Core Security Technologies has launched an iPhone debugger for native iPhone processes and libraries. Here’s the email sent out to the Securityfocus mailing lists:

———- Forwarded message ———-
From: Nicolas A. Economou <lists@corest.com>
Date: Tue, Jun 17, 2008 at 6:09 PM
Subject: iPhoneDbg Toolkit
To: pen-test@securityfocus.com, full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, focus-apple@securityfocus.com

Hello!

We are proud to announce the release of the iPhoneDbg Toolkit, an effort towards iPhone exploit development.

You can find it here:
http://oss.coresecurity.com/projects/iphonedbg.html.

- What is the iPhoneDbg Toolkit?

This set of tools will enable you to delve into iPhone Binary Reversing.

* The iPhone Debugger allows you to debug running or newly-created native processes inside iPhone (iphonedbg).
* The Library Loader Patcher will allow to debug iPhone libraries (dyld_patcher).
* You can also build a tunnel from your PC to your iPhone through USB (iphone_tunnel.exe).

Thanks!
Nicolas (*)

Open Source Software
Core Security Technologies

—–
(*) I am a semi-senior exploit writer at Core Security Technologies. I’ve being working in computer security for 3 years and I am specialized in Windows exploits, mostly, and the development of exploit writing tools. I also developed some exploits for Linux and MacOS X.

Damac Properties, the “largest private real estate developers in Middle East”, saw their customer database go up for sale on eBay UK for £750. This was confirmed by Damac who have since launched an investigation in to the matter.

The seller, “dubaigoods1” appears to be persistent about selling as many copies of the database; the item was reposted on eBay as “DUBAI PROPERTY/DEVELOPER INVESTOR DATABASE” without mention of Damac Properties, after the original item was removed by eBay. The below screenshot was taken a few minutes ago:

(more…)

As the Mars Lander vehicle touched down on Mars last Sunday in search for signs of life, back home on Earth the news took down the Phoenix Mars Mission website earlier today after it was compromised and led visitors to an external website.

It was the blogs section of the website that was compromised as it was vulnerable to Injection flaws that led the hacker “VITAL” adding a main blog entry as shown below:

(more…)

Canadian wireless device company, Research in Motion (RIM), maker of the popular Blackberry handheld communication device, has finally broken the silence surrounding Indian Government’ demands to handover the “keys” to decrypt secure email communications.

RIM claims that it not possible to handover the decryption keys and claims setting up a local datacenter would serve no purpose given the end-to-end security deployed in its solution. RIM further declared that its solution architecture is designed in a way that does not allow any third party including RIM to read the email data under any circumstances. (more…)

Personal information of almost half the national population of Chile was leaked on the Internet at about 1:30 AM CLT on Saturday, May 10th.

The names, addresses, academic and social status information along with other details were uploaded to the popular file-sharing website, rapidshare.com and a Chilean file sharing site, compartelo.cl. The download links to three files were posted on the public forums on FayerWayer.com, the popular Chilean technology blog.

The information is reportedly obtained from Government bodies: the Dirección General de Movilización Nacional (Directorate of National Mobilization) – DGMN, the Servicio Electoral (Electoral Service) – SERVEL, the Ministry of Education – Mineduc. It also contains over 2 million telephone records for 849 cities in Chile

According to the conservative Chilean news agency, El Mercurio, police are still investigating the leaked information to confirm the hacker’s claims.

(more…)