Hacks

YellowFeather

iCloud, Snapchat, Dropbox, flipping TrueCrypt. I'm not too pushed about them, but how vulnerable is WhatsApp? I ask because somebody has managed to successfully hack my WhatsApp location feature (which I have reported). I think this happened before with WhatsApp and they patched it, but it is becoming apparent that there are genuine security issues surrounding cloud / storage / encryption tools, etc.

What are your thoughts on this? There has been an influx of hacking incidents recently, and, it seems to me that a lot of them are based around showing that they can hack vs balancing the risk of exposing themselves. So, it would stand to reason that there are hacks that are going on that we just don't hear about - either because they aren't on a large enough scale, or because they just aren't known about yet.

It's always been the fear that people's Google history could be published - whatever about their bank details! I am starting to question the safety of trusting any personal details digitally. Which sucks - 'cause I've always been a proponent of technology, and I've defended cloud to the end.

I'd be interested to know your thoughts.

AnonoBoy

I think the most important to realise when encrypting on or entrusting data to third party sites is that, and this will prevent anyone from ever being able to access it so listen carefully. What you must be able to do always but also must ensure that the third party site does as soon as you sign up is.....Hey everyone! Free hash browns in the canteen! WOOOOOHHH!!!

*runs out of office*

smash

YellowFeather wrote: »

I think this happened before with WhatsApp and they patched it, but it is becoming apparent that there are genuine security issues surrounding cloud / storage / encryption tools, etc.

What are your thoughts on this?

First thought: Whatsapp is for sending message, it's not a cloud storage solution.

YellowFeather

AnonoBoy wrote: »

I think the most important to realise when encrypting on or entrusting data to third party sites is that, and this will prevent anyone from ever being able to access it so listen carefully. What you must be able to do always but also must ensure that the third party site does as soon as you sign up is.....Hey everyone! Free hash browns in the canteen! WOOOOOHHH!!!

*runs out of office*

Ninja edit fecker.

Chance The Fapper

smash wrote: »

First thought: Whatsapp is for sending message, it's not a cloud storage solution.

The messages are stored in the cloud, and now that Facebook owns whatsapp you can be sure they're exploiting your data

YellowFeather

Chance The Fapper wrote: »

The messages are stored in the cloud, and blow that Facebook owns whatsapp you can be sure they're exploiting your data

Exactly.

I don't care much if they're exploiting my data. Sure, I probably needed to buy whatever their targeted advertising recommended anyway..

But I don't like the publishing online of personal account data. And I certainly don't like that there are, apparently, apps that will allow a lay person get details from the likes of WhatsApp which they shouldn't have access to.

I'm just a bit concerned about all this.

AstraOwner

Imagine the panic if Whatsapp was hacked and everybody's messages were uploaded to a searchable database. You could read your partners (friends, family members) every message. They could read yours. See every picture, every message you ever sent.


That'd be awkward.

Badly Drunk Boy

HR just sent us a warning this morning not to use the Slack cloud app because it's unauthorised by the company. I never even heard of it but wouldn't bothered anyway...

smash

Chance The Fapper wrote: »

The messages are stored in the cloud, and now that Facebook owns whatsapp you can be sure they're exploiting your data

The Cloud.... THE CLOUD.....

fecking buzzword, the 'cloud' is just a bunch of serves. Data has always been stored on servers! You worry about sending a message on what's app? Then just send a text message, phone someone, send a carrier pidgeon! :rolleyes:

The One Doctor

YellowFeather wrote: »

I've defended cloud to the end.

Don't bother. I worked for a huge cloud company for years - their cloud servers were always going down. Cloud software is always inherently untrustworthy. All it takes is a few terrorists or a large coronal mass ejection aimed at the Earth... and POOF, there goes all your data.

I don't store any critical information in the cloud.

Gran Hermano

Clouds are highly susceptible to leaks.
In the old days we called it precipitation.

The Backwards Man

My Granda once said to be,

'Listen here ya wee eejit (that was his pet name for me), never trust clouds or the Welsh'

I think that's good advice for everyone.

28064212

AstraOwner wrote: »

Imagine the panic if Whatsapp was hacked and everybody's messages were uploaded to a searchable database. You could read your partners (friends, family members) every message. They could read yours. See every picture, every message you ever sent.

Whatsapp don't store your conversations on their servers: https://www.whatsapp.com/faq/en/general/21197296

Of course, whether you trust what they say is up to you, but if you don't trust them with your messages, why are you using them in the first place?

Professey Chin

I has all your datas

KomradeBishop

Almost everything can be hacked. Very few things are totally secure.

Generally, it's just not profitable to make code secure - it actually costs a hell of lot of money to do it right, and even then, it will still be hackable.

There are a lot of online cloud services out there, that are just a few hacks away, from the privacy of all their users being breached completely.


Think of it this way: Exploits/hacks are basically caused by bugs in software - have you ever used a piece of software which does not have a bug? It's practically impossible to make code totally secure (especially since every program/bit-of-coding, is dependent on hundreds/thousands of other peoples/companies code as well, and it can't all be audited).

This isn't even getting into stuff, like disgruntled company employees selling cloud data for money (just look at how Edward Snowden, was able to siphon a huge amount of private/secure data, from the US government - luckily he was doing it for the public good, not for money).

My current programming job, is basically to find ways to exploit/hack and to secure games - so I know this area of stuff reasonably well, and am extremely cynical as a result (justifiably, as there is endless evidence/precedent, for justifying cynicism) - and in general, I've gotten pretty good at finding faults/holes/exploits in things; very useful for learning almost anything actually, for the perspective it gives you.

jacksie66

This post has been deleted.

One eyed Jack

YellowFeather wrote: »

Exactly.

I don't care much if they're exploiting my data. Sure, I probably needed to buy whatever their targeted advertising recommended anyway..

But I don't like the publishing online of personal account data. And I certainly don't like that there are, apparently, apps that will allow a lay person get details from the likes of WhatsApp which they shouldn't have access to.

I'm just a bit concerned about all this.

If this concerns you, can you imagine being tagged before you've even been born -

theguardian.com/technology/2014/oct/15/apple-facebook-offer-freeze-eggs-female-employees


"Womb selfies" will be the next big thing on social media, while these companies will retain the data for their own benefit. I'd actually be less worried about online services being hacked, and more worried about the sheer amount of personal information people are willingly giving up in order to avail of these online services.

I was watching the British show "The Apprentice" last night, and the lads team came up with a camera in a sweater that would take pictures and display them on a compatible device (phone, laptop, etc).

The pitch to an online retailer was already going disastrously when one apprentice admitted that he wouldn't wear the sweater in public, but it bombed altogether when another apprentice came out with something along the lines of "privacy means nothing" as a tag line for the product!

The expressions on the buyers faces were priceless :pac:

Gone Drinking

The snapchat stuff was because people had downloaded third party software to take a picture of the snap they received without the other person knowing.. It then uploaded the pictures to its server for the guys who wrote the software to perv on.

Kinda serves them right in my opinion, I mean they were looking to save pictures themselves!

L.Jenkins

KomradeBishop wrote: »

Almost everything can be hacked. Very few things are totally secure.

The only way to truly secure something, is to disconnect it from the internet, encase it in concrete and bury it.

LuckyLloyd

Why are you entitled to guaranteed privacy when using a private company's app?

Phone calls could always be bugged. It was always possible to intercept / steal mail or rob film or photos. Archiving of newspaper clippings / magazine articles / local authority / census data was always a feature of life.

I've never really understood the notion people have that they should be entitled to cast iron unbreachable privacy in the digital age. It was never reasonable to expect an increase in such standards during an era of ever more ubiquitous and cheap communication...

KomradeBishop

LuckyLloyd wrote: »

Why are you entitled to guaranteed privacy when using a private company's app?

Phone calls could always be bugged. It was always possible to intercept / steal mail or rob film or photos. Archiving of newspaper clippings / magazine articles / local authority / census data was always a feature of life.

I've never really understood the notion people have that they should be entitled to cast iron unbreachable privacy in the digital age. It was never reasonable to expect an increase in such standards during an era of ever more ubiquitous and cheap communication...

Of course it's reasonable to expect/demand it. Just because privacy can be breached easily (due to current lax standards generally), doesn't mean that's ok or that people should accept it - that would be close to lawlessness, when it comes to privacy.

nelly17

I reckon the biggest current threat is the Shellshock Bash vulnerability id say a good 70% of Corporate systems run bash, if they dont come in the front door they can get in the back door with this

KomradeBishop

Ya there have been a slew of massive high-profile vulnerabilities like that found lately - and can be guaranteed there are a lot more still either undiscovered or being kept private. Even these now-known ones, will take an extremely long time to fix properly, because for companies security is generally secondary to profit, and companies tend to take their time about fixing stuff.

smash

nelly17 wrote: »

I reckon the biggest current threat is the Shellshock Bash vulnerability id say a good 70% of Corporate systems run bash, if they dont come in the front door they can get in the back door with this

Bash, front door, back door... Giggity

BeerWolf

It's a great time to be a white hat hacker. Always in demand - make €60k-120k

LuckyLloyd

KomradeBishop wrote: »

Of course it's reasonable to expect/demand it. Just because privacy can be breached easily (due to current lax standards generally), doesn't mean that's ok or that people should accept it - that would be close to lawlessness, when it comes to privacy.

The only way to guarantee privacy in the pre Internet era was to go off the grid. In the Internet era we have people crying foul when:

- they don't stick to secured / encrypted wireless networks;
- they download and click around the place with abandon;

If you really, really, really don't want your privacy compromised then you really, really, really shouldn't be using facebook / twitter / snapchat / whatsapp / cloud storage / etc.

Otherwise, there is a risk:

KomradeBishop wrote: »

Ya there have been a slew of massive high-profile vulnerabilities like that found lately - and can be guaranteed there are a lot more still either undiscovered or being kept private. Even these now-known ones, will take an extremely long time to fix properly, because for companies security is generally secondary to profit, and companies tend to take their time about fixing stuff.

Testing for vulnerabilities is difficult. It's very difficult to future proof against all possibilities. This is not merely an issue of profitability, it is also an issue of it being very technically difficult to protect against people with enough motivation / intelligence / time who want to access data. What it boils down to and will always boil down to is that any process or technology that is man made can be broken down and pieced together again by man.

I agree that companies should try to test and secure to a reasonable level, but I think the notion of 'guaranteed' privacy is pure folly. It isn't possible to fully secure information passed around online.

YellowFeather

AstraOwner wrote: »

Imagine the panic if Whatsapp was hacked and everybody's messages were uploaded to a searchable database. You could read your partners (friends, family members) every message. They could read yours. See every picture, every message you ever sent.


That'd be awkward.

It's a distinct possibility.

smash wrote: »

The Cloud.... THE CLOUD.....

fecking buzzword, the 'cloud' is just a bunch of serves. Data has always been stored on servers! You worry about sending a message on what's app? Then just send a text message, phone someone, send a carrier pidgeon! :rolleyes:

Cloud isn't a buzzword? Of course it's a bunch of servers - somewhere. We haven't yet discovered a way to make something out of nothing.

The One Doctor wrote: »

Don't bother. I worked for a huge cloud company for years - their cloud servers were always going down. Cloud software is always inherently untrustworthy. All it takes is a few terrorists or a large coronal mass ejection aimed at the Earth... and POOF, there goes all your data.

I don't store any critical information in the cloud.

I think a lot of us store information in the cloud, many without realising it. But, yes, this is what I'm saying - it's vulnerable.

KomradeBishop wrote: »

Almost everything can be hacked. Very few things are totally secure.

Generally, it's just not profitable to make code secure - it actually costs a hell of lot of money to do it right, and even then, it will still be hackable.

There are a lot of online cloud services out there, that are just a few hacks away, from the privacy of all their users being breached completely.


Think of it this way: Exploits/hacks are basically caused by bugs in software - have you ever used a piece of software which does not have a bug? It's practically impossible to make code totally secure (especially since every program/bit-of-coding, is dependent on hundreds/thousands of other peoples/companies code as well, and it can't all be audited).

This isn't even getting into stuff, like disgruntled company employees selling cloud data for money (just look at how Edward Snowden, was able to siphon a huge amount of private/secure data, from the US government - luckily he was doing it for the public good, not for money).

My current programming job, is basically to find ways to exploit/hack and to secure games - so I know this area of stuff reasonably well, and am extremely cynical as a result (justifiably, as there is endless evidence/precedent, for justifying cynicism) - and in general, I've gotten pretty good at finding faults/holes/exploits in things; very useful for learning almost anything actually, for the perspective it gives you.

We are using a bit of software that, when you look at its logs, the first line is something like "This is an individual's problem." They can't get rid of it, short of debuilding and rebuilding again.

LuckyLloyd wrote: »

Why are you entitled to guaranteed privacy when using a private company's app?

Phone calls could always be bugged. It was always possible to intercept / steal mail or rob film or photos. Archiving of newspaper clippings / magazine articles / local authority / census data was always a feature of life.

I've never really understood the notion people have that they should be entitled to cast iron unbreachable privacy in the digital age. It was never reasonable to expect an increase in such standards during an era of ever more ubiquitous and cheap communication...

Nobody expects "cast iron unbreachable privacy", but the cost of breach of privacy is much higher these days, as opposed to when Mary would have to send Brenda a letter to tell her about the Fappening or the likes.

LuckyLloyd

YellowFeather wrote: »

Nobody expects "cast iron unbreachable privacy", but the cost of breach of privacy is much higher these days, as opposed to when Mary would have to send Brenda a letter to tell her about the Fappening or the likes.

Your sexting really isn't all that important in the grand scheme of things. The Internet hasn't changed the fundamental nature or importance of information that gets recorded or shared (compromising photos were the bedrock of many a political scandal in the pre Internet era). There's just an increase of the quantity and the speed of its transmission.

If that photo not being shared is really, really important to you don't take it.

KomradeBishop

LuckyLloyd wrote: »

The only way to guarantee privacy in the pre Internet era was to go off the grid. In the Internet era we have people crying foul when:

- they don't stick to secured / encrypted wireless networks;
- they download and click around the place with abandon;

If you really, really, really don't want your privacy compromised then you really, really, really shouldn't be using facebook / twitter / snapchat / whatsapp / cloud storage / etc.

Otherwise, there is a risk:

The solution though, is to hold those companies to account for lax security standards, and to force them to uphold better standards - not to blame the people whose privacy they breach.

People definitely should expect that privacy is upheld by these companies.

LuckyLloyd wrote: »

Testing for vulnerabilities is difficult. It's very difficult to future proof against all possibilities. This is not merely an issue of profitability, it is also an issue of it being very technically difficult to protect against people with enough motivation / intelligence / time who want to access data. What it boils down to and will always boil down to is that any process or technology that is man made can be broken down and pieced together again by man.

I agree that companies should try to test and secure to a reasonable level, but I think the notion of 'guaranteed' privacy is pure folly. It isn't possible to fully secure information passed around online.

It's not difficult to improve current standards though, and to put greater financial liability on companies for breaches.

KomradeBishop

LuckyLloyd wrote: »

Your sexting really isn't all that important in the grand scheme of things. The Internet hasn't changed the fundamental nature or importance of information that gets recorded or shared (compromising photos were the bedrock of many a political scandal in the pre Internet era). There's just an increase of the quantity and the speed of its transmission.

If that photo not being shared is really, really important to you don't take it.

It is important in the grand scheme of things - every single breach of privacy that happens, is of major importance, and should lead to a lot of massive fines getting through around.

Turning a blind eye to any breaches of privacy, and worse - blaming it on the user, not the developer/company - it is important that that kind of attitude in general is resisted, as it will lead to a society with no privacy at all.

LuckyLloyd

KomradeBishop wrote: »

It is important in the grand scheme of things - every single breach of privacy that happens, is of major importance, and should lead to a lot of massive fines getting through around.

Turning a blind eye to any breaches of privacy, and worse - blaming it on the user, not the developer/company - it is important that that kind of attitude in general is resisted, as it will lead to a society with no privacy at all.

You can establish a huge amount of cast iron personal privacy right now by discontinuing Internet use and changing your phone and the nature of how you use it. That's a choice that will always be available to you.