Re: iPhone Security

[Dave Aitel <dave.aitel () gmail com>]

You're not missing anything: The difference is one simple thing. If you set
up your email account on an iPhone with anything OTHER than "Other" you
don't even get the prompt. If you use "Other" then you get a prompt which
everyone seems to click, and they get owned.

-dave


On Mon, Jan 11, 2016 at 1:00 PM Bojan Zdrnja (SANS ISC) <bojan.isc () gmail com>
wrote:

> On 1/5/2016 5:31 PM, Dave Aitel wrote:
> >
> http://immunityproducts.blogspot.com/2016/01/the-danger-of-other-on-iphone.html
>
> Quoted from the article:
>
> "So what happens then is you, the user of the iPhone, will connect to
> AT&T wifi, and when you check your mail a little popup message will
> appear. It will offer you the option to "Continue". If you click that
> very natural button, SILICA will steal your password."
>
> So how is this different from any other WiFi AP impersonation (apart
> from the users not understanding what they are doing and clicking
> accept/continue)?
>
> Or I'm missing something here ...?
>
> Cheers,
>
> Bojan
>
> --
> Bojan Ždrnja
> CISSP, GCIA, GCIH, GWAPT
> Senior Information Security Consultant
>
> gsm:   +385 99 463 4466
> e-mail: bojan.zdrnja () infigo hr
>
> INFIGO IS d.o.o.
> Karlovačka cesta 24a, 10020 Zagreb
> Croatia
> tel:  +385 1 4662 700
> fax: +385 1 4662 701
> web: http://www.infigo.hr
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunityinc com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave