Dailydave mailing list archives
Re: iPhone Security
From: Dave Aitel <dave.aitel () gmail com>
Date: Mon, 11 Jan 2016 18:12:22 +0000
You're not missing anything: The difference is one simple thing. If you set up your email account on an iPhone with anything OTHER than "Other" you don't even get the prompt. If you use "Other" then you get a prompt which everyone seems to click, and they get owned. -dave On Mon, Jan 11, 2016 at 1:00 PM Bojan Zdrnja (SANS ISC) <bojan.isc () gmail com> wrote:
On 1/5/2016 5:31 PM, Dave Aitel wrote:http://immunityproducts.blogspot.com/2016/01/the-danger-of-other-on-iphone.html Quoted from the article: "So what happens then is you, the user of the iPhone, will connect to AT&T wifi, and when you check your mail a little popup message will appear. It will offer you the option to "Continue". If you click that very natural button, SILICA will steal your password." So how is this different from any other WiFi AP impersonation (apart from the users not understanding what they are doing and clicking accept/continue)? Or I'm missing something here ...? Cheers, Bojan -- Bojan Ždrnja CISSP, GCIA, GCIH, GWAPT Senior Information Security Consultant gsm: +385 99 463 4466 e-mail: bojan.zdrnja () infigo hr INFIGO IS d.o.o. Karlovačka cesta 24a, 10020 Zagreb Croatia tel: +385 1 4662 700 fax: +385 1 4662 701 web: http://www.infigo.hr _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- iPhone Security Dave Aitel (Jan 05)
- Re: iPhone Security Kristian Erik Hermansen (Jan 05)
- Re: iPhone Security Bojan Zdrnja (SANS ISC) (Jan 11)
- Re: iPhone Security Dave Aitel (Jan 11)