Forwarded from Du Rove's Channel
In May, I predicted that backdoors in WhatsApp would keep getting discovered, and one serious security issue would follow another, as it did in the past [1]. This week a new backdoor was quietly found in WhatsApp [2]. Just like the previous WhatsApp backdoor and the one before it, this new backdoor made all data on your phone vulnerable to hackers and government agencies. All a hacker had to do was send you a video – and all your data was at the attacker’s mercy [3].
WhatsApp doesn’t only fail to protect your WhatsApp messages – this app is being consistently used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? Facebook has been part of surveillance programs long before it acquired WhatsApp [4][5]. It is naive to think the company would change its policies after the acquisition, which has been made even more obvious by the WhatsApp founder’s admission regarding the sale of WhatsApp to Facebook: “I sold my users’ privacy” [6].
Following the discovery of this week’s backdoor, Facebook tried to confuse the public by claiming they had no evidence that the backdoor had been exploited by hackers [7]. Of course, they have no such evidence – in order to obtain it, they would need to be able to analyze videos shared by WhatsApp users, and WhatsApp doesn’t permanently store video files on its servers (instead, it sends unencrypted messages and media of the vast majority of their users straight to Google’s and Apple’s servers [8]). So – nothing to analyze – “no evidence”. Convenient.
But rest assured, a security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users [9][10]. It was reported in September that the data obtained as a result of the exploitation of such WhatsApp backdoors will now be shared with other countries by US agencies [11][12].
Despite this ever-increasing evidence of WhatsApp being a honeypot for people that still trust Facebook in 2019, it might also be the case that WhatsApp just accidentally implements critical security vulnerabilities across all their apps every few months. I doubt that – Telegram, a similar app in its complexity, hasn’t had any issues of WhatsApp-level severity in the six years since its launch. It’s very unlikely that anyone can accidentally commit major security errors, conveniently suitable for surveillance, on a regular basis.
Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end-users is the same: unless you are cool with all your photos and messages becoming public one day, you should delete WhatsApp from your phone.
[1] – Why WhatsApp will never be secure
[2] – WhatsApp users urged to update app immediately over spying fears
[3] – WhatsApp Android and iOS users are now at risk from malicious video files
[4] – Everything you need to know about PRISM
[5] – NSA taps data from 9 major Net firms
[6] – WhatsApp co-founder Brian Acton: 'I sold my users' privacy'
[7] – Hackers can use a WhatsApp flaw in the way it handles video to take control of your phone
[8] – WhatsApp is storing unencrypted backup data on Google Drive
[9] – WhatsApp hack led to targeting of 100 journalists and dissidents
[10] – Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources
[11] – Police can access suspects’ Facebook and WhatsApp messages in deal with US
[12] – Facebook, WhatsApp Will Have to Share Messages With U.K.
WhatsApp doesn’t only fail to protect your WhatsApp messages – this app is being consistently used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? Facebook has been part of surveillance programs long before it acquired WhatsApp [4][5]. It is naive to think the company would change its policies after the acquisition, which has been made even more obvious by the WhatsApp founder’s admission regarding the sale of WhatsApp to Facebook: “I sold my users’ privacy” [6].
Following the discovery of this week’s backdoor, Facebook tried to confuse the public by claiming they had no evidence that the backdoor had been exploited by hackers [7]. Of course, they have no such evidence – in order to obtain it, they would need to be able to analyze videos shared by WhatsApp users, and WhatsApp doesn’t permanently store video files on its servers (instead, it sends unencrypted messages and media of the vast majority of their users straight to Google’s and Apple’s servers [8]). So – nothing to analyze – “no evidence”. Convenient.
But rest assured, a security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users [9][10]. It was reported in September that the data obtained as a result of the exploitation of such WhatsApp backdoors will now be shared with other countries by US agencies [11][12].
Despite this ever-increasing evidence of WhatsApp being a honeypot for people that still trust Facebook in 2019, it might also be the case that WhatsApp just accidentally implements critical security vulnerabilities across all their apps every few months. I doubt that – Telegram, a similar app in its complexity, hasn’t had any issues of WhatsApp-level severity in the six years since its launch. It’s very unlikely that anyone can accidentally commit major security errors, conveniently suitable for surveillance, on a regular basis.
Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end-users is the same: unless you are cool with all your photos and messages becoming public one day, you should delete WhatsApp from your phone.
[1] – Why WhatsApp will never be secure
[2] – WhatsApp users urged to update app immediately over spying fears
[3] – WhatsApp Android and iOS users are now at risk from malicious video files
[4] – Everything you need to know about PRISM
[5] – NSA taps data from 9 major Net firms
[6] – WhatsApp co-founder Brian Acton: 'I sold my users' privacy'
[7] – Hackers can use a WhatsApp flaw in the way it handles video to take control of your phone
[8] – WhatsApp is storing unencrypted backup data on Google Drive
[9] – WhatsApp hack led to targeting of 100 journalists and dissidents
[10] – Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources
[11] – Police can access suspects’ Facebook and WhatsApp messages in deal with US
[12] – Facebook, WhatsApp Will Have to Share Messages With U.K.
shadowsocksr-4.9.2-windows版.zip
1.4 MB
shadowsocksr-4.9.2-windows版
里面有 2.0 版和 4.0版,没有研究有什么区别;只需要运行其中一个就可以。
里面有 2.0 版和 4.0版,没有研究有什么区别;只需要运行其中一个就可以。
Forwarded from 安全上网,注意事项
This media is not supported in your browser
VIEW IN TELEGRAM
中国大陆手机号福利:快来解除电报Telegram 对 +86 中国大陆手机号注册账户的私聊限制吧!😁😁
向官方 @SpamBot 发送消息申请(跟着提示操作点击就行),最后一步手动输入“ accident ”即可,半小时左右之后即可解除限制。👍👍
记得关注【安全上网 注意事项】@anquanshangwang 本电报频道获取安全上网文章与软件,并且一起推荐转发给各群和朋友!🌷🌷🌷
向官方 @SpamBot 发送消息申请(跟着提示操作点击就行),最后一步手动输入“ accident ”即可,半小时左右之后即可解除限制。👍👍
记得关注【安全上网 注意事项】@anquanshangwang 本电报频道获取安全上网文章与软件,并且一起推荐转发给各群和朋友!🌷🌷🌷
Forwarded from 📡 HimalayaNews
Forwarded from 香港人 香港市 資訊安全情報👨🏻💻👩🏻💻💻📱
警告:Android 用戶請停止使用 Brave 瀏覽器
有消息指,3月份開始 Brave 公司與一家支那加密貨幣交易平台Binance 合作,於Brave 瀏覽器 監控搜索時某特定字眼而向用戶提供Binance 廣告。事件證明左一個瀏覽器可監控範圍之大及Brave 的不道得行為,手足應馬上抵制使用。即使一套軟件開放源碼,但當到達戶手上時我地無辦法確保程式 (compiled program) 是完全跟足開源程式碼或有否加上其他奇怪後門。現階段我們建議馬上停止使用Brave 瀏覽器並改用其他瀏覽器,例如Firefox/Chrome/Opera/Vivaldi。
reference:
- 消息新聞: https://davidgerard.co.uk/blockchain/2020/06/06/the-brave-web-browser-is-hijacking-links-and-inserting-affiliate-codes
- 相關源碼: https://github.com/brave/brave-core/commits/master
#全民資安 #科普 #抗爭日常 #Android
有消息指,3月份開始 Brave 公司與一家支那加密貨幣交易平台Binance 合作,於Brave 瀏覽器 監控搜索時某特定字眼而向用戶提供Binance 廣告。事件證明左一個瀏覽器可監控範圍之大及Brave 的不道得行為,手足應馬上抵制使用。即使一套軟件開放源碼,但當到達戶手上時我地無辦法確保程式 (compiled program) 是完全跟足開源程式碼或有否加上其他奇怪後門。現階段我們建議馬上停止使用Brave 瀏覽器並改用其他瀏覽器,例如Firefox/Chrome/Opera/Vivaldi。
reference:
- 消息新聞: https://davidgerard.co.uk/blockchain/2020/06/06/the-brave-web-browser-is-hijacking-links-and-inserting-affiliate-codes
- 相關源碼: https://github.com/brave/brave-core/commits/master
#全民資安 #科普 #抗爭日常 #Android
Attack of the 50 Foot Blockchain
The Brave web browser is hijacking links, and inserting affiliate codes
How does this keep happening? It is a mystery.
Forwarded from 安全上网,注意事项
Telegraph
预警!QQ会读取Chrome浏览器的历史记录
如何避免被朝廷监控,请点击关注【安全上网 注意事项】频道 @anquanshangwang QQ/TIM 存在读取 Chrome 系列浏览器历史记录行为:QQ/TIM 客户端会试图读取电脑里所有谷歌系浏览器的历史记录并提取链接,确认会中招的浏览器包括但不限于Chrome、Chromium、360极速、360安全、猎豹、2345等浏览器。今天看到群里有同学发了一篇v2ex上的帖子(https://www.v2ex.com/t/745030),说QQ会读取Chrome的历史记录,被火绒自定义规则拦截了,本来…
Forwarded from 安全上网,注意事项
突发:网易云升级程序读取电报Telegram 主程序!
国产软件窃取隐私、监控用户已经到了触目惊心的地步。消息来自https://www.v2ex.com/t/748704#reply0
另外请不要忘记点击关注【安全上网 注意事项】@anquanshangwang 本电报频道获取安全上网文章与软件,并且一起推荐转发给各群和朋友!
国产软件窃取隐私、监控用户已经到了触目惊心的地步。消息来自https://www.v2ex.com/t/748704#reply0
另外请不要忘记点击关注【安全上网 注意事项】@anquanshangwang 本电报频道获取安全上网文章与软件,并且一起推荐转发给各群和朋友!
Forwarded from 信息安全技术频道🔎
ProtonMail 迫于法律向瑞士政府提供用户信息
“气候青年“组织成员被指控从去年开始在法国从事非法活动,调查显示一些人使用 ProtonMail 来联系彼此,瑞士政府命令 ProtonMail 交出上述用户的 IP 地址,最终导致他们被捕。
有人质疑 ProtonMail 为何会拥有用户的 IP 地址,因为它宣传说它默认不记录 IP 地址。ProtonMail 创始人 Andy Yen 解释说,它只是在被瑞士当局依法强制要求后才开始记录特定用户的 IP 地址。
虽然 ProtonMail 承诺继续尽可能地对抗数据请求,但是网民对此仍有异议,因为它并没有真正豁免于瑞士法律。另一方面,它可能确实需要澄清其隐私条款的细枝末节。
信息安全技术频道🔎建议大家,使用邮箱服务的时候,最好全程连接代理(或 VPN),并使用邮件加密的方式来保障通信的安全。
#Protonmail #信息安全
“气候青年“组织成员被指控从去年开始在法国从事非法活动,调查显示一些人使用 ProtonMail 来联系彼此,瑞士政府命令 ProtonMail 交出上述用户的 IP 地址,最终导致他们被捕。
有人质疑 ProtonMail 为何会拥有用户的 IP 地址,因为它宣传说它默认不记录 IP 地址。ProtonMail 创始人 Andy Yen 解释说,它只是在被瑞士当局依法强制要求后才开始记录特定用户的 IP 地址。
虽然 ProtonMail 承诺继续尽可能地对抗数据请求,但是网民对此仍有异议,因为它并没有真正豁免于瑞士法律。另一方面,它可能确实需要澄清其隐私条款的细枝末节。
信息安全技术频道🔎建议大家,使用邮箱服务的时候,最好全程连接代理(或 VPN),并使用邮件加密的方式来保障通信的安全。
#Protonmail #信息安全
The account of the user that owns this channel has been inactive for the last 11 months. If it remains inactive in the next 10 days, that account will self-destruct and this channel may no longer have an owner.