lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 13 Mar 2012 12:03:11 -0600
From: Sanguinarious Rose <SanguineRose@...ultusTerra.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: QR code and the jester

There is a lot of issues that don't make sense and problems with his
write up. I asked him about it and he couldn't say much about it
besides a single admission of one of my points I outlined about usage
of netcat. My talk with him regarding the issues I noticed in his blog
post here http://pastebin.com/XbUTmjsp .

Rather then re-posting all my thoughts on it, you can find it here:
http://reapersec.wordpress.com/2012/03/13/th3j35t3r-and-qr-exploits-exposed/

Basic summary as follows:

He is using a 2 year old exploit with apparently no compensation for
iOS or Android shellcodes. He then goes on to explain that he used
netcat which is a very inefficient tool to use for mass exploitation.
Then there is the issue of how he extracted the data off the phones
using a reverse shell, which I point out should optimally have been
done with a native executable. I am honestly not that familiar with
what exactly is installed on iOS and Androids but I would imagine it
would require the 'strings' command at the very least.

If any other information comes to light or he responds to any
criticisms so far reasonably I would say it's a complete fabrication.
I, of course, can admit if I am wrong but so far I just don't see
anything validating what he claimed to have done.

On Tue, Mar 13, 2012 at 6:14 AM, Fatherlaptop <fatherlaptop@...il.com> wrote:
> So, anyone read the jesters "exploit" usage with QR code and netcat to catch bad guys?
>
> From: Randy
>
> It's an iPhone Thang!
> Was learning cursive necessary?
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ