One of my favorite projects last year, I have to confess, was rooting the Motorola Defy. It came bundled with all kinds of crazy software that tries to force the owner to link their email accounts and data into “Blur”, Facebook, Gmail, yada, yada before you can even power on and use the phone for the first time. Instead, I shut it down, connected it to my computer and fifteen minutes later I had Cyanogenmod running on a beautiful new machine.

Liberating the phone felt like going to the gym and in no time turning 40 pounds of fat into pure muscle…a bit like what installing Linux used to feel like.

I wasn’t going to mention my joy tinkering with the Motorola. It felt like a Rubik’s cube solution story. I mean taking it over for fun to install a more open system seemed like what you’re supposed to do with one (for real phone use I’m still loving my N9).

Michael Coppola drives that point home in a beautifully written and well documented case of how much joy he found in finding a simple file permission change to root the Samsung Infuse, and how you can do it too.

The interesting thing here is that the .wmdrm directory is also 0777, so we have full control over its contents. Let’s create a symlink to /data where sample.hds is supposed to be and reboot…Success!

[…]

A one-click root script for Linux is available here: http://www.poppopret.org/dl/Infuse4G-root.tgz . If this exploit works for other phones, contact me and I’ll update the post.

On the one hand we could say Samsung should have caught such a simple, known issue. Their security review is suspect. On the other hand, it is so obvious it could be argued they must have put it in place to be found by those who are curious and want to get the most out of their hardware. Rooting a phone is not illegal in most cases, as stated by the U.S. Congress.

…where circumvention is accomplished for the sole purpose of enabling interoperability of such applications, when they have been lawfully obtained, with computer programs on the telephone handset.

All that being said, if you’re not into playing games, the N9 just gives you a radio button for root access.

Alan Renouf has posted a PowerShell Module and a video with instructions on how to install and use it for VMware vShield. He shows clearly how to easily assess and report on current settings (i.e. “Get-vShieldSecurityGroup | Select -ExpandProperty Member”) as well as modify them.

Now I had the Rest API details I knew I could easily write some PowerShell code in the form of an advanced function to work with the API, the first piece of code I wrote was a generic function which allowed me to GET, PUT, DELETE and POST to a Restful API. I know PowerShell v3 will include cmdlets for this but I didn’t want to wait or add a dependency on something which wasn’t available as yet.

With this completed the rest of the advanced functions were easily created, it was just a case of sending the correct parameter to my function and the correct URL and my results would be returned.

vShield PowerShell Module from Alan Renouf on Vimeo.

Visa released to the public just a couple weeks ago a report on common vulnerabilities found in U.S. Small Merchants. Not exactly a short list. The could have at least put it in order of the PCI DSS Requirements:

• SQL injection
• Misconfigured web applications
• Lack of segmentation between cardholder data environment
• No firewall configuration
• Insecure remote management access
• Use of RDP/Terminal services on internal network
• Packet sniffers
• Keyloggers
• Backdoors
• Excessive permissions
• Use of shared, default credentials or common passwords
• Administrative accounts not protected
• Databases not hardened
• Unauthorized user ability to modify applications (troubleshoot, capture full track data, use risky protocols)
• Reliance on 3rd party service providers for POS installation and management

The report also details the U.S. Contact/Contactless Acceleration Plan and the 2012 “PCI validation relief for merchants that adopt dual-interface terminals”.