Android's Security Policy Is: "All Or Nothing"

This is the essay about the biggest and the most successful infosec profanation campaign in the world. It undermines the very idea of security awareness in each and every aspect, and it does so very subtly too. Initially I wanted to tell you how this profanation works and why it would be successful at cleansing users' minds from any security related thoughts; today I have upgraded my test-bunny Android device and realized that my «prediction» is getting late — Android has entered the final stage of the campaign: after the applications succeeded at damaging users' security awareness, the core system itself openly stepped into the battle, to commit the final blow.
Read more →

Each Security Hole Is Created By Someone Deliberately.

Naked Security reports another (not very special) piece of malware for Android. It is quite sophisticated and effective, it has fooled almost 200K users.

I want to talk about one particular detail, quote:

The apps were installed directly onto unwitting Android devices as the extension bypassed the operating system’s permissions process.

Once again my question is how is it even possible in a mentally sane world??? Who created this bypass and why? No questions asked to Android, everybody is throwing feces at «evil-evil-evil» developers of malware. I believe that the idea of infosec related media is to channel the users' wrath into a safe direction, away from those who made malware possible in the first place, and suppress real inconvenient questions to the «trusted» developers and «respected» vendors.

Within the next few days I will explain you all evils of the android quasi-security — today I am too angry.

A Trap Hidden Deep Within Apache Cordova

During the development of the Cordova application «Siberian Dice» for Android I have encountered a particularly nasty trouble, so very tiny yet absolutely devastating. It was a very well hidden trap, and the experience of falling into this trap was so spectacular and puzzling that I was moved to create a stackoverflow.com account — imagine my frustration! It is a terrible feeling when you find out that the problem you just faced is not googleable, and even stackoverflow has no answer, not even a stupid one. So, I had to investigate it myself. I succeeded and (because I did not want anybody else to lose any more time on investigating the bug I already investigated) posted the solution on stackoverflow. And then I forgot the issue.
Read more →

Making A Game: Siberian Dice

I was asked to shed some light on the development process of Siberian Dice. Surprisingly, there are interesting aspects to speak about.

First of all, it was not meant to be a mobile application. It was all started as a purely mathematical endeavour. Initially, we wanted to investigate some properties of the game, once it appeared so elegant and sophisticated to us. At a certain point we decided to develop an AI, in order to produce some «real» games for further investigation, where by «some» I mean an amount orders of magnitude greater than a human can produce simply by playing the game full-time for several years.
So we did.
Read more →