For the non-programmers/hackers it might be a little difficult to understand, but D1DN0T has written an excellent walk-through for a penetration test of a service which is running on OSX. This write-up is good because it shows some of the common problems that occur during debugging and some of the methods of investigating ways around them. This seems like a trivial exploit to create although I'm sure that much more time and effort went into putting the exploit together than is explained in the text.
While there are a lot of new posts regarding the new ways to exploit people using novel techniques and 0day exploits, there continues to be a rash of tried and true methods of coercion. I want to just walk through a simple example and reflect on how effective these methods continue to be. Many people turn toward online classified sites to buy and sell items online. This example starts with kijiji.ca which even I've used on occasion to find used electronics and other items. Doing a search on the site for a " Samsung Galaxy Note 2 " returns a posting from today with someone selling one for an unreasonably priced unit. $125 for a $500 phone?, but what if it's for real? No harm in just asking some simple questions. Email sent with some obvious questions regarding the condition and location. About an hour passes before I get a response from what appears to be a legit seller. Notice no answer to the questions I asked, but a friendly pointer at where th
Comments