lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAJtJjZs4OJKH4xaZ18d4RXGcXaqzgeARH7jG_vcD2bTQmZ=yOw@mail.gmail.com>
Date: Mon, 3 Oct 2011 12:53:36 +0100
From: Darren Martyn <d.martyn.fulldisclosure@...il.com>
To: GloW - XD <doomxd@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Massive Security Vulnerability In HTC Android
 Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS,
 Emails Addresses, Much More

*laughs* Ah I remember those days well... I just broke into my own
voicemails off a friends phone to test... Still vuln to this day! (well, it
is a "feature", not a bug, or so I am told...)

On Mon, Oct 3, 2011 at 12:36 PM, GloW - XD <doomxd@...il.com> wrote:

> haha.. reminds me of old days of pbxs!
>
> hang each others voicemail greetings for fun...
>
> rofl.. we used to press 1+# and 0+# or 1+* sometimes, always oen fo those
> combos.. together (produce a sharper tone) but had to be that combo,on old
> analogues, it would break thru most answering-machines and we could then
> change for example "welcome to the deans residence.." to "welcome to hot,
> sweaty ...."u get the drift :P
> lol... those days are over for me now but, darn miss analogue!
> gnite!
> xde
>
>
>
> On 3 October 2011 22:24, Darren Martyn <d.martyn.fulldisclosure@...il.com>wrote:
>
>> NOTW "Hacking" method for phones is nothing to do with this. Voicemail
>> hacking in the UK involves calling the victim, hammering the # button while
>> the phone rings, and being redirected to their voicemail box. Then you just
>> press 0000 and # and DONE! (sometimes they have a password, but a 4 digit
>> pass is 10,000 combinations. Most people use easy to remember ones so a
>> simple bit of SE and some simple "looking at the phone keypad" and BOOM!
>> done!)
>>
>> As kids we used to do this to each other and change each others voicemail
>> greetings for fun... Nothing has changed in the UK and Eire since. IN fact,
>> I will post agian in an hour to confirm - I will break into my own
>> voicemails and check.
>>
>> On Mon, Oct 3, 2011 at 12:17 PM, GloW - XD <doomxd@...il.com> wrote:
>>
>>> No surpise... theyre ext4 partitions are completely vulnerable.. try tell
>>> an anddroid user that, tho. Spender 9grsecurity.net0 has exposed the ext4
>>> bug, wich allows remote user addition to, whatever kernel, i assume runs the
>>> ext4 right... with some small changes ofc to code... so, it is strange they
>>> dont patch, i myself use 1.6 , but, wow this rally blows things for many
>>> users.. interesting stuff, and maybe is good thing i use the old 1.6 api..
>>> hehe. seems newer the stuff, more the chances of malicious activity.. i
>>> guess NOTW m anagement mustve known this one forsure.
>>> thx for that, insightful , and,reminds me more that, a phone nowdays is
>>> almost as dangerous as a laptop in your hand.
>>> cheers,
>>> xd
>>>
>>>
>>>
>>> On 3 October 2011 19:30, Di. Tled <ditled@...ano.me> wrote:
>>>
>>>>
>>>> http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/
>>>>
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>
>>>
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ