[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] DEF CON 19 - hackers get hacked!



<-- got pwned

I spent 90% of the time with my Windows (I like koolaid. deal with it) laptop 
on a 4g My-Fi up in my room, and had my droid 2 global on 3G most of the time.

Saturday-ish, I noticed alot of "hey, what's your password again?", and said 
"NO YOU" to most of them, but didn't really have a sense that they were suspect 
until I read this thread.

Saturday around noon I got this email in my gmail inbox... FROM "MYSELF".

"""
Hello, Eric. I have your laptop, and it won't let me log off your account. I 
was wondering if you could tell me? Anytime I go on to my account, it always 
directs me to yours. Do you mind informing me on how to log off your account 
for good? I have no intention of hacking or sabotaging your account. Thank you,
  Aislyn

P.S. I fixed your laptop. I believe you left it at the dump.
"""

I promptly responded with something along the lines of, "Describe my 
laptop...... and go ________ yourself", closed all existing google sessions, 
changed my password a few times, and enabled 2 factor authentication.

The only ongoing issue I've noticed is my feeling of regret that whoever sent 
the email will never be able to respond my reply. :-(





On Wed, 10 Aug 2011 14:17:25 -0400, coderman <coderman@xxxxxxxxx> wrote:

> lots of misunderstanding...
>
> On Wed, Aug 10, 2011 at 2:21 AM, coderman <coderman@xxxxxxxxx> wrote:
>> ... some characteristics:
>>
>> - full active MitM against CDMA and 4G connections from Rio to carriers.
>
> 802.16/ClearWire/Sprint4G
>
> did not have LTE to test with.
>
>
>
>> how to tell if you *MAY HAVE* met the beast at Rio:
>> ..
>
> of course many of these seem innocuous or unrelated. that's the point
> and why attacking via these methods was effective.
>
> there are situations where signal and link would be bad just given
> congestion and noise floor.
>
> however i am speaking to particular effects when the MitM was taking
> over a connection from target to the carrier and redirecting through
> itself. this was done in a manner that causes some effects described.
>
>
>
> sorry media, no inquiries. i bet you can find people to talk to; try
> reddit and twitter:
>   
> http://www.reddit.com/r/netsec/comments/jeis7/full_disclosure_def_con_19_hackers_get_hacked/
>   http://twitter.com/?q=defcon+cdma#!/search
>   http://twitter.com/#!/search/defcon%204G
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


-- 
Eric McCann
    University of Massachusetts, Lowell
    Department of Computer Science
    One University Avenue
    Olsen Hall, Room 304
    Lowell, MA  01854
Lab:               978.934.3385
Email:           emccann@xxxxxxxxxx
Homepage (lab):  www.cs.uml.edu/robots
Homepage:        www.emccann.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/