who don’t know who you are?

ROB: Sure. I'm an iOS and Mac developer. I was a Mac developer before iOS come around in the iPhone. I write the book iOS Pushing The Limits. And I do a lot of work in the security world, so I keep a security cryptography package called RNCrytor, for simplifying cryptography.

CHUCK: Oh, nice. Isn’t that just a bunch of fancy math?

ROB: It is just a lot of fancy math. But it’s easy to do it wrong.

CHUCK: [Chuckles] That’s for sure.

ROB: [Chuckles]

ANDREW: Isn’t that computers? Just fancy math?

ROB: It’s so true. We need more math.

CHUCK: “So easy to do it wrong.” Don’t tell Adobe that.

ROB: [Chuckles]

CHUCK: So, speaking with security with iOS, it seems like Apple does a lot of things to provide you with security. I mean, they have sandboxing and all the other stuff that they do. Do we really need to worry about security when we are programming for the iPhone?

ROB: Oh certainly, yeah. Apple has done a really great job -- I feel -- in iOS. While over the years, there have been various  problems; some of the earliest locks didn’t really work well and early device encryption have trouble, but they’ve improved over the years. But iOS is really the first main stream operating system that came out with least privilege as the default, which was really brilliant, that they said day 1, “You are going to be locked in a  little sandbox and you can't do anything,” which made it very hard to write malware against the iPhone. But it still doesn’t get us off the hook of managing user information carefully. While we may not get infected with the virus, we still have lots of ways that we could leak our customer information.

CHUCK: What are some of those ways? If it’s just a self-contained app and it doesn’t talk to anything else, is that still a risk?

ROB: That's true.