lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <AANLkTilpaV4_oM7PJODHbRJ5ZJbaHhpcuRIdqHTW4TC0@mail.gmail.com>
Date: Thu, 22 Jul 2010 09:48:22 +1000
From: Fionnbharr <thouth@...il.com>
To: "hmmrjmmr@...il.com" <hmmrjmmr@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: "Jailpassing" technique for iphones

As everyone said more information is great, but I don't really like it
when sock puppets for companies mail to fd with a 'new technique'. I
say he's a sock puppet as hmmrjmm has only posted to the list twice
(or anywhere else on the internet with that address), both times about
ThinkSECURE.

>>From the article  - "we ran a demo of the technique for a local
reporter and the story ran in the Straits Times on 26 June 2010."

Just seems like releasing old techniques to get headlines for their company.


On 22 July 2010 02:29, hmmrjmmr@...il.com <hmmrjmmr@...il.com> wrote:
> Yeah, i second that - more videos = more helpful to everyone.
>
> What i found interesting about this one though is that it didn't stop at
> bypassing the code-lock but also alludes to what you can do to the phone
> from a non-forensic standpoint, e.g. load in "real-spy"ware (as in bugging
> or some other surveillance tool).
>
> The later part of the video showed the guy loading in a filesystem app
> (afs-something it was called??) to access the phone's root partition from
> his macbook.  If you're a gumshoe hired to keeps tabs on a suspected
> cheating spouse and was presented with the suspect's iphone, that could then
> be a prelude to loading in custom code or commercial bugging software to
> turn the phone into a bugging tool and the evidence of the jailbreak removed
> (as opposed to using the code-bypass to get into the phone to do forensics)
>
> So instead of bypassing the code-lock to access the phone for forensics
> purposes, you could instead load in surveillance/bugging software and then
> remove obvious evidence of the jailbreak (e.g. uninstall Cydia) and restore
> the passcode so that the user was none the wiser...
> Now that i think about it, this could be used for corporate espionage too
> (e.g. CEO getting his phone bugged...)
>
> On Wed, Jul 21, 2010 at 11:47 PM, Tyler Borland <tborland1@...il.com> wrote:
>>
>> Yes, same exact story with different software.  Pretty much, the only
>> difference is the tool they chose to modify.  There are a few webcasts
>> in which I saw when they came out, where that iPhone forensics book
>> guy does a good hour webcasts on what he did and what more is
>> possible.  Two different modified tools to do forensics (including the
>> get rid of passcode trick).  Even more if you include the Youtube
>> video that was linked in an earlier reply:
>>
>> http://oreillynet.com/pub/e/949  - IPhone Forensics Demo
>> http://oreillynet.com/pub/e/1093 - iPhone Forensics 101: Bypassing the
>> iPhone Passcode
>>
>> I still think the video was cool, however it didn't exactly offer
>> anything that wasn't available before.  Just proving possibility with
>> newer techniques.  More videos with more techniques is never a bad
>> thing.
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ