crp Posted December 25, 2013 Share Posted December 25, 2013 http://gibsonsec.org/snapchat/fulldisclosure/ Anyone got SnapChat-Bombed yet? if the 3B rumor was true, the bullet was definitely dodged. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted December 25, 2013 Share Posted December 25, 2013 Never even heard of it till I read this post. I must not be part of the "in" crowd. I don't do FaceBook, or Twitter, or any of this stupid gnat's attention span carp. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted December 25, 2013 Share Posted December 25, 2013 Researchers publish Snapchat code allowing phone number matching after exploit disclosures ignored - ZDNet Hackers have made sure that popular photo sharing app Snapchat got a hearty lump of coal for Christmas. After having its security disclosure go ignored since August, Gibson Security has published Snapchat's previously undocumented developer hooks (API) and code for two exploits that allow mass matching of phone numbers with names and mass creation of bogus accounts. The Australian hackers announced its publication of Snapchat's API and the two exploits on the GibSec Twitter account on Christmas Eve — which by time difference is Christmas Day in Australia. Now anyone can build an exact clone of Snapchat's API and stalk the popular app's alleged 8 million users. Much more in the article! Quote Link to comment Share on other sites More sharing options...
crp Posted December 25, 2013 Author Share Posted December 25, 2013 Researchers publish Snapchat code allowing phone number matching after exploit disclosures ignored - ZDNet Much more in the article! heh,heh - I like that line " app's alleged 8 million users ". Quote Link to comment Share on other sites More sharing options...
siljaline Posted January 3, 2014 Share Posted January 3, 2014 Snapchat to offer security fix in the wake of leaked user data. Greyhats expose 4.5 million Snapchat phone numbers using “theoretical” hack Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted January 3, 2014 Share Posted January 3, 2014 From siljaline's second article: Greyhat hackers have published the partial phone numbers belonging to more than 4.5 million Snapchat users after exploiting a recently disclosed security weakness that officials of the service had described as theoretical. The database containing usernames and corresponding phone numbers for the majority of Snapchat users was posted to snapchatdb.info on the last day of 2013. Phone numbers published on the site were obscured by censoring the last two digits, but the anonymous people behind the posting said they might make the full version available privately. Within 24 hours, the site was no longer accessible, but much of the data can still be found in search engine caches and mirror servers. The data has also been incorporated into Have I Been Pwned, a whitehat service that helps people track whether their personal information has been leaked online. The Snapchat data has likely also been downloaded by less scrupulous hackers for use in phishing and social engineering scams. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted January 3, 2014 Share Posted January 3, 2014 (edited) And this from siljaline's first one from The Verge on offering security fix: Snapchat said today it would alter its app to make it harder for malicious users to collect and leak millions of usernames connected to phone numbers. The move comes after a group calling itself SnapchatDB rang in the New Year by leaking 4.6 million partially redacted phone numbers, in a stunt they said was designed to raise awareness about security flaws in Snapchat's app. ... Update: Gibson Security, the group which originally warned Snapchat about the vulnerability in August, has responded to Snapchat's blog post. Offended by Snapchat's response to to its efforts, GibSec points out that Snapchat doesn't actually claim that the vulnerability has fixed, and has yet to apologize to its users. Only harder? Not fix it completely? Edited January 3, 2014 by LilBambi Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted January 3, 2014 Share Posted January 3, 2014 GibSec response (linked above in siljaline's posting link to The Verge article and the update quoted above in my posting) to Snapchat's blog posting is pretty important, I think. Quote Link to comment Share on other sites More sharing options...
crp Posted January 3, 2014 Author Share Posted January 3, 2014 And this from siljaline's first one from The Verge on offering security fix: Only harder? Not fix it completely? I noticed that too. And how about the allegation that SnapChat is lying to advertisers about what it knows about its users? I think , if the rumors were true, a 3billion dollar bullet was dodged. Quote Link to comment Share on other sites More sharing options...
siljaline Posted January 3, 2014 Share Posted January 3, 2014 See article SnapChat Hack Can't speak to the allegation they did nothing - the did warn users the database had been hacked. Quote Link to comment Share on other sites More sharing options...
crp Posted January 21, 2014 Author Share Posted January 21, 2014 (edited) and what the flock is snap chat, exactly?? [please remember, temmu doesn't exist in this sub-modern era in which most live...] as i understand it, instead of texting one would take a photo with a device , app would load said photo to a server, server would delete said photo after 2 minutes (thereby supposedly removing all evidence of said photo).No, i don't get it either Edited January 21, 2014 by crp Quote Link to comment Share on other sites More sharing options...
ross549 Posted January 21, 2014 Share Posted January 21, 2014 Snapchat differs from other messaging apps in that the picture/message is delivered to the recipient's device where it can be viewed only once. Snapchat did change things slightly with a recent update where you can "replay" a picture, etc once a day or something like that. Adam Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted January 21, 2014 Share Posted January 21, 2014 Snapchat's expired snaps are not deleted, just hidden Forensic researcher Richard Hickman has discovered that Snapchatphotos on Android phones are merely hidden, not deleted, and are still available for retrieval with the right forensic software. He concluded that "metadata is stored for Snapchat images, as shown by the com.snapchat.android_preferences.xml file, and that it contains metadata about expired 'snaps' as well as unexpired 'snaps', and that images that are sent via Snapchat are indeed recoverable, and do not 'disappear forever'." ... Hickman first sent some photos via Snapchat and then, using AccessData's Forensic Toolkit version 4.0.2.33, checked to see if they remained on the device. He found the files with the simple suffix .nomedia appended. This, explains Paul Ducklin in NakedSecurity, "is a standard Android marker that says, 'Other apps should ignore this file. Do not index it, thumbnail it, add it to any galleries, or whatnot. Leave it to me'." Apps that obey the Android rules will do that. Forensic apps that do not obey the rules will not. "AccessData's Forensic Toolkit recognised the .nomedia extension that was appended to the end of the file name and ignored it, displaying the images," wrote Hickman. Well that's the end of the so called security of only viewing private images only once and supposedly they are gone after a few seconds, eh? Of course, Snapchat seems to think this is no problem at all...wouldn't that make you feel so much better about using their app for security of the images? And that they told the truth about them being gone? The reality is that it is notoriously difficult to remove data from mobile devices simply because of the way data is stored using the 'wear levelling' technique. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted January 21, 2014 Share Posted January 21, 2014 From Wikipedia's Snapchat article: Users set a time limit for how long recipients can view their Snaps (as of December 2013, the range is from 1 to 10 seconds),[6] after which they will be hidden from the recipient's device and deleted from Snapchat's servers. Quote Link to comment Share on other sites More sharing options...
ross549 Posted January 22, 2014 Share Posted January 22, 2014 Well that's the end of the so called security of only viewing private images only once and supposedly they are gone after a few seconds, eh? Of course, Snapchat seems to think this is no problem at all...wouldn't that make you feel so much better about using their app for security of the images? And that they told the truth about them being gone? In that case, it would be a trivial matter to simply change the app to delete the pictures from the device, rather than renaming it. Why did Snapchat do this? I have no idea, though it would seem they might be up to something fishy. I never understood the draw of snapchat, but that's just me. For some, it would seem to serve a purpose. In any case, I was in no way defending the company, only explaining how the app worked for those that did not know. Adam Quote Link to comment Share on other sites More sharing options...
siljaline Posted January 22, 2014 Share Posted January 22, 2014 Snapchat asks new users to prove they're not robotic spammers Following Snapchat's recent username leak and increases in "Snap spam,"the company today rolled out an interesting security measure to ensure that new users aren't spambots. Upon signing up for the first time, Snapchat now displays a unique challenge-response test that asks you to "find the ghost" in various pictures. If you pick the photos with ghosts, you pass, but if you pick other photos (as a robot might), the app won't allow you to sign up. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted January 22, 2014 Share Posted January 22, 2014 Now all they need to do is delete the pictures from their servers and the devices and they would be much more in line with what their users need under the circumstances. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted January 22, 2014 Share Posted January 22, 2014 Snapchat asks new users to prove they're not robotic spammers Will this work? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.