Joakim Uddholm

Joakim Uddholm

Security Engineer with a dash of software. Originally from Stockholm, now in Berlin. I like to hack things.

security

infosec

FitBit CSRF and XSS

A few months ago I bought a fitbit, which is a wristband tracking device.

Read
infosec

Bypassing Authentication to a Paid Wifi Hotspot

I spent the last week and a few days at my family's summer place on the

Read
infosec

label clickjacking and javascriptless csrf

Another niche attack. I happened to notice the interesting behaviour of

Read
infosec

Web Timing Attacks, Continued

Continuing on the subjects of timing attacks, I recently found a small

Read
infosec

Getting timing output from CSRF exploits

I've been playing around with the idea of timing attacks lately. The way

Read
infosec

QR Codes as Password Storage?

I played around yesterday with the idea of using QR-codes as an offline password storage. This way I don't have to rely on a database of passwords stored on my computer or in the cloud. I shudder at the thought of storing passwords in the cloud, encrypted or not. Instead my idea is to have printed QR codes in a binder, encrypted using a master password. To clarify, the content inside the QR code will be encrypted.

Read