Crazed Bovine Traversal

17 06 2008 Hacking

So I was at a ‘talk’ recently where the topic was geared toward technically inclined, but the whole talk was geared toward managers and low level IT bubbas, if you will. But as I sat there stabbing myself in the eye with my pencil (hence the mad cow reference) I can up with some hair brained ideas. Now, some of these ideas might already be out there or thought of, and I haven’t googled any of them, just wanted to write them down somewhere for people to comment on.

1. Ringtone viruses: Now this was by no means an idea that I had but it was mentioned during the talk and I was intrigued how it worked or if the presenter just pulled it out of thin air. The reason I bring it up, other than for someone to explain it to me, but for reference later.

2. iPhone SDK based GPS hacking: So here is an idea, with the new craze that the new cheaper iPhone is going to create, what is stopping the mal-ware writers from writing an cool app that you can download, and now since you are connected to “MobileMe” it sends all of you email, contacts, files, and calendars to a new source. Plus now that it syncs everywhere, you think you are syncing with the “cool” apps servers and what they are doing a completely new form of spyware. They have a gps location on you, read your email, and have all of your corporate documents that you sync to iDisk. Talk about a Social Engineer/Phishers dream.

3. Contact Phishing: To keep going down the route we are already on, how often do you check to make sure that the phone number you have for “bank” is the correct number in your contacts list? What if someone using one of the previously mentioned avenues of attack, changed that number to another number and set up a Phishing 1800 line? Now, instead of having a browser to tell you that you are on the wrong server, you have to trust..... ? Exactly.

So to completely derail this post off the Mobile Hacking topic. I am looking for a good reference on Unix/FreeBSD crypto. I have a friend that is completely convinced that even if someone has your /etc/shadow file, that you are not in any danger. Help me out guys, a link, and explanation, anything would work.

 

Comments : 2 Comments »
Categories : Hacking
Trackbacks : No Trackbacks»

Comments

Display comments as (Linear | Threaded)
17 06 2008
#1 BagpipingBOFH (Reply)

Warrior, First of all...what the hell is up with your e-mail address? Second, if Red Hat is licensed under GNU how the hell can they charge you for it? Third, I was reading “Inside the Cuckoo’s Egg” and Cliff Stoll says that you cannot reverse the encryption in /etc/shadow because UNIX uses a “trapdoor” algorithm to hash the password and you would need a “super computer” to reverse that hash. Fourth, we at MikeCo need someone who can make our website look cooler. We don’t know how to customize our WordPress css and php pages. Fifth, I hope everything is going well. YNH
Comments ()
23 06 2008
#2 Squidly1 (Reply)

ooOOOOoooo... iPhone hacking. I don’t have an iPhone (got an 8830WE Crackberry), but I did purchase a new 32G iPod Touch recently. Sucker was less than 24 hours old before I jailbroke it. When it doesn’t crash, a jailbroken iPod Touch is really nice and appears to be a great platform for power users or hackers to play with (regardless of what Apple might want)... As for the evil peeps out there - there are a few. And the ability to push sketchy software on the unwary is trivially easy. More and more Apple users are starting to figure this out (finally), and have begun to compile black lists of known bad repo lists. Problem is, people have to be bit before a bad site or person gets added to a list like this, and it’s a rare user that pays that much attention to their device security. Guess the Apple security mystique (even if it’s not exactly true) has extended to their appliances and not just to their computers.
Comments ()

Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications
BBCode format allowed



Submitted comments will be subject to moderation before being displayed.