Thread: Ppc Viruses Are Coming!!!!
View Single Post
  #15 (permalink)  
Old 10-21-2008, 07:34 PM
Aniken's Avatar
Aniken
N00b
Offline
Location: Blacklick, Ohio
  
Join Date: Aug 2007
Posts: 44
Reputation: 55
Aniken is becoming a great contributor
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Send a message via Yahoo to Aniken
Re: Ppc Viruses Are Coming!!!!
I would definitely agree that for the most part... some posters are among the smartest using a PPC.
However, I think you missed the entire point of my post. Although your PC, my PC or most any PC running a decent AV would ultimately block or remove a virus, you have to agree that any data loss on a your PPC, well maybe not yours, would not be warmly received. I too can find articles that disagree with your post. Hence the following....Please remember your not always right.

A Simple Sync Can 'Sink' Your PC

Researchers release proof-of-concept for attack on Windows' ActiveSync 4.0

SEPTEMBER 30, 2008 | Careful when you sync your mobile handset with your PC: Researchers have found a way to hack their way into a PC that runs Microsoft’s ActiveSync 4.0.

White Wolf Security has released proof-of-concept code called ActiveSink that demonstrates how an attacker could use ActiveSync 4.0 to hack into a PC via an attached Windows Mobile device. “The vulnerability is that all an attacker needs to do is plug in a Windows Mobile device to a PC with ActiveSync installed -- in its default mode -- and the mobile device will establish a direct TCP/IP connection to the host PC. This happens whether or not the users account is locked,” says Seth Fogie, chief security officer at White Wolf Security and vice president of Airscanner Corp. “Once the connection is established, then it is a matter of penetration testing and exploitation.”

Fogie says it’s basically yet another method of bypassing a firewall. He contacted Microsoft about the vulnerability over a month ago, and was told someone would get back with him, but so far, no word.

At the heart of the problem is the so-called Remote Network Driver Interface Specification (RNDIS) Microsoft added to version 4.0 of the syncing application, which basically opens the door for an attacker, according to White Wolf’s research.

Fogie describes AppSink this way: It creates a user account on the targeted system and establishes a “reverse-shell” on it and back to the Windows Mobile device. The attacker would plug his Windows Mobile device into the targeted system and “tuck it behind” it, Fogie says, and use tools like Metasploit or Wireshark to hack into the machine wirelessly via the mobile device. Once it found the vulnerable elements, it could then exploit them or add a new account on the victim’s PC to access data on the machine, he says.

This isn’t the first sync vulnerability discovered, but previous ones mostly have been man-in-the-middle or spoofing attacks, Fogie says. This one just goes after ActiveSync 4.0’s operations. “It only takes one vulnerable PC to actively sink your network's security — even if that PC is kept offline and/or behind a corporate firewall,”
Reply With Quote