Friday, December 16, 2016

Secrets you shouldn't share

The best of the week in Cyber Security

“I’m going to tell you a secret, but don’t tell anyone…”, that’s you starting a conversation with your best friend. That’s a mistake! The first thing that person is going to do is run to tell another. And that person to another and that one to another and another… We are not questioning the strength of your friendship, but seriously, if you don’t want something to be known, don’t tell, don’t write it down…

...And do not send it by private message on Facebook Messenger either. “But it’s protected by point-to-point encryption, like Whatsapp!”, you reply, very sure of yourself. What if we tell you that a researcher has found a bug that allows an attacker to access Facebook Messenger and get your photos, files and ‘private’ chats? This week Redes Zone informed about it on their website. They explain how the hacker exploits this vulnerability: by convincing he victim to click on a malicious link. 

Due to a bug, called Originull, the social network enables a few “subsites” of “.facebook.com” with poorly configured parameters. Something that the attacker takes advantage of and supplants the identity of the server with. That way, the hacker can stop the communication from being secure before you can pronounce the words “I can’t believe it!” out loud. Would you like to know how they do it? Cynet website has detailed information, including a demonstration video. Mark Zuckerberg’s company is aware of this vulnerability and his team is working to solve it as soon as possible.

Sometimes you have a secret and you are determined not to tell your best friend.  Neither by private chat nor face to face. But a breach of security plays a trick on you. Like the one that happened to the dating website for cheating on your partner, Ashley Madison, which exposed the personal data of 37 million users.

The latest news is that the case has reached a controversial outcome: the website owner has agreed to pay 1.57 million euros to settle charges from both federal and state investigations. And the fine was reduced by about 90% due to the “inability to pay”. Why would the owner want to end the investigation? It appears that the website didn’t comply with the necessary security measures to protect the confidential data and also inflated women profiles with bots. In addition, there are rumours about the company being aware of the existence of these data breaches.

By the way, if you were thinking of taking a provocative picture with your mobile and send it to your partner, or simply leave it in the image gallery, we remind you that there are trojans that can take the total control of your phone, as we told you on Wednesday on our post. 

You have a secret and need to tell someone. But you are afraid of your friend telling someone else or that someone will read your supposedly private chat. Stop and think twice, do you really need to share it?


Image Source: Free images

0 comments:

Post a Comment