Thanks to my coworker "The Cooler" I was pointed to an interesting little hack on the iPhone. Apparently it is possible to bypass the authentication on the locked screen with a few nifty button touches. I don't have an iPhone of my own, so I can't personally verify this issue.
------------------------------
2.0.2 gives almost full access to the iPhone even while under password protection...
Steps to Reproduce
Set iPhone to use passcode lock, have contacts marked as Favorites with links, phone numbers, addresses, etc in address book entry.
Tap "Emergency Call" keypad from passcode entry screen.
Double-tap home button.
Tap blue arrow next to contact's name. You now have full access to applications such as Safari, complete Contacts list, SMS, Maps, "full" Phone access, and Mail by accessing various entries on the Favorite's page, i.e. tapping their home page brings up a full, unrestricted Safari.
------------------------------
The thread detailing the specifics can be found at The Forums @ macrumors.com. While I'd like to say I'm shocked and amazed, after working with Windows Mobile 6 and a number of vulns in that platform, I'm going to instead say... "Yeah.. I figured". Nice find.
mjxg pointed me at this nifty Python cheat sheet. I had been avoiding learning another scripting language due to the fact that I had everything I really needed already stubbed out in perl. Last week I was forced to use it for some quick code and was reasonably impressed. Other than the annoyances of mandatory white space (yik) and a lack of reasonable block commenting (supposedly ### works, but I learned that too late), I felt that Python was indeed fairly straight forward to use. Anyhow, here is the cheat sheet for your long term use.
Credit to Matt Harrison @ http://panela.blog-city.com
The Race to Zero results are in. And the winner was a group of three consultants from iMandiant Security. While I've only read a single report of the results, it sounds like the Mandiant guys really had their stuff together and used a combination of custom packing code and manual modification of binaries. They may not have been the quickest team to complete the race, but they were the most detail oriented and were able to pass all ten challenges presented to them. Kudos go to these guys and their hard work.
If you recall from a previous blog post, I suggested a "simple" idea of creating a "new" packing routine and simply using that to modify and thus pass the AV checks in the race. Well it turns out the fastest team to compete did exactly that. Team "retem" from the security firm Damballa, finished the contest in 2 hours and 25 minutes making them the fastest team in the competition. They were able to pass 7 of the 10 challenges using their custom packing solution.
"You can take any malware sample and pack it with an original packer, go to VirusTotal and get zero of 32 detections," [Paul Royal of Damballa] said.
I'm still not sure of the why of this competition, however it appears as if some good may be coming from it. If the end result is that companies and the general public don't rely on AV as a silver bullet, then maybe there was indeed a silver lining to the event. I doubt it's going to get the AV industry to attempt to work any harder at creating new methods of detection (they presumably are already researching new techniques as hard as they financially can), but if a single organization stops relying on AV as a sole layer of security, then the effort has been worthwhile.
