Gents, TEHTRI-Security was invited to give a talk called "Web In The Middle, Attacking Clients", at the first Hack In The Box Europe, Amsterdam ( http://conference.hackinthebox.org/hitbsecconf2010ams/ ). During our talk, we released multiple advisories and we explained many issues related to some vulnerabilities. You can find more public information through the slides available online. Here are some related details that we wanted to share with you through this mailing list : o CVE-2010-1752: TEHTRI-Security inside the iPhone iOS4 TEHTRI-Security found a stack overflow in CFNetwork API, through the code used to handle URL. By visiting a maliciously crafted website, we found that it might lead to an unexpected application termination or arbitrary code execution. This issue has been addressed by Apple through improved memory handling. CFNetwork is shared by most applications from the App Store, that need to talk over the web. Check the User-Agent of your applications to be sure (example: Facebook/3.12 *CFNetwork/459* Darwin/10.0.0d3 ). Update to iOS4 to improve your security. More information here: CVE-2010-1752 in http://support.apple.com/kb/HT4225 o Security-Advisory: TEHTRI-SA-2010-028 - 0day on BlackBerry TEHTRI-Security found a security issue, and created a client-side attack 0day for BlackBerry cellphone devices (Hotspot Browser). The code was shared with RIM who handled this vulnerability quickly, so that a fix might be added in a future release. It allows an attacker to crash the remote web application. This was scored with a CVSS of 5. o Security-Advisory: TEHTRI-SA-2010-027 - 0day on HTC TEHTRI-Security found a security issue, and created a client-side attack 0day for HTC Windows Mobile cellphone devices (Opera). HTC was contacted. o Security-Advisory: TEHTRI-SA-2010-026 - 0day on iPad TEHTRI-Security found a security issue, and created a client-side attack 0day for the (awesome) iPad device. The code was shared with Apple who handled this vulnerability quickly, so that a fix might be added to a future release. A demo was done during our talk, without giving dangerous details to the attendees. It was only shown for attendees of HITB Europe. No further information will be shared to the public before Apple release a patch. o Security-Advisory: TEHTRI-SA-2010-026 - 0day on ThalysNet TEHTRI-Security found some security issues on Thalys European trains, with the Internet access on board. To us, many Internet access shared on airports, stations, trains, in-flights, hotels, etc, are full of security vulnerabilities, because no penetration test were organized with IT Security experts before the service is open to the public. Dealing with ThalysNet, it concerns half a million of end-users. ThalysNet was contacted. We also glanced at the differences related to the use of http and https on worldwide web services like hotmail, yahoo, twitter, facebook, linkedin, google mail, apple mobile me... A table on slide 32 might help beginners who would like to check the current situation. Dealing with https issues, as we said, we encourage you to have a look at initiatives like the one from the EFF: https://www.eff.org/https-everywhere Some of our security advisories were already covered by the local press from NL: http://www.tehtri-security.com/en/press.php The HITB crew have put slides of our conference on their web site: http://conference.hitb.org/hitbsecconf2010ams/materials/D1T1%20-%20Laurent%20Oudot%20-%20Web%20in%20the%20Middle.pdf If you want to get more details & technical secrets from TEHTRI-Security, feel free to join us "in real life" during our next trainings sessions & talks, or feel free to contact us for specific needs. We have public events planned next months (Asia, Europe). Check-out our public agenda here: http://www.tehtri-security.com/en/agenda.php See you soon. Thanks. Take care. Laurent Oudot, founder & CEO of TEHTRI-Security TEHTRI-Security, "This is not a game". http://www.tehtri-security.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/