Moris Vafaris

1602890375

Stubbing HTTP Response by Using Apple-Authorised Man-in-the-Middle Attack

https://medium.com/better-programming/stubing-http-response-by-using-apple-authorised-man-in-the-middle-attack-e0159671c4dd

#ios #swift #xcode #mobile-apps

What is GEEK

Buddha Community

Stubbing HTTP Response by Using Apple-Authorised Man-in-the-Middle Attack
Wilford  Pagac

Wilford Pagac

1603141200

Stubbing HTTP Response by Using Apple-Authorised Man-in-the-Middle Attack

iOS apps interact a lot with the network. They read or write state to or from the server, and fetch data, images, audios, and videos from remote. To protect and verify the network layer, we write unit tests around it. Sadly, if we write tests that rely on networking, they will be slow and unstable. And to be fair, they are not really unit tests but more integration tests.

How can you stub the network request and response and isolate the unit test’s code from networking without installing any third-party libraries? Registering your own instance of URLProtocol at the URLSession configuration is the key:

urlSessionConfiguration.protocolClasses = [StubURLProtocol.self]

The following explains the code in detail.

road sign warning of curves ahead on a mountain road

Photo by NOAA on Unsplash

1. The Core Flow of the URL Loading System

diagram of default flow of URLSession

URLSession Default Flow by Eric Yang

URLSession

URLSession plays the core role of the iOS URL Loading System. The instance of URLSession creates one or more instances of URLSessionTask, which can be the instances of its subclasses:

  • URLSessionDataTask: Fetch and return data to your app
  • URLsessionUploadTask: Upload data and files to the remote
  • URLSessionDownloadTask: Download data and files from the remote
  • URLSessionStreamTask: Read and write from and to the remote by using an enqueued and executed serially TCP/IP connection
  • URLSessionWebSocketTask: Read and write asynchronously from and to the remote by using TCP and TLS in the form of WebSocket framing.

#swift #programming #xcode #ios #mobile

Why Use WordPress? What Can You Do With WordPress?

Can you use WordPress for anything other than blogging? To your surprise, yes. WordPress is more than just a blogging tool, and it has helped thousands of websites and web applications to thrive. The use of WordPress powers around 40% of online projects, and today in our blog, we would visit some amazing uses of WordPress other than blogging.
What Is The Use Of WordPress?

WordPress is the most popular website platform in the world. It is the first choice of businesses that want to set a feature-rich and dynamic Content Management System. So, if you ask what WordPress is used for, the answer is – everything. It is a super-flexible, feature-rich and secure platform that offers everything to build unique websites and applications. Let’s start knowing them:

1. Multiple Websites Under A Single Installation
WordPress Multisite allows you to develop multiple sites from a single WordPress installation. You can download WordPress and start building websites you want to launch under a single server. Literally speaking, you can handle hundreds of sites from one single dashboard, which now needs applause.
It is a highly efficient platform that allows you to easily run several websites under the same login credentials. One of the best things about WordPress is the themes it has to offer. You can simply download them and plugin for various sites and save space on sites without losing their speed.

2. WordPress Social Network
WordPress can be used for high-end projects such as Social Media Network. If you don’t have the money and patience to hire a coder and invest months in building a feature-rich social media site, go for WordPress. It is one of the most amazing uses of WordPress. Its stunning CMS is unbeatable. And you can build sites as good as Facebook or Reddit etc. It can just make the process a lot easier.
To set up a social media network, you would have to download a WordPress Plugin called BuddyPress. It would allow you to connect a community page with ease and would provide all the necessary features of a community or social media. It has direct messaging, activity stream, user groups, extended profiles, and so much more. You just have to download and configure it.
If BuddyPress doesn’t meet all your needs, don’t give up on your dreams. You can try out WP Symposium or PeepSo. There are also several themes you can use to build a social network.

3. Create A Forum For Your Brand’s Community
Communities are very important for your business. They help you stay in constant connection with your users and consumers. And allow you to turn them into a loyal customer base. Meanwhile, there are many good technologies that can be used for building a community page – the good old WordPress is still the best.
It is the best community development technology. If you want to build your online community, you need to consider all the amazing features you get with WordPress. Plugins such as BB Press is an open-source, template-driven PHP/ MySQL forum software. It is very simple and doesn’t hamper the experience of the website.
Other tools such as wpFoRo and Asgaros Forum are equally good for creating a community blog. They are lightweight tools that are easy to manage and integrate with your WordPress site easily. However, there is only one tiny problem; you need to have some technical knowledge to build a WordPress Community blog page.

4. Shortcodes
Since we gave you a problem in the previous section, we would also give you a perfect solution for it. You might not know to code, but you have shortcodes. Shortcodes help you execute functions without having to code. It is an easy way to build an amazing website, add new features, customize plugins easily. They are short lines of code, and rather than memorizing multiple lines; you can have zero technical knowledge and start building a feature-rich website or application.
There are also plugins like Shortcoder, Shortcodes Ultimate, and the Basics available on WordPress that can be used, and you would not even have to remember the shortcodes.

5. Build Online Stores
If you still think about why to use WordPress, use it to build an online store. You can start selling your goods online and start selling. It is an affordable technology that helps you build a feature-rich eCommerce store with WordPress.
WooCommerce is an extension of WordPress and is one of the most used eCommerce solutions. WooCommerce holds a 28% share of the global market and is one of the best ways to set up an online store. It allows you to build user-friendly and professional online stores and has thousands of free and paid extensions. Moreover as an open-source platform, and you don’t have to pay for the license.
Apart from WooCommerce, there are Easy Digital Downloads, iThemes Exchange, Shopify eCommerce plugin, and so much more available.

6. Security Features
WordPress takes security very seriously. It offers tons of external solutions that help you in safeguarding your WordPress site. While there is no way to ensure 100% security, it provides regular updates with security patches and provides several plugins to help with backups, two-factor authorization, and more.
By choosing hosting providers like WP Engine, you can improve the security of the website. It helps in threat detection, manage patching and updates, and internal security audits for the customers, and so much more.

Read More

#use of wordpress #use wordpress for business website #use wordpress for website #what is use of wordpress #why use wordpress #why use wordpress to build a website

Maria Smith

1623919962

How can I get a human at Apple to report problem?

**How Do I Report a Problem to Apple Customer Service?
**

There are times when you may find some issue with your Apple product however you rarely see an issue. You can report a problem if you want to. All you need is to perform a few simple steps and here are the steps that you should perform. Go through them.

**How can I get human at Apple?
**

• First and foremost, you need to go to reportaproblem.apple.com.
• Next, you have to sign in to your Apple account by entering your Apple ID and Password.
• In case you see a Report or Report a Problem option next to the item in which you see a problem, click it.
• After that, you need to follow the onscreen instructions and select a reason why you want to report a problem.
• Lastly, you need to submit your request.

**How do you get through to Apple Support?
**

With this, you can report online for your Apple product. In case you want to contact Apple customer service to report a problem, you can do that in the given ways.

  1. Over a Phone Call - Dial the customer service phone number to get help for any problem that you see with your Apple account. Also, you can report the problem on a single phone call.
    You can speak to a human at Apple technical support: (800) APL–CARE (800–275–2273)
  2. Through Live Chat - By requesting a live chat, you will be in touch with a representative who will assist you thoroughly to report a problem that you see with your Apple account.
  3. Via Email - The most common way to report a problem on Apple is email. You can compose an email explaining the issue that you see with the service and report it. Once your email is received, the tech support team acknowledges the issue and provides you all information within the least possible time.

By choosing any of the desired ways to report a problem, you can complain about the issue to the tech support team (Apple customer service). Also, you will no longer wonder how to get a human at Apple support. The above information will help you in all manners and let you experience the hassle-free service of Apple. So, dial the number or send an email, but get help from the experts.

#how can i get a human at apple #how do i reach a human at apple? #how do i call apple support? #contact apple support #call apple support #apple's online support

Seamus  Quitzon

Seamus Quitzon

1593152820

Apple Pays $100K Bounty for Critical 'Sign in With Apple' Flaw

Apple has fixed a critical flaw in its Sign in with Apple feature, which could have been abused by attackers to takeover victims’ third-party applications.

A researcher recently found a critical Apple vulnerability that, if exploited, could enable remote attackers to abuse the “Sign in with Apple” feature to take over victims’ third-party application accounts. The security researcher, Bhavuk Jain, reported the flaw to Apple via its bug bounty program, and was awarded $100,000 for the find.

The flaw stemmed from the “Sign in with Apple” feature, which was introduced by Apple at its Worldwide Developers Conference last year. Sign in with Apple aimed to make it easy and secure for Apple users to sign into third-party apps and websites. It did this by implementing an Apple-backed authentication system to replace social logins on third-party services.

“In the month of April, I found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn’t implement their own additional security measures,” said Jain, in his disclosure of the bug on Sunday. “This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not.”

Apple has since fixed the flaw. Threatpost has reached out to Apple for further comment.

One of the highlights of Sign in with Apple is that users could sign up with third-party services without needing to disclose their Apple ID email address to these services. This worked because Sign in with Apple would first validate users on the client side, and then initiate a JSON Web Token (JWT) request from Apple’s authentication services. This JWT would then be used by the third-party app to confirm the user’s identity.

The issue was that after Apple validated the user on the client side via their Apple ID email address, it did not verify that the JWT request was from that actual user account. An attacker could abuse this flaw by providing an Apple ID email that belongs to the victim and tricking Apple servers into generating a valid JWT payload. Once an attacker does this, he can then sign into a third-party app using the victim’s identity.

apple critical flaw

“I found I could request JWTs for any Email ID from Apple and when the signature of these tokens was verified using Apple’s public key, they showed as valid,” he said. “This means an attacker could forge a JWT by linking any Email ID to it and gaining access to the victim’s account.”

According to The Hacker News, the flaw could be exploited even if users had decided to hide their email IDs from third-party services. It could also be exploited to sign up new accounts with victims’ Apple IDs.

There are two hoops that attackers would need to jump through to make this exploit work. First, they would need an email ID for an Apple user – though that could be any Apple user’s email ID. Second, they would need to log into a third-party app via Sign in with Apple that didn’t require any further security measures.

Jain said the impact of this vulnerability is “quite critical” as it could allow full account takeover. Many developers have integrated Sign in with Apple into their services, including Dropbox, Spotify, Airbnb, and Giphy.

“These applications were not tested but could have been vulnerable to a full account takeover if there weren’t any other security measures in place while verifying a user,” Jain said.

Jain said that Apple conducted an investigation of their logs and determined there was no misuse or account compromise due to this vulnerability. The researcher found the flaw in April and reported it via Apple’s bug bounty program which earned him $100,000. Threatpost has reached out to Jain for further details on the timeline of discovering and reporting the flaw.

#mobile security #vulnerabilities #web security #app takeover #apple #apple bug bounty #apple flaw #bug bounty #critical flaw #security vulnerability #sign in with apple #third party app