"Comex", the developer of JailbreakMe 2.0, posted source code for the hacks that leveraged two vulnerabilities in iOS and allowed iPhone owners to install unauthorized apps. Minutes after Apple issued a security update Wednesday, the maker of a 10-day-old jailbreak exploit released code that others could put to use hijacking iPhones, iPod Touches and iPads.
The exploits that comex used to jailbreak the iOS could be used for other purposes, including delivering malicious payloads to grab control of iPhones, iPads , and iPod Touches. All that would be necessary is for hackers to dupe users into visiting a malicious Web site or persuading them to click on a link in an e-mail or text message.
The DefCon conference ended on Sunday, and this year’s edition of the “World’s Largest Hacker Conference” (as many call it) didn’t disappoint. We have news and coverage from a forensic and incident response viewpoint, including news about the Wikileaks incident you might not have seen elsewhere.
Samy Kamkar, in an incredibly interesting session at Black Hat titled “How I Met Your Girlfriend,” highlighted new types attacks executed from the Web. An interesting hack he demonstrated, was the ability to extract extremely accurate geo-location information from a Web browser, while not using any IP geo-location data.
Kamkar, by convincing the victim to visit his malicious Web site, used remote JavaScript and AJAX to acquire a routers MAC address. When the unsuspecting user visited his malicious Web site, JavaScript remotely scanned for the type of router used, accessed the routers MAC address and sent it directly to him. From there, he was able to utilize Google Street View data to determine the location of a router – in his case, accurate within 30 feet.
Kamkar, author of an XSS worm that hit MySpace and generated over 1mm friends for him in less than 24 hours, demonstrates this hack in the video below.
Video of Samy Kamkar demonstrating the geolocation hack from his talk at Black Hat 2010 last week in Las Vegas:
it turns out, by heading to https://www.facebook.com/directory, you can get a list of every searchable user on all of Facebook!
My first idea was simple: spider the lists, generate first-initial-last-name (and similar) lists, then hand them over to @Ithilgore to use in Nmap's awesome new bruteforce tool he's working on, Ncrack.
The Following news confirms that 7 Pakistani hackers working together against many government organisations and defacing their pages have been caught and been send behind Bars after many and continuous complaints against them.
