Kioptrix

–RIM Stands Firm in Face of Governments’ Demands for Monitoring
Capabilities
(August 3, 4 & 5, 2010)
Saudi Arabia has ordered mobile service providers in that country
to stop service to Blackberry devices as of August 5 because the
practices of Blackberry’s parent company, Research in Motion (RIM),
do not comply with Saudi Arabia’s regulations.  A RIM executive said
the company would not bow to governmental pressure, and that allowing
governments to access BlackBerry communications could damage its
relationship with other customers.  Earlier this week, the United Arab
Emirates (UAE) announced that due to security concerns, BlackBerry
services would be blocked there as of October 11 unless the issues
get ironed out.  Indonesia is also pushing for RIM to allow government
monitoring of communications.  The country wants Rim to put a server
in Indonesia so it can monitor domestic communications.  RIM processes
and stores BlackBerry data on servers in Canada.  RIM co-CEO Michael
Lazaridis said, “Everything on the Internet is encrypted.  This is
not a BlackBerry-only issue.  If they can’t deal with the Internet,
they should shut it off.”
http://www.computerworld.com/s/article/9180145/BlackBerry_maker_to_UAE_Saudis_No_3rd_party_can_access_encrypted_data_not_even_us?taxonomyId=17
http://www.nytimes.com/2010/08/04/technology/04rim.html?_r=1&partner=rss&emc=rss
http://money.cnn.com/2010/08/03/technology/Saudi_halts_BlackBerry_service.cnnw/index.htm
http://www.computerworld.com/s/article/9180182/Indonesia_presses_RIM_over_its_BlackBerry_service?taxonomyId=17
http://news.cnet.com/8301-1035_3-20012749-94.html

(August 5, 2010)
Apple will fix a security flaw in the newest iPhone software that can
be exploited to access information stored on the device.  The exploit
could work by tricking users into visiting a website that contains a
specially crafted PDF file.  The vulnerability gained wide attention
when it was used to jailbreak the devices, which allows owners to
install applications that have not been approved by Apple.  The fix
has been developed and will be released “in an upcoming software
update.”
http://www.google.com/hostednews/ap/article/ALeqM5iXD8OCoV6E5l__hjy2Rj_1ikmwUAD9HDHNEG0
http://www.bloomberg.com/news/2010-08-05/apple-develops-fix-for-iphone-flaw-that-allowed-attackers-to-read-e-mails.html

I’ve been away from this blog for a while now, with good reason.  Been hammering at Offensive-Security’s CTP course for the last month and a bit.  Although my official results aren’t in, the experience was incredible.  The PWB course showed just how broken the Internet is, CTP only solidified that reality for me.

CTP is geared towards learning, and thinking in a whole different way (as opposed to PWB).   From start to finish, one needs to use his brain.  Think outside the box, and sometimes construct a new ones…  As with anything, difficulty is relative to one’s personal knowledge.

As far as certifications and training goes, nothing beats the hands on approach in my opinion.  Offsec once again delivers.  Not to put down the “multiple choice” exams out there (I also hold several of those), but material retention is greater when one needs to actually “do” rather then check choice “A”.

In the end, pass or fail, I’m closer to my goal… Know as much as I can.

Offensive Security’s How String Is Your Fu hacking event is now open for registration.
A 48 hour hacking event with all proceeds going for Hacker For Charity.
It’s for a good cause, and if you are not aware of this charity I strongly suggest you visit the above link and check it out.

It’s on 49$ USD and you’ll be going up against a very difficult network. If you don’t have the time, or feel your skills are not up
to the task. It’s ok, you can still donate a few bucks which will help out Johnny Long.

Have fun.

Well, I wrote this nice little article about taking an exploit and re-writing it as a MSF module.  Unfortunately, it’s really hard to import Word 2010 files to WordPress.  So easier for everyone if I just make it into a PDF file and made available for download.

It’s a very basic look at the process; Hope you enjoy it.. here it is.