| New User, Welcome! Login |
Next Page >>
mobile devices
August 21, 2008
Risk Level:
Medium - Full TCP/IP access via RNDIS protocol over USB from
Windows Mobile device.
Summary:
With the introduction of ActiveSync 4.x, Microsoft significantly
altered how the Windows Mobile device communicates with the host PC.
SF> August 21, 2008
SF> Risk Level:
SF> Medium - Full TCP/IP access via RNDIS protocol over USB from
SF> Windows Mobile device.
SF> Summary:
SF> With the introduction of ActiveSync 4.x, Microsoft significantly
SF> altered how the Windows Mobile device communicates with the host PC.
Vendors contacted: HTC (and MITRE - CVE ID)
-- Vulnerability description:
The default Twitter client (or application) in HTC mobile devices is called HTC Peep. HTC Peep is vulnerable to two different credentials disclosure vulnerabilities during the authentication process against the Twitter service (twitter.com).
During the authentication process, the HTC Peep app establishes an HTTP (TCP/80) connection against the twitter.com servers, sending a few HTTP OAuth-related requests. The first two HTTP GET requests try to gather and make use of an OAuth token: "GET /oauth/request_token" (the response contains the "oauth_token") and "GET /oauth/authorize?oauth_token=...".
The first vulnerability resides in the third HTTP request, a POST request towards the "/oauth/authorize" resource, which contains several parameters, including the Twitter username and password in the clear, making the authentication process vulnerable to eavesdropping attacks:
Vulnerable Products:
- HTC devices running Windows Mobile 6
- HTC devices running Windows Mobile 6.1
Non vulnerable products:
- HTC devices running Windows Mobile 5.0
- Other vendors’ Windows Mobile devices
References: http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/HTC-Windows-Mobile-OBEX-FTP-Service-Directory-Traversal.html
Summary:
HTC devices running Windows Mobile 6 and Windows Mobile 6.1 are prone to a directory traversal vulnerability in the Bluetooth OBEX FTP Service. Exploiting this issue allows a remote authenticated attacker to list arbitrary directories, and write or read arbitrary files, via a ../ in a pathname. This can be leveraged for code execution by writing to a Startup folder.
============================================================
TECHNICAL PROGRAM HIGHLIGHTS
Featuring 58 technical papers, on Applied Cryptography, Attacks, RFID,
Privacy, Anonymization, Formal Techniques, Cloud Security, Security of
Mobile Services, Security for Embedded and Mobile Devices, Systems and
Networks Security, Software Security, Designing Secure Systems,
Malware and Bots topics. The program also includes 5 tutorials, 12
workshops, and poster/demo session.
============================================================
TUTORIALS
sending new / coolest research.
Just in case you need some ideas, some of the topics in security that
could be interesting to us:
* Mobile Devices
* Social Netwoking Threats
* Embedded Systems
* Social Networking and Client-Side Techniques
* Red Team Techniques
* Inside Jobs Detection/ Techniques
meters, automobile hacking, Hardware, mobile phones, lock-picking,
bypassing procedures and processes, etc, Be creative :-D)
2. The topics pertaining to security and Hacking in the following
domains(but not limited to)
- Hardware (ex: RFID, Magnetic Strips, Card Readers, Mobile Devices,
Electronic Devices)
- Tools (open source)
- Programming/Software Development
- Networks
- Information Warfare
I. Description
The Palm Pre WebOS <=1.1 suffers from a JavaScript injection attack that allows a malicious attacker to access any file on the mobile device.
Palm has patched this vulnerability and all users are recommended to upgrade to WebOS version 1.2+.
Palm WebOS 1.2 patch information can be found here: http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#12
II. Impact
We are still interested in talks, especially within some narrow areas:
1. Hybrid-wordlist-mangling ruleset construction logic for tools like
JtR, *hashcat and others
2. Mobile device password bypass, such as forensics tools to extract MS
activesync (or similar) data from iPhones, Android, Blackberry, Symbian,
WP7 etc.
3. Biometric authentication, especially blood vein authentication
(fingerprint is *so* 00's), as a replacement to old-style password
*Vulnerability Description*
Android is project promoted primarily by Google through the Open Handset
Alliance aimed at providing a complete set of software for mobile
devices: an operating system, middleware and key mobile applications
[1]. Although the project is currently in a development phase and has
not made an official release yet, several vendors of mobile chips have
unveiled prototype phones built using development releases of the
platform at the Mobile World Congress [2]. Development using the Android
platform gained activity early in 2008 as a result of Google's launch of
Platform:
Tested on Minimo .016 and .2 Windows Mobile Pocket PC 2005 and Firefox
2.0.0.6 Windows XP SP2
Requirements:
Mobile device running Windows Mobile Pocket PC or Firefox 2.0.0.6 on XP
Credits:
Seth Fogie
Airscanner Mobile Security
http://www.airscanner.com
meters, automobile hacking, Hardware, mobile phones, lock-picking,
bypassing procedures and processes, etc, Be creative :-D)
2. The topics pertaining to security and Hacking in the following
domains(but not limited to)
- Hardware (ex: RFID, Magnetic Strips, Card Readers, Mobile Devices,
Electronic Devices)
- Tools (open source)
- Programming/Software Development
- Networks
- Information Warfare
Vendor description:
-------------------
"Forefront Unified Access Gateway 2010 (UAG) delivers comprehensive,
secure remote access to corporate resources for employees, partners,
and vendors on both managed and unmanaged PCs and mobile devices.
Utilizing a combination of connectivity options, ranging from SSL VPN
to Direct Access, as well as built in configurations and policies,
Forefront UAG provides centralized and easy management of your
organization's complete anywhere access offering.
Vulnerability: Memory Corruption
Details:
HTCVideoPlayer is the default media player of HTC Windows Mobile devices. This media player is prone to a memory corruption vulnerability while parsing stbl atom of 3g2 video format.
20:420> r
r0=2b7ea77c r1=2b7f15bb r2=00000004 r3=00000080 r4=4141413d r5=2b7ea7d4
r6=00000004 r7=2b7ea77c r8=00000000 r9=00000000 r10=000209f0 r11=2b7efdec
r12=03f9e594 sp=2b7ea74c lr=01323c7c pc=03f9e8e4 psr=60000010 -ZC-- ARM
Security of applications and services operating with financial funds
State projects security
SCADA security
Communication systems security
Russian software security
Mobile devices security
Malicious software
Social networks and WEB 2.0 hacking
Program researching without sources
Vulnerability searching and exploiting
Software, hardware and networks researching
Just my two cents, but...
Many mobile providers are implementing caching on their proxies to make
up for the overpopulated state of their networks, and depending on how
the session ID is generated and stored (being a mobile device this is a
bit more complicated than just setting cookies), it wouldn't necessarily
be a routing problem on the network layer, but could be a routing
problem within the application because of cached resources.
If, for example, facebook set the cookie in a non https session, or in
- General system exploitation techniques, vuln-dev and shellcoding
- Web application hacking
- Phone phreaking
- Fuzzing and application security test
- Hardware hacking, embedded systems and other electronic devices
- Mobile devices exploitation, Symbian, P2K and bluetooth technologies
- Analysis of virus, worms and all sorts of malware
- Reverse engineering
- Rootkits
- Security in Wi-Fi and VoIP environments
- Information about smartcard and RFID security and similars
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 21, 2011
I. BACKGROUND
The OfficeImport framework is an API used by Apple's mobile devices,
including the iPod Touch, iPhone, and iPad. The framework is used to
parse and display Microsoft Office file formats, such as Excel, Word,
and PowerPoint. The OfficeImport framework is used by several
applications, including MobileMail and MobileSafari. Both of these
applications are attack vectors for this vulnerability. For more
There is a fairly in depth discussion of the issue here:
http://arstechnica.com/web/news/2010/01/facebook-att-play-fast-and-loose-with-user-authentication.ars
Not a routing issue, more of a proxy issue, and not uncommon in mobile carrier networks. Getting security right in a mobile application is tricky given how carriers manage Internet access. With the growth of smartphones these kinds of issues will become more prevalent until carriers refactor how they manage traffic via their proxy's. I'll also note that while the referenced article suggests the use of SSL, there are issues with support in the mobile environment for SSL in terms of which certificate authorities are pre-installed on phones, whether applications have access to the certificate store on the mobile device (or need an embedded certificate), how certificate chaining and wildcarding is supported, and so on.
*********** REPLY SEPARATOR ***********
On 1/16/2010 at 7:39 AM Michael Scheidell wrote:
hour (45-50 minutes + questions), or 2 hours including a break. We are
especially interested in:
Protecting against online attacks, such as detecting, rate-limiting and
blocking them, implementing hashing schemes such as PBKDF2, Bcrypt and
PBMAC, and attacks against passwords on mobile devices. If you mention
forensics or PCI-DSS somewhere in there as well, you just might be a
winner.
Cool Guy Challenge:
We'd like to see a presentation on the probability & feasibility of
This Security Fix provides remediation for items that cause this behavior through product fixes, as well as configuration and policy changes. More information on each of these items is included below.
RSA has identified and addressed the potential security flaws as part of this Security Fix:
•In certain circumstances, device recovery capabilities and device identification used by the defined policy may be impacted by the data elements sent from the end user’s device. This may potentially allow the system to recover a previously non-registered device or allow access for a registered device despite forensic differences. This potential flaw affects both web and mobile browsers. CVE (Common Vulnerability Enumeration) ID for this issue CVE-2011-2741.
•In certain circumstances, the application may match device tokens sent from mobile apps without proper forensic evaluation used by the defined policy. This may potentially allow access from the mobile device to the protected application without a challenge. This potential flaw only affects mobile apps and does not affect web browsers. CVE (Common Vulnerability Enumeration) ID for this issue CVE-2011-2742.
In addition, the Security Fix provides better capabilities to differentiate between activities originating from web browsers, mobile browsers, and mobile apps. This also allows customers to enable / disable the Device Recovery for each.
Due to forensic similarities between browsers across mobile devices, RSA recommends that customers use these capabilities to disable device recovery specifically for mobile browsers.
Note: Due to the nature of above changes, deployment of this Security Fix may have an impact on existing challenge rates. As with any other Security Fix, RSA recommends that customers fully test the fix before going into production.
Hello All,
And ClubHack Mag is seeking submissions for next issue, Issue21-October 2011.Just like September issue, October issue will also be on Malwares.
But articles on following topics are also welcome:-
1. Mobile devices exploitation, vulnerabilities, malware, VOIP and Telecom
2. Virtualization security, hacking VMs
3. Information Warfare
4. Forensics and Anti-Forensics
5. Social Engineering
Jul 20, 2011
I. BACKGROUND
Safari is Apple's web browser, and is based on the open source WebKit
browser engine. MobileSafari is Safari for Apple's mobile devices
including the iPad and iPhone. For more information, see the vendor's
site found at the following link.
http://www.apple.com/safari/
We're happy to announce that the sixth annual SANS AppSec Summit will be
held in Las Vegas, Nevada on April 30 - May 1, 2012.
The theme for this conference is "Application Security at Scale".
Billions of records in the cloud. Millions of smart mobile devices.
Millions of developers writing new code. Hundreds of apps in your
enterprise. Untold numbers of existing bugs. Unknown numbers of
"sophisticated" attackers exploiting your software. What cutting edge
techniques are attackers using? How do large enterprises handle these
problems at scale? And how do small companies manage it all with fewer
Ruxcon would like to invite people who are interested to submit a presentation.
Topics of interest include, but are not limited to:
* Mobile Device Security
* Virtualisation, Hypervisor and Cloud Security
* Malware Analysis
* Reverse Engineering
* Exploitation Techniques
* Rootkit Development
Ruxcon would like to invite people who are interested in security to submit a presentation.
Topics of interest include, but are not limited to:
o Mobile Device Security
o Virtualization, Hypervisor, and Cloud Security
o Malware Analysis
o Reverse Engineering
o Exploitation Techniques
o Rootkit Development
===========
We are mainly interested in talks on
Virtualization Stuff
Modern physical attacks (Eavesdropping/tapping, bugging devices, attacks on mobile devices)
Embedded Devices
Industrial Networking
Security in Carrier Environments
Secure Coding
Ruxcon would like to invite people who are interested in security to submit a presentation.
Topics of interest include, but are not limited to:
o Mobile Device Security
o Virtualization, Hypervisor, and Cloud Security
o Malware Analysis
o Reverse Engineering
o Exploitation Techniques
o Rootkit Development
session hijacking, buffer overflow, denial of service, social
engineering, etc.). Collaborative organizations require better
security properties (strong authentication, efficient encryption,
Mandatory Access Control, integrity, non-repudiation and
availability). Nowadays, collaborative organizations use new
technologies such as mobile devices, smartcards, wireless networks,
high performance networks, grid computing, multi-agent systems,
peer-to-peer systems, sensor networks. These environments introduce
new needs, requirements and difficulties related to security. Hence,
collaborative organizations and technologies face several challenges in
the field of security.
* Biometrics
* Digital Forensics
* Exploitation Tactics
* Java & .NET Security
* Malware Analysis
* Mobile Device Security
* Operating System Security (7, XP, Vista, GNU/Linux, OS X, Plan 9, *BSD, …)
* Personal Area Network hacking
* Rootkit Detection, Techniques, and Defenses
* Source Code Auditing & Review
* Steganography & Cryptography in Information Security
Next Page>>
|
|
|
