AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/05/2020

WhatsApp now lets you post ephemeral messages, which disappear after 7 days

Facebook recently announced that WhatsApp passed the whopping milestone of 100 billion messages sent per day, but not everyone wants those chats to stick around forever. Now, Facebook’s wildly popular messaging app with 2 billion users is adding a feature to give people more control on how their words and pictures live within the app. From today, messages — including photos and videos — can now be marked to disappear after 7 days. The feature is being rolled out globally across Android and iOS starting today, WhatsApp said. While it’s starting with a 7 day lifespan, it is already looking at playing around with the time limits. “We will keep an eye on feedback about how people are using it and liking it and see if it needs adjusting in the future,” a spokesperson said. “For now we are starting with seven days, because it feels like a nice balance between the utility you need for global text based conversations and the feeling of things not sticking around forever.”

 

Two Charged in SIM Swapping, Vishing Scams

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K. Milleson, 21 of Timonium, Md. and 19-year-old Kingston, Pa. resident Kyell A. Bryan hijacked social media and bitcoin accounts using a mix of voice phishing or “vishing” attacks and “SIM swapping,” a form of fraud that involves bribing or tricking employees at mobile phone companies. Investigators allege the duo set up phishing websites that mimicked legitimate employee portals belonging to wireless providers, and then emailed and/or called employees at these providers in a bid to trick them into logging in at these fake portals.

 

Deloitte’s ‘Test your Hacker IQ’ site fails itself after exposing database user name, password in config file

A website created for global consultancy Deloitte to quiz people on knowledge of hacking tactics has proven itself vulnerable to hacking.

The site makes its YAML configuration file publicly accessible. And within the file, in cleartext, is the username and password for the site’s mySQL database. The site invites visitors to “Test Your Hacker IQ” by entering a username. It then poses a series of multiple choice questions about techniques employed by hackers to obtain corporate information. The quiz doesn’t cover the possibility of publicly exposed passwords. The blunder was spotted on Wednesday by Tillie Kottmann, a Switzerland-based IT consultant and developer who uses the handle “deletescape.” The website was taken down in Wednesday. Kottmann said, “Maybe it’s worth mentioning that a whole lot of sites, including some other bigger corporations have .git [repositories] exposed on various domains.”

 

23,600 hacked databases have leaked from a defunct ‘data breach index’ site

More than 23,000 hacked databases have been made available for download on several hacking forums and Telegram channels in what threat intel analysts are calling the biggest leak of its kind. The database collection is said to have originated from Cit0Day.in, a private service advertised on hacking forums to other cybercriminals. Cit0day operated by collecting hacked databases and then providing access to usernames, emails, addresses, and even cleartext passwords to other hackers for a daily or monthly fee. Cybercriminals would then use the site to identify possible passwords for targeted users and then attempt to breach their accounts at other, more high-profile sites. The idea behind the site isn’t unique, and Cit0Day could be considered a reincarnation of similar “data breach index” services such as LeakedSource and WeLeakInfo, both taken down by authorities in 2018 and 2020, respectively.

 

No, GitHub’s source code wasn’t hacked and posted on GitHub, says GitHub CEO

News of the supposed leak and posting came from a site called Resynth that linked to a Wayback Machine snapshot of a GitHub repo that purported to be the work of GitHub CEO Nat Friedman and was labelled “This is GitHub.com and GitHub Enterprise.” Resynth describes itself with the following tagline: “TypeScript developer; privacy advocate. Fighting until it’s right.” The post about the supposed leak is titled “What do Microsoft really think about open-source?” and did say the commit is a bit suss. It also recounted an argument that the software giant’s ownership of GitHub means it should walk the talk and make the site’s code open. “Some users, such as Drew DeVault, suggest Microsoft is attempting to centralise open-source,” the post said. “Through closed-source applications, and proprietary extensions to Git, GitHub is seen as a platform that tries to contain open-source. An example of this is when GitHub went offline for two hours, leaving thousands of open-source projects inaccessible and unusable.”

 

Maine voters double down on facial recognition ban in win for privacy

In a robust show of doubling down on privacy protections, voters in the Maine city passed a measure Tuesday replacing and strengthening an existing ban on city official’s use of facial recognition technology. While city employees were already prohibited from using the controversial tech, this new ban also gives residents the right to sue the city for violations and specifies monetary fines the city would have to pay out. The ACLU of Maine also highlighted a key aspect of the new ban. Specifically, evidence gathered through facial recognition tech is now inadmissible in court. 

Related Posts