…because no one can afford to write professional quality software and then give it away for free.
Friday, October 9, 2009
Friday, October 2, 2009
This is pretty clever. Dude rigged up some Asterisk dial plan to kick off nmap against an IP that you punch in, separated by pounds.
What would be really fun would be to make one of these publicly available, maybe even by 800 number, then make a note of all the IPs that people think are worthy of being scanned. Could be someone’s already found a host they think is more exposed than it should be.
You may have seen cell phone charging stations at airports. They take your money and have adapters for a lot of different phone times. Stick your money in, plug in your phone and get it charged during your layover.
This got me thinking - a lot of phones, particularly smart phones, are going to USB cable charging. This makes sense since they’ve got cameras, play MP3s, and any number of mobile device functions. These functions generate and consume a lot of data that’s got to come from somewhere and has to be backed up. Since USB does data transfer and does power it’s a natural fit.
Those charging stations provide power but don’t do data transfer. But what if they did? Would you notice? You plug in your phone and leave it plugged in for twenty minutes, how much data could it transfer? Most USB data devices expose them selves as simple read/write mass storage. A charging station could slurp up a lot of data in twenty minutes, especially if it knew where to look based on device type which could be determined through probing. It would be even quicker to drop a small piece of malware on the phone.
I’m not just about pointing out potential problems, I’m also about solutions. One could conceivably have a USB condom. This would be a USB coupler that will allow power to pass through and potentially could have enough smarts to probe the device plugged into it so that the device thinks it’s plugged into a computer. I’ve heard of devices that will only accept power when they’re plugged into a computer.
Keep this in mind. If your phone is low, might not be a good idea to plug it into a foreign port. That charging station or helpful stranger might not be as well-intentioned as it seems. Even if they are they might have been compromised such that they are unwitting participating in the compromise of your handheld device.