PaulDotCom mailing list archives
Re: Pauldotcom Digest, Vol 24, Issue 14
From: Jake Johnstone <jakejohnstone () hotmail com>
Date: Thu, 16 Sep 2010 14:50:48 +0100
Android: pattern security lock vs. 4 characters PIN from a security side The android patern lock or gesture lock as i call it is vulnerable to attack as mentioned by Anthony Miracle but the lock can also be very easily removed on rooted devices. It is viable that if the attacker had access to the phojne they could root the device and remove the lock to gain entry. I believe the lock could also be vulnerable to a cracking attack vector by hashing the key file with representing gestures into a list and matching against it. You may want to check out my blog post about it here http://sud0x3.net/2010/03/remove-the-gesture-lock-on-the-android/
From: pauldotcom-request () mail pauldotcom com Subject: Pauldotcom Digest, Vol 24, Issue 14 To: pauldotcom () mail pauldotcom com Date: Thu, 16 Sep 2010 12:00:02 +0000 Send Pauldotcom mailing list submissions to pauldotcom () mail pauldotcom com To subscribe or unsubscribe via the World Wide Web, visit http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom or, via email, send a message with subject or body 'help' to pauldotcom-request () mail pauldotcom com You can reach the person managing the list at pauldotcom-owner () mail pauldotcom com When replying, please edit your Subject line so it is more specific than "Re: Contents of Pauldotcom digest..." Thank you for subscribing to the PaulDotCom Mailing list digest. Please visit our site, http://pauldotcom.com, for more hacking entertainment. Today's Topics: 1. Re: Office password recovery/removal (k41zen Me) 2. Re: Android: pattern security lock vs. 4 characters PIN from a security side (Anthony Miracle) 3. What am I missing? (k41zen Me) ---------------------------------------------------------------------- Message: 1 Date: Wed, 15 Sep 2010 15:46:45 +0100 From: k41zen Me <k41zen () me com> Subject: Re: [Pauldotcom] Office password recovery/removal To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> Message-ID: <981E2E1E-0328-4598-9750-202902A514FA () me com> Content-Type: text/plain; charset=us-ascii So went with the recommended app from Elcomsoft and it did a great job. Took less than a second to obtain the users .pst password. Thanks to everyone. On 11 Sep 2010, at 17:50, Tyler Robinson wrote:I will second elcomsoft had good results with them.All, Can you recommend any good Office password recovery/removal apps for Windows and Linux? My immediate requirement is to either recover or remove one from an Outlook 2003 .pst file. Grateful for suggestions. k41zen Super Hero Squad _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com------------------------------ Message: 2 Date: Wed, 15 Sep 2010 10:44:55 -0400 From: Anthony Miracle <ronin7 () calima7 net> Subject: Re: [Pauldotcom] Android: pattern security lock vs. 4 characters PIN from a security side To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> Message-ID: <AANLkTi=cDKTVCzZ0aPmq+cv37Eza+B-FOzZyKdJUwLL8 () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" As others have mentioned, it's often easy to figure it out from the marks left on the screen if you don't clean it often. Additionally, as a small experiment, I set a fairly complicated pattern and asked a co-worker to watch me quickly enter it once. He was able to duplicate the pattern on his first try. I did not have it set to display the pattern, he was just watching my finger. In my opinion, it's just easier to observe and memorize a pattern than it is to observe and memorize several rapidly typed numbers on these phones. --- Anthony Miracle (sequel7) On Tue, Sep 14, 2010 at 14:27, Sven Aluoor <aluoor () gmail com> wrote:Hi folks Is "pattern security lock" more secure than a strong 4 characters PIN (I used it on iPhone)? Is the Android implementation vulnerable? cheers Sven _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100915/9c940aa2/attachment.html ------------------------------ Message: 3 Date: Wed, 15 Sep 2010 18:29:23 +0100 From: k41zen Me <k41zen () me com> Subject: [Pauldotcom] What am I missing? To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> Message-ID: <4EA0854A-6FAD-4857-A0AB-C15F9963FB42 () me com> Content-Type: text/plain; charset=us-ascii So I'm in the UK. I've got tonnes of RSS feeds and am on a few very informative mailing lists - heck I even jump in and out of Twitter every now and again to try to keep up-to-date. Imagine my surprise (Vorstedt voice from Leathal Weapon 2) then when I was driving to work listening to the latest PDC when it mentions UpSpolit. Here is an awesome service set-up and supported by numerous English blokes and a US podcast is introducing it to me! I'm sitting there on the M25 thinking how the hell did I miss that? Was it a closely kept secret? So what did I miss? What am I not reading? What am I not listening to? What tweets am I not being...erm...twatted with? k41zen ------------------------------ _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom End of Pauldotcom Digest, Vol 24, Issue 14 ******************************************
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: Pauldotcom Digest, Vol 24, Issue 14 Jake Johnstone (Sep 16)