Monday, February 24, 2014

Even the longest night won't last forever

140224 blog



Even the longest night won´t last forever, says a song from Prime Time, Alan Parson’s Live
Project. Maybe, but for many the world-scale Whatsapp fail, last Saturday, took forever. Everyone was commenting on social media, or its closest circles. After four hours, everything came back to “normality”.


While most users showed discomforting because of being unable to send messages, and some people went humor way (“I’ve discovered there are people at home, they say to be my family”, or things like that), inquisitive users went further: would there be anything else, i.e. massive hacker assault? Said and done, 40 minutes before the restoring of the service, specialized blog Cyber War Zone echoed various hacker groups claiming on Facebook to be responsible for the service failure. Of course, they started the post with an “Unconfirmed”.



Not confirmed, nor denied, is what the company itself has done, in the news three days before, because of the greatest tech deal in years, $19 billion acquisition by Facebook. In a “get it off my chest” exerciseits CEO Jan Koum has apologized because of the greatest failure in years, and has blamed a router. Huge responsibility for this router, really.

Anyway, security suspicions were justified, since  issues about this matter have been reported recently. Go no further, among acquisition and failure news, *Security Affairs noted one of the biggest Whatsapp’s lacks, referred to pinning certificates*. Perhaps unaware users should not think about it, but if you say them that this lack lets anyone reading their messages, via MITM attack, they should be changing their mind.

Like “Peter and the Wolf” story, wolf never comes until nobody expects him. It should depend on from whom the advices come. A former Apple’s security executive, working in the company until a month ago, has severely bitten the Applewith a post about the serious security hole already known as Gotofail. Really outspoken in her almost offensive post, the expert has thrown expressions like “Fix that sh*t”. You may read the story at Forbes, where it is also explained that this bug spreads like wildfire to e-mail, Twitter, iMessage, Facetime and other services.

Aware enough? Sure? If iMessage is a legitimate Apple’s service, what would you think if anyone proposes you to taste iBanking? Well... Stop! It is not Apple. It is Malware as a Service (MaaS), a really dangerous banking trojan at the same level of well-known Zeus or Carbert, RSA researchers have told. Be minded where you click. First wall it´s you.

---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

0 comments:

Post a Comment