Wireless hack,Wifi hack & security

A logic bomb allegedly planted by a former engineer at mortgage finance company Fannie Mae last fall would have decimated all 4,000 servers at the company, causing millions of dollars in damage and shutting down Fannie Mae for a least a week, prosecutors say.

Unix engineer Rajendrasinh Babubha Makwana, 35, was indicted (.pdf) Tuesday in federal court in Maryland on a single count of computer sabotage for allegedly writing and planting the malicious code on Oct. 24, the day he was fired from his job. The malware had been set to detonate at 9:00 a.m. on Jan. 31, but was instead discovered by another engineer five days after it was planted, according to court records.

Makwana, an Indian national, was a consultant who worked full time on-site at Fannie Mae’s massive data center in Urbana, Maryland, for three years. full story

UPDATE: Fixed in less than 2 hours: clap clap!

Get it while it’s hot! Pierre Gardenat submitted a very interesting reflective cross-site scripting vulnerability affecting the login page of Google Sites.

This could be used for example to steal accounts, but don’t worry, it will probably be fixed very quickly by Google, just like the last times
poc mirror

but the fix for google xss error might have made google act weird

searching gmail at google website search pic
google showing gmail as spyware website error pic
let hope google fix this soon ASAP

Wireless access points could be used by hi-tech criminals to spread viruses and worms, warn US researchers.

Security holes and the popularity of the devices in cities makes them ideal for spreading malware, they found. Using modelling methods from real diseases the team showed how a worm could gradually infect all access points in urban areas. They found that the majority of vulnerable access points would be hit in the first 24 hours of an outbreak.

Password cracking

The simulation work showed that within two weeks of an outbreak occurring 55% of wi-fi access points would be compromised. In urban areas this could mean tens of thousands of people were at risk, said the researchers.  Continue

Discovery of the Tempest:
Another recently unclassified NSA document: Jeffrey Friedman, “TEMPEST: A Signal Problem,” NSA Cryptologic Spectrum, Summer 1972.[ pdf ]

So if you are a fan of the iPhone and have it all configured & syncd  to your Exchange server, I want to pass a word of caution to you.

Firstly, you SHOULD be locking your iPhone with a PIN. Not doing so makes it easy for anyone to look at your emails, contacts and calendar. It’s another layer of defense which costs you nothing. Please use it.

However, I am sad to report that even if you do use it, the current PIN security in iPhone 2.0.2 is flawed. If you have used the “Favorites” feature in the phone, it is possible to break into the phone.

Here are the steps to do so:

1. Press the Home button to wake up the iPhone.
2. Slide to unlock
3. Click the “Emergency Call” button on the bottom left
4. Press the “Home” button two times fast. Your Favorites list will show up.
5. Click on the “>” circle of a contact that has an email address tied to it
6. Hit the email address to create a new email.
7. “Cancel” the new email.
8. You are now in the users Exchange mailbox, without knowing their PIN to unlock the phone.

This seems like a pretty interesting attack vector. I would have never expected the Emergency mode in an iPhone to be used so easily in this way.

Apple is aware of the security hole, and this will be circling around the Internet shortly. So keep those iPhones close until an update is available!!

UPDATE: Vlad reminded me to mention that if you DO lose your iPhone… make sure you wipe it. Ahhh the powers of Exchange!!! Thanks for the tip Vlad.

As promised, the iphone-dev team has released yellowsn0w. You can install/uninstall via Cydia. It works fine with the latest firmware too. This sentence is filler.

3G Unlock creator says

We have been working hard on a few other things. The main one being the 3G unlock codenamed “yellowsn0w”. This is now completed and is currently being packaged into a user-friendly application with the simplicity that you see in QuickPwn or BootNeuter.

We specifically restrict the commercial use of our software, and yellowsn0w is included in these restrictions. This dodgy geezer is selling our software to you at a bargain £19.99 he says:-

“We can now fully unlock the iPhone 3G for use on any GSM network for just £19.99 DIY (£49.99 in-store at either London or Birmingham) – just in time for the release of the iPhone 3G PAYG in the UK (available from Carphone Warehouse and o2).”

Jody’s “software” contains our code and also copyrighted code from elsewhere. All you need is free and outlined here . What he is doing just isn’t cool.

If you are in Birmingham or London then if you could find out any information about Jody Sanders at “iph*neunl*ckuk” we’d be very appreciative.

Also if there are any UK based lawyers or student lawyers that could help us with this, then please contact us at blog@iphone-dev.org of course student lawyers can’t give us specific legal advice, but even your informal opinion helps.

Seems like even though Jody claims he doesn’t offer our software, he is offering his “own software” (that is fact just QuickPwn with some edits, also forbidden) and also claims (in relation to yellowsn0w) -