The plan all along was to use one of my own phones. Those are the four I listed (OK, two belong to my kids, but same difference).
I had the same fears using driftnet (hello, Connecticut substitute teacher situation?). Sounds neat, but I have no desire to spend the next 3-4 years fighting that sort of charge. I also thought about demonstrating the dangers of FB, but a quick search on openbook.org shows that the either my kid's school is boring, not on FB, or the online safety classes are working. I seriously doubt many of them are tweeting, so twitpic or similar may not impact them either (and those open up driftnet problems as well). Well, I'll look around for some old phones.... maybe I'll find an older model that the hack works on. Craig L Bowser ____________________________ This email is measured by size. Bits and bytes may have settled during transport. On Mon, Mar 14, 2011 at 1:17 PM, Josh More <[email protected]> wrote: > I think that you should seriously consider the possibility of finding > things that you do not wish to find. As you are dealing with minors the > penalties that we all face when doing something "cool" are going to be > higher. > > Driftnet could result in displaying certain images to a group of kids that, > if it occurred, could be rather unfortunate for you personally. If your > bluetooth attack finds stuff you are in a tricky reporting scenario. > > I think that the game idea is the best one, but don't run it on some random > kid's phone. Instead, do it on your own kid's phone (or get a parent or > teacher to volunteer their own kid). > > -Josh More > > > On Mon, Mar 14, 2011 at 10:18 AM, Bill Swearingen <[email protected]>wrote: > >> dude.. >> >> Dont do the bluetooth stuff, go with Driftnet. >> >> Always a winner with crowds, and shows why free wifi is scrrrrrzy! >> >> >> On Mon, Mar 14, 2011 at 9:08 AM, Robin Wood <[email protected]> wrote: >> >>> On 14 March 2011 11:44, craig bowser <[email protected]> wrote: >>> > >>> > So, I'm giving a talk at my son's school for career day. My talk is >>> mostly >>> > on the IA/Infosec career, but I thought I would do a quick simple >>> bluetooth >>> > hack to cut into the drone of person after person yapping up front. >>> These >>> > are 6-8th graders... attention span is limited. I know, I have two. >>> > >>> > Anyway, I've been trying to get bluenarfer and bluebugger to work to >>> either >>> > pull out an address book or dial a phone number. However, I can't seem >>> to >>> > get it working. When any connection is made, the phone asks for a pin >>> or >>> > asks if I want to allow a connection. I would like the hack to work >>> without >>> > interaction from the user of the phone. >>> > >>> > With bluesnarfer I get: >>> > >>> > >>> > root@Joshua:/media/disk/files/ >>> > bluesnarfer# ./bluesnarfer -r 1-100 -C 1 -b 00:11:22:33:44:55 >>> > device name: Craig >>> > ^Cbluesnarfer: release rfcomm ok >>> > >>> > >>> > I control-C out after a while because bluesnarfer waits and waits, I'm >>> > guessing waiting for the phone to accept the connection. >>> > >>> > With bluebugger I get: >>> > >>> > root@Joshua:/media/disk/files/bluebugger/bluebugger-0.1# ./bluebugger >>> -m >>> > Craig -c 1 -a 00:11:22:33:44:55 info >>> > >>> > bluebugger 0.1 ( MaJoMu | www.codito.de ) >>> > ----------------------------------------- >>> > >>> > Target Device: '00:11:22:33:44:55' >>> > Target Name: 'Craig' >>> > >>> > Mobile Identification >>> > --------------------- >>> > >>> > ...done >>> > >>> > >>> > but no data. >>> > >>> > I tried: >>> > >>> > root@Joshua:/media/disk/files/bluebugger/bluebugger-0.1# ./bluebugger >>> -m >>> > Craigc 1 -a 00:11:22:33:44:55 dial 7xxxxxxxxx >>> > >>> > bluebugger 0.1 ( MaJoMu | www.codito.de ) >>> > ----------------------------------------- >>> > >>> > Target Device: '00:11:22:33:44:55' >>> > Target Name: 'Craig' >>> > >>> > Dialing '7xxxxxxxx' ....call to '7xxxxxxxx' should be active now >>> > >>> > Press <enter> to abort bluetooth connection >>> > * shows 'cancel call too?'-popup on Nokia 6310i) >>> > >>> > but nothing actually dialed. >>> > >>> > The phones I've been trying are: >>> > >>> > HTC Droid Incredible >>> > LG Cosmos >>> > Samsung Intensity >>> > Palm Centro >>> > >>> > I've been doing this on my Ubuntu 10.04 box, but I am definitely open >>> to a >>> > bootable backtrack CD or other bootable iso. >>> > >>> > Any suggestions? Can I somehow pass it the pin or several pins? >>> > >>> > Thanks >>> > >>> > >>> > Craig L Bowser >>> >>> There is no way I'd try this without permission, you could get >>> yourself into all sorts of trouble. >>> >>> Probably best get a dummy phone, ask someone to put a contact in it >>> then show them how you can get that. >>> >>> Robin >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
