[Full-disclosure] QR code and the jester
SanguineRose at OccultusTerra.com
Tue Mar 13 18:03:11 GMT 2012
There is a lot of issues that don't make sense and problems with his
write up. I asked him about it and he couldn't say much about it
besides a single admission of one of my points I outlined about usage
of netcat. My talk with him regarding the issues I noticed in his blog
post here http://pastebin.com/XbUTmjsp .
Rather then re-posting all my thoughts on it, you can find it here:
Basic summary as follows:
He is using a 2 year old exploit with apparently no compensation for
iOS or Android shellcodes. He then goes on to explain that he used
netcat which is a very inefficient tool to use for mass exploitation.
Then there is the issue of how he extracted the data off the phones
using a reverse shell, which I point out should optimally have been
done with a native executable. I am honestly not that familiar with
what exactly is installed on iOS and Androids but I would imagine it
would require the 'strings' command at the very least.
If any other information comes to light or he responds to any
criticisms so far reasonably I would say it's a complete fabrication.
I, of course, can admit if I am wrong but so far I just don't see
anything validating what he claimed to have done.
On Tue, Mar 13, 2012 at 6:14 AM, Fatherlaptop <fatherlaptop at gmail.com> wrote:
> So, anyone read the jesters "exploit" usage with QR code and netcat to catch bad guys?
> From: Randy
> It's an iPhone Thang!
> Was learning cursive necessary?
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure is hosted and sponsored by Secunia.