lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 10 Aug 2011 03:07:08 -0700
From: coderman <coderman@...il.com>
To: "-= Glowing Sex =-" <doomxd@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: DEF CON 19 - hackers get hacked!

On Wed, Aug 10, 2011 at 2:55 AM, -= Glowing Sex =- <doomxd@...il.com> wrote:
>...so whats s new... same methods, and same bs...
> i just dont see any usefulness to what could be done anytime, and if you
> were silly enough to accept ASNY files direct dl at ANY  **COn, expect it
> :P~

indeed. but as indicated, this system tried easy and known attacks
first (including checking for "su" on device without authorization.
did anyone click to give root to some strange app?)

only when the easy and known attacks failed did the more advanced
attacks take place. these were increasingly more interesting / novel
attacks.



> but the method, is pathetically old, and, hiding behind some lame
> android-root, as most of these ppl do... when i see them lever, linux, with
> NO html, ill maybe like them abit :P~~

not sure what this means, but i like the idea of "NO html" ;)



> meh.. so whats new... hijacking a phone botnet would be fun but,

not a botnet; a phone pilfering and surveillance network targeted at
Rio attendees.

a number of the attacks would only work and/or remain active while on
the MitM network - designed with limited scope and longevity.



> i dont see
> why would bother scanning for them.. when, i have and, theyre pretty
> useless... well, maybe for android freaks...and, this is simple a root
> exploit or, exoploit being levered, thru an LD

scanning for what? the intent was pretty clear and seemed entirely
useful to the attackers: pilfer data from phones, leverage pwnd phones
for surveillance within the conference / among attendees.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ