Neutering the Apple Remote Desktop exploit

June 19, 2008 By 5 Comments


Yesterday, Slashdot reported a privilege escalation vulnerability in OSX. Using AppleScript you can tell the ARDAgent to execute arbitrary shell script. Since, ARDAgent is running as root, all child processes inherit root privleges. Intego points out that if the user has activated Apple Remote Desktop sharing the ARDAgent can’t be exploited in this fashion. So, the short term solution … Read the rest

Filed Under: macs hacks, security hacks Tagged With: , , , , , , ,

Wireless hacking with the OLPC XO

May 27, 2008 By 10 Comments


Not even a week ago we asked what we should do with our OLPC XO. InformIT’s [Seth Fogie] has written a great two part article that covers turning it into a hacker toolkit. Part one is an overview of the OLPC, how to upgrade it, and do some usability tweaks. Part two covers installing Nessus, Metasploit, and doing … Read the rest

Filed Under: wireless hacks Tagged With: , , , , ,

Phlashing denial of service attack, the new hype

May 20, 2008 By 10 Comments


Imagine how surprised we were to discover that by accidentally bricking our router we were executing a brand new attack: Phlashing Denial Of Service (PDOS). This week at EUSecWest, researcher [Rich Smith] will present the theoretical PDOS attack. Instead of taking over control of an embedded system, the attacker turns it into a nonfunctioning brick by flashing it … Read the rest

Filed Under: news Tagged With: , , , , , , , , , ,
Newer Posts »