Full Disclosure mailing list archives
Re: QR code and the jester
From: Sanguinarious Rose <SanguineRose () OccultusTerra com>
Date: Tue, 13 Mar 2012 12:03:11 -0600
There is a lot of issues that don't make sense and problems with his write up. I asked him about it and he couldn't say much about it besides a single admission of one of my points I outlined about usage of netcat. My talk with him regarding the issues I noticed in his blog post here http://pastebin.com/XbUTmjsp . Rather then re-posting all my thoughts on it, you can find it here: http://reapersec.wordpress.com/2012/03/13/th3j35t3r-and-qr-exploits-exposed/ Basic summary as follows: He is using a 2 year old exploit with apparently no compensation for iOS or Android shellcodes. He then goes on to explain that he used netcat which is a very inefficient tool to use for mass exploitation. Then there is the issue of how he extracted the data off the phones using a reverse shell, which I point out should optimally have been done with a native executable. I am honestly not that familiar with what exactly is installed on iOS and Androids but I would imagine it would require the 'strings' command at the very least. If any other information comes to light or he responds to any criticisms so far reasonably I would say it's a complete fabrication. I, of course, can admit if I am wrong but so far I just don't see anything validating what he claimed to have done. On Tue, Mar 13, 2012 at 6:14 AM, Fatherlaptop <fatherlaptop () gmail com> wrote:
So, anyone read the jesters "exploit" usage with QR code and netcat to catch bad guys? From: Randy It's an iPhone Thang! Was learning cursive necessary? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- QR code and the jester Fatherlaptop (Mar 13)
- Re: QR code and the jester not here (Mar 13)
- Re: QR code and the jester Sanguinarious Rose (Mar 13)