Pulse of Truth

1086 readers

12 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth@infosec.pub

How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes (www.wired.com)

submitted 2 weeks ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub

4 comments fedilink hide all child comments

The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration.

top 4 comments

sorted by: hot top controversial new old

[–] krogoth@infosec.pub 7 points 2 weeks ago (1 children)

«When they loaded this URL, the server responded with a Java heap dump, which is a roughly 150-MB file containing a snapshot of the server’s memory at the moment the URL was loaded.»

Comedy gold, the whole article…

[–] raltoid@lemmy.world 1 points 2 weeks ago

Client side md5 password hashing, JSP, having public facing links to dump the heap due to default configuration..

Either this was made by someone who took a programming course twenty years ago and haven't touched it since. Or it was intentionally made to be insecure.

[–] LadyMeow@lemmy.blahaj.zone 1 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

What the….? Why use a knockoff? Signal is free…

[–] Chronographs@lemmy.zip 5 points 2 weeks ago

Because they want to archive their messages assumedly, and because they’re clownishly incompetent of course