STRIP 2.3.0 Released with Time-based One Time Passwords

2014-05-20 12:00:00 -0400

This morning we're excited to introduce the next revision to STRIP with a great new feature: Time-Based One Time Password (OATH TOTP) fields that generate one-time access codes for Google, Dropbox, AWS, Microsoft and other services that use compatible 2-step authentication. Available now for Android, iOS, OS X and Windows, just save a TOTP key from your service provider in a TOTP field after you update STRIP and you'll begin seeing access codes and a count-down timer.

Download

Instructions for upgrading STRIP on all platforms are available here. If you're new to STRIP and you'd like to pick up a copy, head on over to getstrip.com.

Clipboard Timer for Android and iOS

Hot on the heels of our introduction of a preference to erase values copied to the clipboard after two minutes in STRIP 2.2 for OS X and Windows is a clipboard timer for Android and iOS, along with a matching preference to enable and disable the feature. Once you've exited STRIP the timer fires, clearing any data saved to the clipboard after two minutes.

Changes

STRIP for Android:

  • Adds TOTP support
  • Adds timer for clearing clipboard after two minutes
  • Fixes entry editor scrolling on KitKat

STRIP for iOS:

  • Adds TOTP support
  • Adds timer for clearing clipboard after two minutes

STRIP for OS X:

  • Adds TOTP support
  • Restores support for OS X Mountain Lion (by popular demand!)

STRIP for Windows:

  • Adds TOTP support
  • Disable sync menu when in edit mode
  • Add 4 and 8 hour autolock timeout periods within preferences
  • New toolbar/menu icons

Passwords 14

2014-05-19 13:45:34 -0400

Last year we learned about Per Thorsheim and Jeremi Gosney's Passwords conference, an annual and free conference on all things related to passwords, so I headed out to Las Vegas at the beginning of August to attend. It was such a fantastic, fun and deeply informative experience that this year we're heading back with our engineering team and are proud to announce our sponsorship of Passwords 14!

If you deal with passwords, password and security policies, hashing them, cracking them, protecting them with key-derivation, or you just want to know what makes a good password these days, this is the conference for you. Last year's single-track format never had a dull moment, with both high-level conceptual talks and in-depth demonstrations of newly-developed password hashing attacks—really some mind-blowing stuff even if you follow the topic regularly. Rare was the talk that did not involve oclHashcat at some point, and the Q&A sessions at the end of each talk were engrossing engagements. This year they'll be featuring two tracks of presentations, offensive and defensive, and I hear there's going to be a pool party! I'll let the guys give you the main pitch:

Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them. While large mainstream conferences tend to focus on current hot topics in the information security industry, Passwords events explore fringe conversations on everything from analysis and education to creating, securing, cracking, and exploiting authentication solutions. And unlike other events where the speaker is rushed in and out, Passwords provides an intimate environment for participants to directly engage speakers before, during, and after their presentations.

No need to register, Passwords 14 is being held at Tuscany Suites & Casino August 5-6th, so just book yourself a flight and a room.

Hope to see you there! Look for the guys wearing Zetetic shirts and say hello. Here's one of the talk from last year:

STRIP for Android Permissions

2014-04-21 10:18:32 -0400

STRIP for Android stores sensitive information, which may cause some to pause when they see the permissions required to run the application on their Android devices. STRIP for Android requires access to the Internet, access to your Google accounts, and telephone permissions to name a few. We would like to clarify the need for those permissions, and in doing so, explain a feature available in STRIP for those unaware.

STRIP for Android provides a mechanism when long tapping on any given field to allow you to perform context-specific actions on the data you store. For example, if you long tap on a URL, STRIP for Android will offer to launch that URL in a browser. Likewise, if you have a telephone number stored, a long tap will offer to dial that number for you. You can think of it as a quick action feature associated to the data you store, should you wish to invoke it. With regard to account access, that is to allow STRIP access to your Google Drive account, should you wish to perform backups/synchronize your data to your Google Drive account. That said, we do not make phone calls without your request, we also do not access your account information without your permission. An example of the context sensitive menu within STRIP for Android is shown below.

STRIP for Android Context Menu

With this, we hope you can use the quick action features within STRIP to streamline your experience within the application when accessing your information.

STRIP 2.2.1 for Android and OS X released

2014-04-15 10:02:52 -0400

This morning we're excited to pull the switch on two important updates to STRIP for Android and OS X. STRIP for Android is carrying numerous bug fixes we've been working on for a while and a new full-screen theme. STRIP for OS X has been updated to fix the previously noted data persistence bug and is now quite a bit more robust in that department.

To get the latest:

 

Bug in STRIP for OS X 2.2.0

2014-04-10 17:01:54 -0400

We've tracked down an ugly little bug in the latest update of STRIP for OS X, 2.2.0, involving data persistence for newly added or edited fields on entry records. While the bug itself has one main root due to a recent change in STRIP's plumbing, it can be demonstrated in a couple of ways outlined below. These bugs can be worked around and we have a bugfix release 2.2.1 in the App Store review pipeline now. With any luck we'll have the update in the Mac App Store next week.

Avoiding Data Loss

To edit a record in STRIP the customers clicks on the Edit button (or command+E) to begin editing. Edits to field values are not being saved immediately, but are being delayed until the user again clicks on Edit. Therein lies a good deal of the problem. If the customer chooses to then launch Sync before ending editing, or uses the "Create new label" feature the field values get whacked and are lost.

To avoid any data loss with STRIP 2.2.0 for OS X avoid using the Create new label feature until we get 2.2.1 out, and remember to end editing by clicking on the Edit button to ensure your chanages are saved. You can add new labels in the interim by going to the File menu and selecting Customize Labels.

STRIP 2.2.1 ensures edits are persisted to the encrypted database immediately as before. We apologize for the oversight, it's an embarassing bug.

If you would be interested in joining our private STRIP for OS X beta group, which will provide you with early access builds, please contact us at support@zetetic.net.