Tag Archive for: handson

Sunday Gold Hands-On Preview – IGN

/in


In the hunt for something genuinely new, more and more developers are creating hybrids; smashing two genres together to make a wonderful Frankenstein’s monster of a game. Sunday Gold is one of the more enjoyably odd of these experiments I’ve seen in recent years. A mashup of Final Fantasy and Broken Sword, this slick-looking comic book crime drama is, bizarrely, a turn-based point-and-click adventure. And, from the three hours I’ve played so far, the combination appears to work surprisingly well.

Set in near-future London, where it’s always raining and the billionaires are fatter than they’ve ever been, Sunday Gold puts you in control of a trio of criminals attempting to bring down Kenny Hogan, the corrupt head of a massive corporation. The chunk I’ve played is cut from the very start, with the group’s objective being to infiltrate Hogan’s offices and steal a hard drive-full of incriminating data.

The quest for that data plays out, at least on the surface, like a pretty classic point-and-click adventure. Akin to your Monkey Islands and Gabriel Knights, you explore a bunch of locations in search of clues and items that fit together into a puzzle solution. CCTV needs to be disabled, drains need to be flooded to bring their contents to the surface, and secret passwords need to be unearthed from hidden spots. In the tradition of the genre, Sunday Gold embraces the pixel hunt; I spent a lot of time hovering my mouse over a room’s every item in search of something that could be picked up or interacted with.

But it’s when those items are found that Sunday Gold tears up the LucasArts rulebook. Firstly, you have three protagonists, each skilled in a different art. Found a door that won’t open? You’ll need to have Frank apply his lockpicking skills. Need to burn through a computer’s security? Then hacker Gavin is your man. Want a heavy locker pushed aside? Trunchbull-like bruiser Sally has the muscle for it. Each of these skills is performed with a unique mini-game, with Frank’s cylinder-rotating lockpicking being the most enjoyably tactile of the bunch.

The party fulfills all the demands of the traditional role-playing manual, with each member having bespoke…

Source…

Hands-on Mobile App and API Security – Runtime Secrets Protection

/in


old key in the forest floor on autunm

DevOps Connect:DevSecOps @ RSAC 2022

In a previous article we saw how to protect API keys by using Mobile App Attestation and delegating the API requests to a Proxy. This blog post will cover the situation where you can’t delegate the API requests to the Proxy, but where you want to remove the API keys (secrets) from being hard-coded in your mobile app to mitigate against the use of static binary analysis and/or runtime instrumentation techniques to extract those secrets.

We will show how to have your secrets dynamically delivered to genuine and unmodified versions of your mobile app, that are not under attack, by using Mobile App Attestation to secure the just-in-time runtime secret delivery. We will demonstrate how to achieve this with the same Astropiks mobile app from the previous article. The app uses NASA’s picture of the day API to retrieve images and descriptions, which requires a registered API key that will be initially hard-coded into the app.

Introduction to Some New Concepts

The last section may have introduced some new technical terms to you, and so an overview of these is below.

What is Mobile App Attestation?

This is the process of authenticating that a running instance of a mobile app is the same exact one that was uploaded to the app store. This process consists of attesting that the mobile app is not running in a compromised device, hasn’t been modified in any way, isn’t being manipulated during runtime, isn’t a target of an ongoing MitM attack, etc.

What are Runtime Secrets?

These are secrets provided to the mobile app at runtime via secure over-the-air updates from a third-party service, as they are required to make the API requests, and protected with Mobile App Attestation on retrieval and subsequent usage in the API calls.

The AstroPiks Mobile App

Now let’s look at the app we are going to use to demonstrate these principles. It’s a very simple mobile app that uses the Nasa API to show some nice pictures in a list from which you can select any and see more details about it.

The Setup

First, you need to clone the provided Github repo:

git clone –branch approov-runtime-secrets-protection https://github.com/approov/hands-on-api-proxy.git

Next, get your free NASA API key on…

Source…

Samsung Galaxy Note 10 Plus hands-on review – Digital Trends

/in

Samsung Galaxy Note 10 Plus hands-on review  Digital Trends

Samsung’s Galaxy Note 10 Plus is here, and it’s the biggest and best Samsung phone ever. Its key feature is its looks, as it has an attractive rear design, …

“Don’t Plug Your Phone into a Charger You Don’t Own” – read more

Hands-on: Apple AirPods 2 provide incremental improvements to the best truly wireless headphones for iPhone – 9to5Mac

/in

Hands-on: Apple AirPods 2 provide incremental improvements to the best truly wireless headphones for iPhone  9to5Mac

The Apple AirPods have led the truly-wireless earphone industry and maintained their crown ever since their release in late 2016. The changes introduced in …

“Don’t Plug Your Phone into a Charger You Don’t Own” – read more