Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Pauldotcom Digest, Vol 24, Issue 14
From: Jake Johnstone <jakejohnstone () hotmail com>
Date: Thu, 16 Sep 2010 14:50:48 +0100


Android: pattern security lock vs. 4 characters PIN from a security side

The android patern lock or gesture lock as i call it is vulnerable to attack as mentioned by Anthony Miracle but the 
lock can also be very easily removed on rooted devices. It is viable that if the attacker had access to the phojne they 
could root the device and remove the lock to gain entry. I believe the lock could also be vulnerable to a cracking 
attack vector by hashing the key file with representing gestures into a list and matching against it. 

You may want to check out my blog post about it here http://sud0x3.net/2010/03/remove-the-gesture-lock-on-the-android/


From: pauldotcom-request () mail pauldotcom com
Subject: Pauldotcom Digest, Vol 24, Issue 14
To: pauldotcom () mail pauldotcom com
Date: Thu, 16 Sep 2010 12:00:02 +0000

Send Pauldotcom mailing list submissions to
      pauldotcom () mail pauldotcom com

To subscribe or unsubscribe via the World Wide Web, visit
      http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
or, via email, send a message with subject or body 'help' to
      pauldotcom-request () mail pauldotcom com

You can reach the person managing the list at
      pauldotcom-owner () mail pauldotcom com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Pauldotcom digest..."


Thank you for subscribing to the PaulDotCom Mailing list digest.  Please visit our site, http://pauldotcom.com, for 
more hacking entertainment.

Today's Topics:

   1. Re: Office password recovery/removal (k41zen Me)
   2. Re: Android: pattern security lock vs. 4 characters PIN from
      a security side (Anthony Miracle)
   3. What am I missing? (k41zen Me)


----------------------------------------------------------------------

Message: 1
Date: Wed, 15 Sep 2010 15:46:45 +0100
From: k41zen Me <k41zen () me com>
Subject: Re: [Pauldotcom] Office password recovery/removal
To: PaulDotCom Security Weekly Mailing List
      <pauldotcom () mail pauldotcom com>
Message-ID: <981E2E1E-0328-4598-9750-202902A514FA () me com>
Content-Type: text/plain; charset=us-ascii

So went with the recommended app from Elcomsoft and it did a great job. Took less than a second to
obtain the users .pst password.

Thanks to everyone.


On 11 Sep 2010, at 17:50, Tyler Robinson wrote:

I will second elcomsoft had good results with them.

All,

Can you recommend any good Office password recovery/removal apps for Windows and Linux? My immediate requirement 
is to either recover or remove one from an Outlook 2003 .pst file.

Grateful for suggestions.

k41zen
Super Hero Squad
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



------------------------------

Message: 2
Date: Wed, 15 Sep 2010 10:44:55 -0400
From: Anthony Miracle <ronin7 () calima7 net>
Subject: Re: [Pauldotcom] Android: pattern security lock vs. 4
      characters PIN from a security side
To: PaulDotCom Security Weekly Mailing List
      <pauldotcom () mail pauldotcom com>
Message-ID:
      <AANLkTi=cDKTVCzZ0aPmq+cv37Eza+B-FOzZyKdJUwLL8 () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

As others have mentioned, it's often easy to figure it out from the marks
left on the screen if you don't clean it often.

Additionally, as a small experiment, I set a fairly complicated pattern and
asked a co-worker to watch me quickly enter it once. He was able to
duplicate the pattern on his first try. I did not have it set to display the
pattern, he was just watching my finger. In my opinion, it's just easier to
observe and memorize a pattern than it is to observe and memorize several
rapidly typed numbers on these phones.

---
Anthony Miracle (sequel7)



On Tue, Sep 14, 2010 at 14:27, Sven Aluoor <aluoor () gmail com> wrote:

Hi folks

Is "pattern security lock" more secure than a strong 4 characters PIN
(I used it on iPhone)? Is the Android implementation vulnerable?

cheers Sven
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100915/9c940aa2/attachment.html 

------------------------------

Message: 3
Date: Wed, 15 Sep 2010 18:29:23 +0100
From: k41zen Me <k41zen () me com>
Subject: [Pauldotcom] What am I missing?
To: PaulDotCom Security Weekly Mailing List
      <pauldotcom () mail pauldotcom com>
Message-ID: <4EA0854A-6FAD-4857-A0AB-C15F9963FB42 () me com>
Content-Type: text/plain; charset=us-ascii

So I'm in the UK. I've got tonnes of RSS feeds and am on a few very informative mailing lists - heck I even
jump in and out of Twitter every now and again to try to keep up-to-date.

Imagine my surprise (Vorstedt voice from Leathal Weapon 2) then when I was driving to work listening 
to the latest PDC when it mentions UpSpolit. Here is an awesome service set-up and supported by numerous English
blokes and a US podcast is introducing it to me! I'm sitting there on the M25 thinking how the hell 
did I miss that? Was it a closely kept secret?

So what did I miss? What am I not reading? What am I not listening to? What tweets am I not being...erm...twatted 
with?

k41zen


------------------------------

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom


End of Pauldotcom Digest, Vol 24, Issue 14
******************************************
                                          
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
  • Re: Pauldotcom Digest, Vol 24, Issue 14 Jake Johnstone (Sep 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]