This is an interesting research.
Sunday, October 23, 2016
Massive attack against Dyn
Last week’s DDoS attacks against Dyn are being reported everywhere.
If I had to guess, though, I don't think it's China. I think it's more likely related to the DDoS attacks against a person than the probing attacks against the Internet infrastructure, despite how prescient that attack seems right now. And, I’m sure China is not going to launch a preemptive attack on the Internet.
Friday, October 7, 2016
MIM Attact Is That Possible WhatsApp ?
Forbes is reporting that the Israeli cyberweapons arms manufacturer Wintego has a man-in-the-middle exploit against WhatsApp.
It's a weird story. I'm not sure how they do it, but something doesn't sound right.
It's a weird story. I'm not sure how they do it, but something doesn't sound right.
Another possibility is that CatchApp is malware thrust onto a device over Wi-Fi that specifically targets WhatsApp. But it's almost certain the product cannot crack the latest standard of WhatsApp cryptography, said Matthew Green, a cryptography expert and assistant professor at the Johns Hopkins Information Security Institute. Green, who has been impressed by the quality of the Signal code, added: "They would have to defeat both the encryption to and from the server and the end-to-end Signal encryption. That does not seem feasible at all, even with a Wi-Fi access point.
"I would bet mundanely the password stuff is just plain phishing. You go to some site, it asks for your Google account, you type it in without looking closely at the address bar.
"But the WhatsApp stuff manifestly should not be vulnerable like that. Interesting."
Neither WhatsApp nor the crypto whizz behind Signal, Moxie Marlinspike, were happy to comment unless more specific details were revealed about the tool's capability. Either Wintego is embellishing what its real capability is, or it has a set of exploits that the rest of the world doesn't yet know about.
Subscribe to:
Posts (Atom)