Security Leftovers (Back Doors in WhatsApp/Facebook and Microsoft Windows)
-
The eight security backdoors that helped kill faith in security
With the news of WhatsApp's backdoor granting Facebook and government agencies access to user messages, fears over users' privacy issues are sure to be at an all-time high for WhatsApp's 1 billion users.
Backdoors in computing equipment are the stuff of legend. A decade ago a security expert informed me with absolute certainty that a prominent non-US networking company had designed them into its products for years as a matter of course as if nobody much cared about this fact. Long before the average citizen had heard the letters NSA, it struck me at the time as extraordinary suggestion. It was almost as if the deliberate compromise of an important piece of network equipment was a harmless novelty.
-
Reported “backdoor” in WhatsApp is in fact a feature, defenders say
The Guardian roiled security professionals everywhere on Friday when it published an article claiming a backdoor in Facebook's WhatsApp messaging service allows attackers to intercept and read encrypted messages. It's not a backdoor—at least as that term is defined by most security experts. Most would probably agree it's not even a vulnerability. Rather, it's a limitation in what cryptography can do in an app that caters to more than 1 billion users.
At issue is the way WhatsApp behaves when an end user's encryption key changes. By default, the app will use the new key to encrypt messages without ever informing the sender of the change. By enabling a security setting, users can configure WhatsApp to notify the sender that a recently transmitted message used a new key.
Critics of Friday's Guardian post, and most encryption practitioners, argue such behavior is common in encryption apps and often a necessary requirement. Among other things, it lets existing WhatsApp users who buy a new phone continue an ongoing conversation thread.
-
Security flaw leaves WhatsApp messages susceptible to man-in-the-middle attacks
FLAWS in the way that WhatsApp deals with encryption keys leaves users wide open to man-in-the-middle attacks, enabling third-parties to tap their communications.
The flaw has been described as a "security back door" by The Guardian and privacy campaigners (not unlike the back doors that governments of various stripes have been trying to mandate on all internet communications by law), but more sobre voices have described it as a minor bug and criticised The Guardian for going OTT.
Nor is it new. Vulnerabilities in key handling were first discovered by German computer scientist Tobias Boelter in April 2016.
The security flaw relates to situations where encryption keys are dropped and have to be re-issued and re-sent. In certain circumstances, a third-party could exploit the bug to persuade the app to resend messages because the authenticity of re-issued keys is not verified in WhatsApp by default.
-
There's No Security Backdoor in WhatsApp, Despite Reports
This morning, the Guardian published a story with an alarming headline: “WhatsApp backdoor allows snooping on encrypted messages.” If true, this would have massive implications for the security and privacy of WhatsApp’s one-billion-plus users. Fortunately, there’s no backdoor in WhatsApp, and according to Alec Muffett, an experienced security researcher who spoke to Gizmodo, the Guardian’s story is “major league fuckwittage.”
-
WhatsApp vulnerability allows snooping on encrypted messages
A security vulnerability that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service.
Facebook claims that no one can intercept WhatsApp messages, not even the company and its staff, ensuring privacy for its billion-plus users. But new research shows that the company could in fact read messages due to the way WhatsApp has implemented its end-to-end encryption protocol.
-
Hacker group Shadow Brokers retires, dumps more code as parting gift
The Shadow Brokers claimed to have held even more valuable cyber tools in reserve and offered to sell them to the highest bidder in an unorthodox public auction. On Thursday, they said their sales effort had been unsuccessful and were therefore ceasing operations. “So long, farewell peoples. The Shadow Brokers is going dark, making exit,” the group said according to a screenshot of the webpage posted Thursday on the news website CyberScoop.
-
Suspected NSA tool hackers dump more cyberweapons in farewell
The hacking group that stole cyberweapons suspected to be from the U.S. National Security Agency is signing off -- but not before releasing another arsenal of tools that appear designed to spy on Windows systems.
-
Shadow Brokers announce retirement, leak NSA Windows Hacking tools as parting gift
-
The Shadow Brokers Leaves the Stage with a Gift of So-Called NSA-Sourced Hacking Tools
-
Shadow Brokers group bids adieu, dumps hacking tools before going silent
-
'It Always Being About Bitcoins': Shadow Brokers Retire
-
Hacking Group 'ShadowBrokers' Release NSA Exploits, Then Go Dark
- Login or register to post comments
- Printer-friendly version
- 2089 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago