Full Disclosure mailing list archives
Re: DEF CON 19 - hackers get hacked!
From: "-= Glowing Sex =-" <doomxd () gmail com>
Date: Wed, 10 Aug 2011 20:56:57 +1000
Helo again stranger, hehe, well, the old method was to use a fake html page to ask for some 'java update' to view some non existent 'suuposedly' awesome, poster/pic/mvie.. on myspace, this was written in VB but,, logged every email that clicked and, this loaded an exe, in 2 days was 200 thousand boxes on one ircd.. this di not last once the myspace found out.. but it was nonetheless, a BIG one... and yes, i still have the ONLY src i know for this kind of trickter method.. it is VB :P hehe. times are a changing... but, i see now what tyou mean... still, i just dont know why people even INSTALL or, accept anything at a defcon meeting, ofc someone will try to make some name, mining for data, is stealing an id nowdays, so there would be GREat potential for one device, to connect to some network, and rescan for other weak/known exploits... then you have an army :) but, intersting about 4G... i have not yet to see that haxd so, 1 point for that but, thats prolly coz ui aint really been looking at that side of it ... and, kinda wish that some idiot would try and fool me at a defconz .... it would be fun to watch tho... i still rember the gotse loading in corner of pages....ahhh the old days.... nice writeup tho coderman, well researched article wich i even have to re read :) cheers xd On 10 August 2011 20:07, coderman <coderman () gmail com> wrote:
On Wed, Aug 10, 2011 at 2:55 AM, -= Glowing Sex =- <doomxd () gmail com> wrote:...so whats s new... same methods, and same bs... i just dont see any usefulness to what could be done anytime, and if you were silly enough to accept ASNY files direct dl at ANY **COn, expect it :P~indeed. but as indicated, this system tried easy and known attacks first (including checking for "su" on device without authorization. did anyone click to give root to some strange app?) only when the easy and known attacks failed did the more advanced attacks take place. these were increasingly more interesting / novel attacks.but the method, is pathetically old, and, hiding behind some lame android-root, as most of these ppl do... when i see them lever, linux,withNO html, ill maybe like them abit :P~~not sure what this means, but i like the idea of "NO html" ;)meh.. so whats new... hijacking a phone botnet would be fun but,not a botnet; a phone pilfering and surveillance network targeted at Rio attendees. a number of the attacks would only work and/or remain active while on the MitM network - designed with limited scope and longevity.i dont see why would bother scanning for them.. when, i have and, theyre pretty useless... well, maybe for android freaks...and, this is simple a root exploit or, exoploit being levered, thru an LDscanning for what? the intent was pretty clear and seemed entirely useful to the attackers: pilfer data from phones, leverage pwnd phones for surveillance within the conference / among attendees.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DEF CON 19 - hackers get hacked! coderman (Aug 10)
- Re: DEF CON 19 - hackers get hacked! -= Glowing Sex =- (Aug 10)
- Re: DEF CON 19 - hackers get hacked! coderman (Aug 10)
- Re: DEF CON 19 - hackers get hacked! -= Glowing Sex =- (Aug 10)
- Re: DEF CON 19 - hackers get hacked! coderman (Aug 10)
- Re: DEF CON 19 - hackers get hacked! coderman (Aug 10)
- Re: DEF CON 19 - hackers get hacked! Eric McCann (Aug 10)
- Re: DEF CON 19 - hackers get hacked! coderman (Aug 11)
- <Possible follow-ups>
- Re: DEF CON 19 - hackers get hacked! Basan (Aug 11)
- Re: DEF CON 19 - hackers get hacked! Ivan . (Aug 11)
- Re: DEF CON 19 - hackers get hacked! chris nelson (Aug 12)
- Re: DEF CON 19 - hackers get hacked! -= Glowing Sex =- (Aug 10)