Hacks

YellowFeather

iCloud, Snapchat, Dropbox, flipping TrueCrypt. I'm not too pushed about them, but how vulnerable is WhatsApp? I ask because somebody has managed to successfully hack my WhatsApp location feature (which I have reported). I think this happened before with WhatsApp and they patched it, but it is becoming apparent that there are genuine security issues surrounding cloud / storage / encryption tools, etc.

What are your thoughts on this? There has been an influx of hacking incidents recently, and, it seems to me that a lot of them are based around showing that they can hack vs balancing the risk of exposing themselves. So, it would stand to reason that there are hacks that are going on that we just don't hear about - either because they aren't on a large enough scale, or because they just aren't known about yet.

It's always been the fear that people's Google history could be published - whatever about their bank details! I am starting to question the safety of trusting any personal details digitally. Which sucks - 'cause I've always been a proponent of technology, and I've defended cloud to the end.

I'd be interested to know your thoughts.

AnonoBoy

I think the most important to realise when encrypting on or entrusting data to third party sites is that, and this will prevent anyone from ever being able to access it so listen carefully. What you must be able to do always but also must ensure that the third party site does as soon as you sign up is.....Hey everyone! Free hash browns in the canteen! WOOOOOHHH!!!

*runs out of office*

smash

YellowFeather wrote: »

I think this happened before with WhatsApp and they patched it, but it is becoming apparent that there are genuine security issues surrounding cloud / storage / encryption tools, etc.

What are your thoughts on this?

First thought: Whatsapp is for sending message, it's not a cloud storage solution.

YellowFeather

AnonoBoy wrote: »

I think the most important to realise when encrypting on or entrusting data to third party sites is that, and this will prevent anyone from ever being able to access it so listen carefully. What you must be able to do always but also must ensure that the third party site does as soon as you sign up is.....Hey everyone! Free hash browns in the canteen! WOOOOOHHH!!!

*runs out of office*

Ninja edit fecker.

Chance The Fapper

smash wrote: »

First thought: Whatsapp is for sending message, it's not a cloud storage solution.

The messages are stored in the cloud, and now that Facebook owns whatsapp you can be sure they're exploiting your data

YellowFeather

Chance The Fapper wrote: »

The messages are stored in the cloud, and blow that Facebook owns whatsapp you can be sure they're exploiting your data

Exactly.

I don't care much if they're exploiting my data. Sure, I probably needed to buy whatever their targeted advertising recommended anyway..

But I don't like the publishing online of personal account data. And I certainly don't like that there are, apparently, apps that will allow a lay person get details from the likes of WhatsApp which they shouldn't have access to.

I'm just a bit concerned about all this.

AstraOwner

Imagine the panic if Whatsapp was hacked and everybody's messages were uploaded to a searchable database. You could read your partners (friends, family members) every message. They could read yours. See every picture, every message you ever sent.


That'd be awkward.

Badly Drunk Boy

HR just sent us a warning this morning not to use the Slack cloud app because it's unauthorised by the company. I never even heard of it but wouldn't bothered anyway...

smash

Chance The Fapper wrote: »

The messages are stored in the cloud, and now that Facebook owns whatsapp you can be sure they're exploiting your data

The Cloud.... THE CLOUD.....

fecking buzzword, the 'cloud' is just a bunch of serves. Data has always been stored on servers! You worry about sending a message on what's app? Then just send a text message, phone someone, send a carrier pidgeon! :rolleyes:

The One Doctor

YellowFeather wrote: »

I've defended cloud to the end.

Don't bother. I worked for a huge cloud company for years - their cloud servers were always going down. Cloud software is always inherently untrustworthy. All it takes is a few terrorists or a large coronal mass ejection aimed at the Earth... and POOF, there goes all your data.

I don't store any critical information in the cloud.

Gran Hermano

Clouds are highly susceptible to leaks.
In the old days we called it precipitation.

The Backwards Man

My Granda once said to be,

'Listen here ya wee eejit (that was his pet name for me), never trust clouds or the Welsh'

I think that's good advice for everyone.

28064212

AstraOwner wrote: »

Imagine the panic if Whatsapp was hacked and everybody's messages were uploaded to a searchable database. You could read your partners (friends, family members) every message. They could read yours. See every picture, every message you ever sent.

Whatsapp don't store your conversations on their servers: https://www.whatsapp.com/faq/en/general/21197296

Of course, whether you trust what they say is up to you, but if you don't trust them with your messages, why are you using them in the first place?

Professey Chin

I has all your datas

KomradeBishop

Almost everything can be hacked. Very few things are totally secure.

Generally, it's just not profitable to make code secure - it actually costs a hell of lot of money to do it right, and even then, it will still be hackable.

There are a lot of online cloud services out there, that are just a few hacks away, from the privacy of all their users being breached completely.


Think of it this way: Exploits/hacks are basically caused by bugs in software - have you ever used a piece of software which does not have a bug? It's practically impossible to make code totally secure (especially since every program/bit-of-coding, is dependent on hundreds/thousands of other peoples/companies code as well, and it can't all be audited).

This isn't even getting into stuff, like disgruntled company employees selling cloud data for money (just look at how Edward Snowden, was able to siphon a huge amount of private/secure data, from the US government - luckily he was doing it for the public good, not for money).

My current programming job, is basically to find ways to exploit/hack and to secure games - so I know this area of stuff reasonably well, and am extremely cynical as a result (justifiably, as there is endless evidence/precedent, for justifying cynicism) - and in general, I've gotten pretty good at finding faults/holes/exploits in things; very useful for learning almost anything actually, for the perspective it gives you.

jacksie66

This post has been deleted.

One eyed Jack

YellowFeather wrote: »

Exactly.

I don't care much if they're exploiting my data. Sure, I probably needed to buy whatever their targeted advertising recommended anyway..

But I don't like the publishing online of personal account data. And I certainly don't like that there are, apparently, apps that will allow a lay person get details from the likes of WhatsApp which they shouldn't have access to.

I'm just a bit concerned about all this.

If this concerns you, can you imagine being tagged before you've even been born -

theguardian.com/technology/2014/oct/15/apple-facebook-offer-freeze-eggs-female-employees


"Womb selfies" will be the next big thing on social media, while these companies will retain the data for their own benefit. I'd actually be less worried about online services being hacked, and more worried about the sheer amount of personal information people are willingly giving up in order to avail of these online services.

I was watching the British show "The Apprentice" last night, and the lads team came up with a camera in a sweater that would take pictures and display them on a compatible device (phone, laptop, etc).

The pitch to an online retailer was already going disastrously when one apprentice admitted that he wouldn't wear the sweater in public, but it bombed altogether when another apprentice came out with something along the lines of "privacy means nothing" as a tag line for the product!

The expressions on the buyers faces were priceless :pac:

Gone Drinking

The snapchat stuff was because people had downloaded third party software to take a picture of the snap they received without the other person knowing.. It then uploaded the pictures to its server for the guys who wrote the software to perv on.

Kinda serves them right in my opinion, I mean they were looking to save pictures themselves!

L.Jenkins

KomradeBishop wrote: »

Almost everything can be hacked. Very few things are totally secure.

The only way to truly secure something, is to disconnect it from the internet, encase it in concrete and bury it.

LuckyLloyd

Why are you entitled to guaranteed privacy when using a private company's app?

Phone calls could always be bugged. It was always possible to intercept / steal mail or rob film or photos. Archiving of newspaper clippings / magazine articles / local authority / census data was always a feature of life.

I've never really understood the notion people have that they should be entitled to cast iron unbreachable privacy in the digital age. It was never reasonable to expect an increase in such standards during an era of ever more ubiquitous and cheap communication...

KomradeBishop

LuckyLloyd wrote: »

Why are you entitled to guaranteed privacy when using a private company's app?

Phone calls could always be bugged. It was always possible to intercept / steal mail or rob film or photos. Archiving of newspaper clippings / magazine articles / local authority / census data was always a feature of life.

I've never really understood the notion people have that they should be entitled to cast iron unbreachable privacy in the digital age. It was never reasonable to expect an increase in such standards during an era of ever more ubiquitous and cheap communication...

Of course it's reasonable to expect/demand it. Just because privacy can be breached easily (due to current lax standards generally), doesn't mean that's ok or that people should accept it - that would be close to lawlessness, when it comes to privacy.

nelly17

I reckon the biggest current threat is the Shellshock Bash vulnerability id say a good 70% of Corporate systems run bash, if they dont come in the front door they can get in the back door with this

KomradeBishop

Ya there have been a slew of massive high-profile vulnerabilities like that found lately - and can be guaranteed there are a lot more still either undiscovered or being kept private. Even these now-known ones, will take an extremely long time to fix properly, because for companies security is generally secondary to profit, and companies tend to take their time about fixing stuff.

smash

nelly17 wrote: »

I reckon the biggest current threat is the Shellshock Bash vulnerability id say a good 70% of Corporate systems run bash, if they dont come in the front door they can get in the back door with this

Bash, front door, back door... Giggity

BeerWolf

It's a great time to be a white hat hacker. Always in demand - make €60k-120k

LuckyLloyd

KomradeBishop wrote: »

Of course it's reasonable to expect/demand it. Just because privacy can be breached easily (due to current lax standards generally), doesn't mean that's ok or that people should accept it - that would be close to lawlessness, when it comes to privacy.

The only way to guarantee privacy in the pre Internet era was to go off the grid. In the Internet era we have people crying foul when:

- they don't stick to secured / encrypted wireless networks;
- they download and click around the place with abandon;

If you really, really, really don't want your privacy compromised then you really, really, really shouldn't be using facebook / twitter / snapchat / whatsapp / cloud storage / etc.

Otherwise, there is a risk:

KomradeBishop wrote: »

Ya there have been a slew of massive high-profile vulnerabilities like that found lately - and can be guaranteed there are a lot more still either undiscovered or being kept private. Even these now-known ones, will take an extremely long time to fix properly, because for companies security is generally secondary to profit, and companies tend to take their time about fixing stuff.

Testing for vulnerabilities is difficult. It's very difficult to future proof against all possibilities. This is not merely an issue of profitability, it is also an issue of it being very technically difficult to protect against people with enough motivation / intelligence / time who want to access data. What it boils down to and will always boil down to is that any process or technology that is man made can be broken down and pieced together again by man.

I agree that companies should try to test and secure to a reasonable level, but I think the notion of 'guaranteed' privacy is pure folly. It isn't possible to fully secure information passed around online.

YellowFeather

AstraOwner wrote: »

Imagine the panic if Whatsapp was hacked and everybody's messages were uploaded to a searchable database. You could read your partners (friends, family members) every message. They could read yours. See every picture, every message you ever sent.


That'd be awkward.

It's a distinct possibility.

smash wrote: »

The Cloud.... THE CLOUD.....

fecking buzzword, the 'cloud' is just a bunch of serves. Data has always been stored on servers! You worry about sending a message on what's app? Then just send a text message, phone someone, send a carrier pidgeon! :rolleyes:

Cloud isn't a buzzword? Of course it's a bunch of servers - somewhere. We haven't yet discovered a way to make something out of nothing.

The One Doctor wrote: »

Don't bother. I worked for a huge cloud company for years - their cloud servers were always going down. Cloud software is always inherently untrustworthy. All it takes is a few terrorists or a large coronal mass ejection aimed at the Earth... and POOF, there goes all your data.

I don't store any critical information in the cloud.

I think a lot of us store information in the cloud, many without realising it. But, yes, this is what I'm saying - it's vulnerable.

KomradeBishop wrote: »

Almost everything can be hacked. Very few things are totally secure.

Generally, it's just not profitable to make code secure - it actually costs a hell of lot of money to do it right, and even then, it will still be hackable.

There are a lot of online cloud services out there, that are just a few hacks away, from the privacy of all their users being breached completely.


Think of it this way: Exploits/hacks are basically caused by bugs in software - have you ever used a piece of software which does not have a bug? It's practically impossible to make code totally secure (especially since every program/bit-of-coding, is dependent on hundreds/thousands of other peoples/companies code as well, and it can't all be audited).

This isn't even getting into stuff, like disgruntled company employees selling cloud data for money (just look at how Edward Snowden, was able to siphon a huge amount of private/secure data, from the US government - luckily he was doing it for the public good, not for money).

My current programming job, is basically to find ways to exploit/hack and to secure games - so I know this area of stuff reasonably well, and am extremely cynical as a result (justifiably, as there is endless evidence/precedent, for justifying cynicism) - and in general, I've gotten pretty good at finding faults/holes/exploits in things; very useful for learning almost anything actually, for the perspective it gives you.

We are using a bit of software that, when you look at its logs, the first line is something like "This is an individual's problem." They can't get rid of it, short of debuilding and rebuilding again.

LuckyLloyd wrote: »

Why are you entitled to guaranteed privacy when using a private company's app?

Phone calls could always be bugged. It was always possible to intercept / steal mail or rob film or photos. Archiving of newspaper clippings / magazine articles / local authority / census data was always a feature of life.

I've never really understood the notion people have that they should be entitled to cast iron unbreachable privacy in the digital age. It was never reasonable to expect an increase in such standards during an era of ever more ubiquitous and cheap communication...

Nobody expects "cast iron unbreachable privacy", but the cost of breach of privacy is much higher these days, as opposed to when Mary would have to send Brenda a letter to tell her about the Fappening or the likes.

LuckyLloyd

YellowFeather wrote: »

Nobody expects "cast iron unbreachable privacy", but the cost of breach of privacy is much higher these days, as opposed to when Mary would have to send Brenda a letter to tell her about the Fappening or the likes.

Your sexting really isn't all that important in the grand scheme of things. The Internet hasn't changed the fundamental nature or importance of information that gets recorded or shared (compromising photos were the bedrock of many a political scandal in the pre Internet era). There's just an increase of the quantity and the speed of its transmission.

If that photo not being shared is really, really important to you don't take it.

KomradeBishop

LuckyLloyd wrote: »

The only way to guarantee privacy in the pre Internet era was to go off the grid. In the Internet era we have people crying foul when:

- they don't stick to secured / encrypted wireless networks;
- they download and click around the place with abandon;

If you really, really, really don't want your privacy compromised then you really, really, really shouldn't be using facebook / twitter / snapchat / whatsapp / cloud storage / etc.

Otherwise, there is a risk:

The solution though, is to hold those companies to account for lax security standards, and to force them to uphold better standards - not to blame the people whose privacy they breach.

People definitely should expect that privacy is upheld by these companies.

LuckyLloyd wrote: »

Testing for vulnerabilities is difficult. It's very difficult to future proof against all possibilities. This is not merely an issue of profitability, it is also an issue of it being very technically difficult to protect against people with enough motivation / intelligence / time who want to access data. What it boils down to and will always boil down to is that any process or technology that is man made can be broken down and pieced together again by man.

I agree that companies should try to test and secure to a reasonable level, but I think the notion of 'guaranteed' privacy is pure folly. It isn't possible to fully secure information passed around online.

It's not difficult to improve current standards though, and to put greater financial liability on companies for breaches.

KomradeBishop

LuckyLloyd wrote: »

Your sexting really isn't all that important in the grand scheme of things. The Internet hasn't changed the fundamental nature or importance of information that gets recorded or shared (compromising photos were the bedrock of many a political scandal in the pre Internet era). There's just an increase of the quantity and the speed of its transmission.

If that photo not being shared is really, really important to you don't take it.

It is important in the grand scheme of things - every single breach of privacy that happens, is of major importance, and should lead to a lot of massive fines getting through around.

Turning a blind eye to any breaches of privacy, and worse - blaming it on the user, not the developer/company - it is important that that kind of attitude in general is resisted, as it will lead to a society with no privacy at all.

LuckyLloyd

KomradeBishop wrote: »

It is important in the grand scheme of things - every single breach of privacy that happens, is of major importance, and should lead to a lot of massive fines getting through around.

Turning a blind eye to any breaches of privacy, and worse - blaming it on the user, not the developer/company - it is important that that kind of attitude in general is resisted, as it will lead to a society with no privacy at all.

You can establish a huge amount of cast iron personal privacy right now by discontinuing Internet use and changing your phone and the nature of how you use it. That's a choice that will always be available to you.

smash

YellowFeather wrote: »

Cloud isn't a buzzword? Of course it's a bunch of servers - somewhere. We haven't yet discovered a way to make something out of nothing.

It is a buzzword. How is the 'cloud' any different than a server farm from 2001 that had backups and load balancing and remote login capability? Please explain...

Doylers

I think what we should be learning from all this is that our data is store more and more online and we can play ignorance as a defence. People need to start using password managers like lasts to generate secure password for every site that can't be brute forced or easily guessed. When a site offers 2 factor like dropbox, iCloud, lastspass, Facebook,paypal we should be enabling it.

And don't take pictures of your junk with snapchat

paulbok

smash wrote: »

It is a buzzword. How is the 'cloud' any different than a server farm from 2001 that had backups and load balancing and remote login capability? Please explain...

Yep another buzzword, just like 'business solutions'
Eircom business solutions, how is that different to providing phone/fax/email/broadband/mobile/(tv)

jimgoose

smash wrote: »

It is a buzzword. How is the 'cloud' any different than a server farm from 2001 that had backups and load balancing and remote login capability? Please explain...

The difference is the server farm runs ESX or SoftLayer or similar. That aside it's right back to the '70s baby! :cool:

YellowFeather

LuckyLloyd wrote: »

Your sexting really isn't all that important in the grand scheme of things. The Internet hasn't changed the fundamental nature or importance of information that gets recorded or shared (compromising photos were the bedrock of many a political scandal in the pre Internet era). There's just an increase of the quantity and the speed of its transmission.

If that photo not being shared is really, really important to you don't take it.

I disagree entirely. It is true that nobody cares if I'm sexting or not (I hope). But, the fact is that our communication is now largely digital as opposed to an auld chat on the phone. Everything is now recordable. Whereas, before, a transaction would be carried out with a discussion and a formal letter afterwards; these days, everything is put through email. Leaving a record..

LuckyLloyd

YellowFeather wrote: »

I disagree entirely. It is true that nobody cares if I'm sexting or not (I hope). But, the fact is that our communication is now largely digital as opposed to an auld chat on the phone. Everything is now recordable. Whereas, before, a transaction would be carried out with a discussion and a formal letter afterwards; these days, everything is put through email. Leaving a record..

The letter and phone calls were also records?

YellowFeather

smash wrote: »

It is a buzzword. How is the 'cloud' any different than a server farm from 2001 that had backups and load balancing and remote login capability? Please explain...

It's not a buzzword. Maybe back in the day when you had a server farm with backups and load balancing and you would explain how super your security was by using the word "cloud", it was a buzzword.

Now it's a hugely utilised reality and an actual concept.

Not a buzzword.

jimgoose

YellowFeather wrote: »

It's not a buzzword. Maybe back in the day when you had a server farm with backups and load balancing and you would explain how super your security was by using the word "cloud", it was a buzzword.

Now it's a hugely utilised reality and an actual concept.

Not a buzzword.

It's a server farm with virtual machines and a HTTPS interface. I build the sodding things.

YellowFeather

LuckyLloyd wrote: »

The letter and phone calls were also records?

I don't get your point. Out of everything I said, you chose to come back and say that the letter and the phone calls were also records. I'm interested in this and would like to discuss it genuinely. I really don't get your point, and I'm only responding in the hope that you might have misunderstood me.

batistuta9

YellowFeather wrote: »

It's not a buzzword. Maybe back in the day when you had a server farm with backups and load balancing and you would explain how super your security was by using the word "cloud", it was a buzzword.

Now it's a hugely utilised reality and an actual concept.

Not a buzzword.

Now it's an actual concept :pac: :pac: :pac:

YellowFeather

jimgoose wrote: »

It's a server farm with virtual machines and a HTTPS interface. I build the sodding things.

Fair play.

anncoates

The thought that international criminals could be targeting my riveting conversations about football, sh1t jokes and incredibly interesting family pictures is truly disturbing.

nxbyveromdwjpg

smash wrote: »

The Cloud.... THE CLOUD.....

fecking buzzword, the 'cloud' is just a bunch of serves. Data has always been stored on servers! You worry about sending a message on what's app? Then just send a text message, phone someone, send a carrier pidgeon! :rolleyes:

SMS are kept on file for 3 years by the operators too

jimgoose

nm wrote: »

SMS are kept on file for 3 years by the operators too

In a file cyaaabinet!! <ahem> sorry, couldn't help it! :pac:

JustAddWater

AstraOwner wrote: »

Imagine the panic if Whatsapp was hacked and everybody's messages were uploaded to a searchable database. You could read your partners (friends, family members) every message. They could read yours. See every picture, every message you ever sent.


That'd be awkward.

Why? What are you sending?

smash

YellowFeather wrote: »

It's not a buzzword. Maybe back in the day when you had a server farm with backups and load balancing and you would explain how super your security was by using the word "cloud", it was a buzzword.

Now it's a hugely utilised reality and an actual concept.

Not a buzzword.

You seem to think that the concept of cloud computing is about security... it's not!

jimgoose

smash wrote: »

You seem to think that the concept of cloud computing is about security... it's not!

Jaysis, that's about the last thing it's about. Andy Tanenbaum is still right about the station-wagon! :pac:

KomradeBishop

LuckyLloyd wrote: »

You can establish a huge amount of cast iron personal privacy right now by discontinuing Internet use and changing your phone and the nature of how you use it. That's a choice that will always be available to you.

That's a false choice, as the Internet is becoming ever more necessary in everyday life.

Instead, you properly regulate the companies, and make them have proper privacy standards, and impose massive fines on them for breaches.

LuckyLloyd

YellowFeather wrote: »

I don't get your point. Out of everything I said, you chose to come back and say that the letter and the phone calls were also records. I'm interested in this and would like to discuss it genuinely. I really don't get your point, and I'm only responding in the hope that you might have misunderstood me.

You said:

YellowFeather wrote: »

I disagree entirely. It is true that nobody cares if I'm sexting or not (I hope). But, the fact is that our communication is now largely digital as opposed to an auld chat on the phone. Everything is now recordable. Whereas, before, a transaction would be carried out with a discussion and a formal letter afterwards; these days, everything is put through email. Leaving a record..

To which I said:

LuckyLloyd wrote: »

The letter and phone calls were also records?

i.e. that all transactions with state or private institutions pre Internet were recorded and archived somewhere. You seem to have an idea that technology has changed that fact. It's just changed how / where the data is held, not that it is held.

LuckyLloyd

KomradeBishop wrote: »

That's a false choice, as the Internet is becoming ever more necessary in everyday life.

Instead, you properly regulate the companies, and make them have proper privacy standards, and impose massive fines on them for breaches.

I don't disagree in regulating standards and imposing fines for breaches of same. But I think people are misinformed and unrealistic when it comes to where the bar for those regulated standards should live.