ashleyknowles » flaw http://www.ashleyknowles.net IT professional, Formula 1 addict, security/hacking enthusiast, I love LAMP Tue, 07 Feb 2012 01:17:09 +0000 en hourly 1 http://wordpress.org/?v=3.2.1 iPhone Lock Screen Security Flaw http://www.ashleyknowles.net/2010/10/iphone-lock-screen-security-flaw/ http://www.ashleyknowles.net/2010/10/iphone-lock-screen-security-flaw/#comments Tue, 26 Oct 2010 02:07:53 +0000 Ashley Knowles http://www.ashleyknowles.net/?p=452 wired.com posted an article moments ago with a funny little flaw, allowing you to bypass the “lock code” configured on an iPhone.

The discovery by some Brazilian dude (read the article here – www.wired.com/threatlevel/2010/10/iphone-snoop/), notes the following procedure:

1. Press the emergency call buton
2. Dial ###
3. Push the call button, and immediately hit the “lock” button (power button, whatever you want to call the button on top of the phone)

This launches the “phone” application, allowing you to see recent call history, contacts, and the ability to call any number you want.

Pressing the home key doesn’t work in this mode, so you can’t get much further then that, but it’s an interesting security flaw!

]]> http://www.ashleyknowles.net/2010/10/iphone-lock-screen-security-flaw/feed/ 0 Exchange 2003 SMTP DATA command bug http://www.ashleyknowles.net/2009/10/exchange-2003-smtp-data-command-bug/ http://www.ashleyknowles.net/2009/10/exchange-2003-smtp-data-command-bug/#comments Wed, 14 Oct 2009 23:14:33 +0000 Ashley Knowles http://www.ashleyknowles.net/?p=75 This is an extract from a log file I’m looking at right now for an Exchange 2003 SMTP service… I sure as hell hope there’s just a patch missing, otherwise, this could be one NASTY bug. It appears as if the DATA section of the SMTP session has been escaped, possibly by inclusion of the escape sequence used by SMTP to exit the DATA block, thus tacking the rest of the email straight to the SMTP service for processing… Anyone who knows anything about SMTP should be able to see the implications of this… And hopefully, I’m not just making an ass of myself :P

13:13:30 124.61.182.49 EHLO – 250
13:13:30 124.61.182.49 MAIL – 250
13:13:30 124.61.182.49 RCPT – 250
13:13:32 124.61.182.49 DATA – 250
13:13:32 124.61.182.49 so – 500
13:13:32 124.61.182.49 ——=_nextpart_000_0007_01ca4ccf.fc799c50 – 500
13:13:32 124.61.182.49 content-type: – 500
13:13:32 124.61.182.49 charset=”iso-8859-1″ – 500
13:13:32 124.61.182.49 content-transfer-encoding: – 500
13:13:32 124.61.182.49 <!doctype – 500
13:13:32 124.61.182.49 <html><head> – 500
13:13:32 124.61.182.49 <meta – 500
13:13:32 124.61.182.49 > – 500
13:13:32 124.61.182.49 <meta – 500
13:13:32 124.61.182.49 <style></style> – 500
13:13:32 124.61.182.49 </head> – 500
13:13:32 124.61.182.49 <body> – 500
13:13:32 124.61.182.49 <html> – 500
13:13:32 124.61.182.49 <head> – 500
13:13:32 124.61.182.49 <title></title> – 500
13:13:32 124.61.182.49 </head> – 500
13:13:32 124.61.182.49 <body – 500
13:13:32 124.61.182.49 “> – 500
13:13:32 124.61.182.49 <table – 500
13:13:32 124.61.182.49 <tr> – 500
13:13:32 124.61.182.49 <td> – 500
13:13:32 124.61.182.49 <center><a – 500
13:13:32 124.61.182.49 QUIT – 240

]]> http://www.ashleyknowles.net/2009/10/exchange-2003-smtp-data-command-bug/feed/ 0