Robert Hensing's Blog

Software Security . . . and stuff.

Bluehat - favorite quote && H.D., Metasploit and the iPhone

Bluehat - favorite quote && H.D., Metasploit and the iPhone

  • Comments 0
  • Likes

http://www.infoworld.com/article/07/10/02/Security-researchers-look-beyond-Vista_1.html

Halvar: One well-known researcher who goes by the name Halvar Flake called Vista "arguably the most secure closed-source OS available on the market," in a blog post about BlueHat. "As a result I think that most of the security researchers will move on to greener pastures for a while. Why try to chase a difficult overflow out of Vista when you have Acrobat Reader installed, some antivirus software with shoddy file parsing, and the latest iTunes?"

Amen brother . . . Apple releases iTunes updates like . . . every week yet there's rarely new features between releases - I wonder why that is? :)

Speaking of Apple . . . did ya hear that the iPhones run everything as root? :)

http://www.eweek.com/article2/0,1895,2191373,00.asp

I am of course referring to H.D.'s interest in pwning the iPhone: http://blog.metasploit.com/2007/09/root-shell-in-my-pocket-and-maybe-yours.html
Metasploit is well on its way to fully supporting the iPhone with its vast library of shellcode and exploits and offsets.  It's very nice to see the security researchers taking such an interest in the product. :)  If I were Apple - I'd take note of the mention about the Office file format support built in to the phone . . . I'd start fuzzing Office documents and opening them using the converters built-in to the phone like . . . yesterday.  Of course one would think that given today's security environment they would have fuzzed the snot out of Safari and the various wireless stacks - but that doesn't seem to have happened given the types of bugs fixed in the recent iPhone security update.

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment