Cybersecurity and Mobile Device Protection – Nakov at CareerShow (Sept 2019)

September 10, 2019
Today I was a speaker at a local conference, where I demonstrated how weak is the typical security in Android devices, how 10-years old schoolboy can hijack a mobile device (after getting a physical access) and control it remotely and why users should care about their devices: what they install, how they protect the screen
image

X.509 Certificate Validation in Java: Build and Verify Chain and Verify CLR with Bouncy Castle

December 1, 2009
For one of my recent projects I needed to implement X.509 certificate validation library that validates a certificate across given set of trusted root certificated and a set of intermediate certificate. Initially I thought this is a problem that has already out-of-the-box solution in BouncyCastle but the CRL verification was found to be unpleasant to
image

Disable Certificate Validation in Java SSL Connections

July 16, 2009
By design when we open an SSL connection in Java (e.g. through java.net.URL.openConnection(“https://….”)) the JSSE implementation of the SSL protocol performs few validations to ensure the requested host is not fake. This involves validation of the server’s X.509 certificate with the PKIX algorithm and checking the host name agains the certificate subject. If the SSL