Read an article here.
Thought I would share with our small community considering my previous article about Apple security or a lack thereof.
Sounds like a standard Evil Twin Wireless Access Point, though I significantly doubt it would be something that simple. Will be digging around for more information.
If anyone has information they'd like to share on what the flaw could be, please enlighten us. I would personally love to know what it is.
ghost_
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
Forum Thread:
How to Hack School Website
11
Replies
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
38
Replies
Forum Thread:
Hacking with Ip Only Part [1] { by : Mohamed Ahmed }
5
Replies
How To:
Find Passwords in Exposed Log Files with Google Dorks
How To:
Dox Anyone
How To:
Exploit EternalBlue on Windows Server with Metasploit
How To:
Brute-Force FTP Credentials & Get Server Access
How To:
Make Your Own Bad USB
How To:
Gain Complete Control of Any Android Phone with the AhMyth RAT
How To:
Perform a Large-Scale Network Security Audit with OpenVAS's GSA
Hack Like a Pro:
How to Hack Facebook (Same-Origin Policy)
How To:
Crack SSH Private Key Passwords with John the Ripper
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
How To:
Hack Apache Tomcat via Malicious WAR File Upload
How To:
Scan Websites for Interesting Directories & Files with Gobuster
How To:
Set Up a Wi-Fi Spy Camera with an ESP32-CAM
How To:
Exploit Shellshock on a Web Server Using Metasploit
How To:
Find Anyone's Private Phone Number Using Facebook
How To:
Conduct a Pentest Like a Pro in 6 Phases
Hack Like a Pro:
How to Build Your Own Exploits, Part 1 (Introduction to Buffer Overflows)
Oops:
Some Security Doors Can Be "Picked" with Canned Air
How To:
Scan for Vulnerabilities on Any Website Using Nikto
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
5 Responses
Really, it sounds more like a standard Mitm to me, the attacker is just sniffing the packets as they go over the network and apples SSL module hasn't been checking things past the first handshake. (At a guess)
While this isn't specifically SSL's fault, I guess it adds weight to the calls that SSL is due for an overhaul.
It's also interesting to note that facebook had a very similar problem for ages, (not sure if its even fixed) where you could capture peoples session tokens over a shared connection.
EX1S7:
Ah yes, good point there; didn't think of an mitm attack. I know someone locally who has an iPhone, I wonder if I can convince them to allow me to test various scenarios.
It'll likely be a no, but doesn't hurt to ask, I suppose.
ghost_
It would seem that theres nothing triggered on their end anyway..... lol
Hopefully its the apple rep you;ve mentioned previously. He might learn something about security if you tell him his facebook password :)
Also, while we're on the subject, if you have a rooted droid, check out dsploit. google dsploit, the URL wont work to link on here for some reason
EX1S7:
Ha ha, no it isn't the Apple rep. Though, I should just do it anyway so he'll learn not to spread misinformation.
Thanks for that information, dsploit looks like a lot of fun. I personally own an iPhone 4. I prefer the iPhones, sue me. But I do have a Windows phone lying around; been thinking of jailbreaking it to install Backtrack.
ghost_
Share Your Thoughts