Re: QR code and the jester

[Sanguinarious Rose <SanguineRose () OccultusTerra com>]

There is a lot of issues that don't make sense and problems with his
write up. I asked him about it and he couldn't say much about it
besides a single admission of one of my points I outlined about usage
of netcat. My talk with him regarding the issues I noticed in his blog
post here http://pastebin.com/XbUTmjsp .

Rather then re-posting all my thoughts on it, you can find it here:
http://reapersec.wordpress.com/2012/03/13/th3j35t3r-and-qr-exploits-exposed/

Basic summary as follows:

He is using a 2 year old exploit with apparently no compensation for
iOS or Android shellcodes. He then goes on to explain that he used
netcat which is a very inefficient tool to use for mass exploitation.
Then there is the issue of how he extracted the data off the phones
using a reverse shell, which I point out should optimally have been
done with a native executable. I am honestly not that familiar with
what exactly is installed on iOS and Androids but I would imagine it
would require the 'strings' command at the very least.

If any other information comes to light or he responds to any
criticisms so far reasonably I would say it's a complete fabrication.
I, of course, can admit if I am wrong but so far I just don't see
anything validating what he claimed to have done.

On Tue, Mar 13, 2012 at 6:14 AM, Fatherlaptop <fatherlaptop () gmail com> wrote:
> So, anyone read the jesters "exploit" usage with QR code and netcat to catch bad guys?
>
> From: Randy
>
> It's an iPhone Thang!
> Was learning cursive necessary?
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/