Re: [Full-disclosure] Android wipe unreliable
WOW. this is useful! I've sold my G1 and G2 thinking I was secure but well... thanks?!?! PS... why not Google plus this so I can reshare it? On Mon, Mar 19, 2012 at 2:46 AM, Jan Schejbal jan.mailinglis...@googlemail.com wrote: We have discovered that the wipe function on Android does not reliably delete data on all devices. On a Nexus S running Android 2.3.6, we were able to recover user data after running a wipe both using the factory data reset from the menu and by wiping the device from recovery. To recover data, the device must be rooted. This can be done after the wipe by using e.g. the zergRush root exploit. (Note that the official -- Robert Q Kim Event Management Company http://www.youtube.com/watch?v=w-4z-ZwF5VA 2611 S Coast Highway San Diego, CA 92007 310 598 1606 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] DC4420 - London DEFCON - March Meet - Tuesday 20th March 2012
Technical talk confirmed, still looking for a fun talk, but will take a lightning talk on the night if you have one. Tech : Handling Mercury by Nils of MWR Nils will introduce the new Android assessment framework 'Mercury' from MWR. It's a community tool set in as much as its free, open source and they're hoping for community contributions to the project. Fun : TBC/lightning Meeting is *** DOWNSTAIRS *** Room is ours from 17:30, talks kick off at 19:30 Venue is here: http://www.phoenixcavendishsquare.co.uk/ 2 minutes walk from Oxford Circus tube. Date: 20/03/2012 Time: 17:30 till kicking out Place: The Phoenix 37 Cavendish Square London W1G 0PP As always, all this year's dates are posted on the website: http://www.dc4420.org See you tomorrow! cheers, MM -- In DEFCON, we have no names... errr... well, we do... but silly ones... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] LiteSpeed = 4.1.11 Admin panel XSS
details at - http://k1p0d.com/?p=25 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fw: Earth to Facebook
The only other people that see the vulnerability are the select few in upSploit. OK. You should probably document that, and make it clear that this policy will not change without the reporter's explicit consent. It's an interesting project - but you guys are working for security software vendors and security consultancies, so I think it's important to clarify. Use it once for something you may not care about to much and see how it works for you. Well, that's not the point - the real question is what happens with valuable vulnerabilities. But really, I'm not criticizing. /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The Mystery of the Duqu Framework
https://www.securelist.com/en/blog/677/The_mystery_of_Duqu_Framework_solved The code was written using a custom OO C framework, based on macros or custom preprocessor directives. This was suggested by your comments, because it is the most common way to combine object-oriented programming with C. Not Told [ ] Told [x] Here let me re-quote my email for prosperity Yea, I have been thinking on ideas for that as well, I see no one has thought outside the box yet. I would look into OO'ed C (www.planetpdf.com/codecuts/pdfs/ooc.pdf) as being a possibility. Long before in the time when the mighty C++ was young, it was translated to C code for compilation. I have not had the time to dig into it yet to see how you could code it in OO C style code yet. You can implement much of the functionality of OO parts of C++ including virtual functions and other things. Well, these are my thoughts on it. More speculation at the moment but might be of use to someone. So, next time I would suggest actually reading and understanding what I post to the mailing list instead of cheerleader with that crappy told and not told meme. On Sat, Mar 10, 2012 at 1:40 PM, Laurelai laure...@oneechan.org wrote: On 3/10/12 2:16 PM, William Pitcock wrote: On 3/10/2012 9:00 AM, 夜神 岩男 wrote: On 03/10/2012 03:51 AM, f...@deserted.net wrote: http://www.securelist.com/en/blog/667/The_Mystery_of_the_Duqu_Framework Haven't seen this (or much discussion around this) here yet, so I figured I'd share. From the description, it looks like someone pushed some code from a Lisp[1] variant (like Common Lisp, which is preprocesed into ANSI C by GCL, for example, before compilation) into a C++ DLL. Normal in the deper end of Linux dev or Hurd communities, but definitely not standard practice in any established industry that makes use of Windows. I could be wrong, I didn't take the time to walk myself through the decompile with any thoroughness and compare it to code I generate. Anyway, I have no idea the differences between how VC++ and g++ do things -- so my analysis would probably be trash. But from the way the Mr. Soumenkov describes things it seems this, or something similar, could be the case and why the code doesn't conform to what's expected in a C++ binary. LISP would refer to specific constructor/destructor vtable entries as cons and there would be no destructor at all. The structs use vtables which refer to ctor and dtor, which indicates that the vtables were most likely generated using a C++ compiler (since that is standard nomenclature for C++ compiler symbols). It pretty much has to be Microsoft COM. The struct layouts pretty much *reek* of Microsoft COM when used with a detached vtable (such as if the implementation is loaded from a COM object file). The fact that specific vtable entries aren't mangled is also strong evidence of it being Microsoft COM (since there is no need to mangle vtable entries of a COM object due to type information already being known in the COM object). If it looks like COM, smells like COM, and acts like COM, then it's probably COM. It certainly isn't some new programming language like Kaspersky says. That's just the dumbest thing I've heard this year. William ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ I think William just told everyone...again. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The Mystery of the Duqu Framework
On Tue, Mar 20, 2012 at 12:50 AM, Sanguinarious Rose sanguiner...@occultusterra.com wrote: Here let me re-quote my email for *prosperity* I don't think that word means what you think it means. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The Mystery of the Duqu Framework
On Tue, 20 Mar 2012 01:38:52 BST, Mario Vilas said: On Tue, Mar 20, 2012 at 12:50 AM, Sanguinarious Rose sanguiner...@occultusterra.com wrote: Here let me re-quote my email for *prosperity* I don't think that word means what you think it means. No, it means what Sang said - sholuld be able to parley that I guessed it before any of the Kaspersky crew into a nice job offer eventually. :) pgp89E2obwu0t.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The Mystery of the Duqu Framework
I think EVERYONE said it was a C implementation + something to get it to C. The interesting part that they glossed over, was the randomness in how arguments were passed. They specifically left that part out of the solved analysis. Just my 2 cents. On Mon, Mar 19, 2012 at 8:59 PM, valdis.kletni...@vt.edu wrote: On Tue, 20 Mar 2012 01:38:52 BST, Mario Vilas said: On Tue, Mar 20, 2012 at 12:50 AM, Sanguinarious Rose sanguiner...@occultusterra.com wrote: Here let me re-quote my email for *prosperity* I don't think that word means what you think it means. No, it means what Sang said - sholuld be able to parley that I guessed it before any of the Kaspersky crew into a nice job offer eventually. :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
