But then the people behind it don’t care about security. How Hackers Broke WhatsApp With Just a Phone Call.
A new Financial Times report alleges that the notorious Israeli spy firm NSO Group developed a WhatsApp exploit that could inject malware onto targeted phones—and steal data from them—simply by calling them. The targets didn’t need to pick up to be infected, and the calls often left no trace on the phone’s log.
Apparently the latest patch fixes some of the problem, and they are “doing infrastructure upgrades” to also address the issue. But WhatsApp is all about convenience. And convenience is in many ways the enemy of security.
“This does indeed sound like a freak incident, but at the heart of it seems to be a buffer overflow problem that is unfortunately not too uncommon these days,” says Bjoern Rupp, CEO of the German secure communication firm CryptoPhone. “Security never was WhatsApp’s primary design objective, which means WhatsApp has to rely on complex VoIP stacks that are known for having vulnerabilities.”
They bad guys are targeting high-profile dissidents and political activists. So probably bad-states.
It couldn’t happen to a more deserving organization. Facebook hit with three privacy investigations in a single day.
- Ireland launched a GDPR investigation for the “hundreds of millions” of users who had their passwords stored in plaintext.
- Canada is upset over the 600,000 Canadian citizens who had their data vacuumed up and used in the Cambridge Analytica insanity
- And the 1.5 million users who had their contact lists stolen was too much for the Attorney General of New York.
“It is time Facebook is held accountable for how it handles consumers’ personal information,” said [NY Attorney General Letitia] James in a statement. “Facebook has repeatedly demonstrated a lack of respect for consumers’ information while at the same time profiting from mining that data.”
They are evil and must be destroyed. Plaintext passwords, and stealing contact information is inexcusable.
I am even more convinced that F*c*book is evil and must be destroyed. Facebook says it ‘unintentionally uploaded’ 1.5 million people’s email contacts without their consent.
These 2 things are really all you need to know.
- A security researcher recently noticed Facebook was asking some new users to provide their email passwords when they signed up — a move widely condemned by security experts.
- Business Insider then discovered that if you entered your email password, a message popped up saying it was “importing” your contacts without asking for permission first.
They didn’t mean to do this, really. That was never their intent. They LOVE privacy, and Zuckerberg *spit* wants to ‘rebrand’ as a privacy organization. Good luck with that.
When F*c*book screws up, they don’t do it in small measures. Facebook: we logged 100x more Instagram plaintext passwords than we thought.
Millions of users, not tens-of-thousands of users were impacted.
The social networking behemoth admitted that it had been logging some passwords in plaintext, saving a record of exactly what your password was, character by character, rather than just keeping a cryptographic hash used for verifying that your password was correct.
This is Data Security 101. It may be Programming 101. Not logging passwords in plaintext, has been around for a very long time. Measured in decades long-time. But given the F*c*book doesn’t care the least little bit about privacy or your security, what the hell do they care?
Facebook is evil and must be destroyed.
The more things change, the more F*c*book doesn’t give a crap. A Year Later, Cybercrime Groups Still Rampant on Facebook.
So a year ago Brian Krebs (Krebs on Security) searched F*c*book to find groups concentrating on cybercrime. He reported the groups with mixed results, then threatened to publish, and action ensued. A year later, not much has changed.
Researchers at Cisco Talos discovered the groups using the same sophisticated methods I employed last year — running a search on Facebook.com for terms unambiguously tied to fraud, such as “spam” and “phishing.” Talos said most of the groups were less than a year old, and that Facebook deleted the groups after being notified by Cisco.
Talos also re-confirmed my findings that Facebook still generally ignores individual abuse reports about groups that supposedly violate its ‘community standards,’ which specifically forbid the types of activity espoused by the groups that Talos flagged.
Talos also found “limited action” by F*c*book until they talked about publishing.
Facebook deleted all offending groups after researchers told Facebook’s security team they were going to publish their findings. This is precisely what I experienced a year ago.
This just reinforces my belief that F*c*book doesn’t care about security or privacy or fraud or misuse of your data in anyway. They do have a financial interest in the USE of your data. They wouldn’t want to lock it down too much, they might not make as much money. Selling your info. Whether you want them to or not.
Because the Left hates the First Amendment to the Constitution. Facebook blocks Trump’s social media chief: ‘Why are you silencing me?’.
Of course the Left also doesn’t like the 2nd, or the 9th or the 10th, Limited powers, etc.
Dan Scavino Jr. said on Facebook that his page was blocked without notice.
“AMAZING. WHY ARE YOU STOPPING ME from replying to comments followers have left me – on my own Facebook Page!!?? People have the right to know. Why are you silencing me??? Please LMK! Thanks,” he wrote today.
You know there is a reason we have antitrust laws.
F*c*book hates privacy. Why would they worry about yours? Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years.
How do you get Hundreds of Millions of passwords stored in plaintext?
Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. That’s according to a senior Facebook employee who is familiar with the investigation and who spoke on condition of anonymity
Because security reviews? We don’t need that at F*c*book! </sarcasm>
There is “no indication” that the people who violated one the most basic principles of security did anything nefarious. Sure, they are all good guys harvesting PWs. No credential-stuffing by these guys.