TSEC NEWS: 16.04.21 - mehr Fenster öffnen sich im neuen Tab ||| cooming soon - 1. TSec-Accounts 2.comments 3. personalized feed... if i have the time

❈ Polish Blogger Sued After Revealing Security Issue In Encrypted Messenger

IT Security Nachrichten it.slashdot.org

An anonymous reader quotes a report from The Record: The company behind the UseCrypt Messenger encrypted instant messaging application filed a lawsuit last month against a Polish security researcher for publishing an article that exposed a vulnerability in the app's user invite mechanism. The lawsuit targets Tomasz Zieliski, the editor of Informatyk Zakadowy, a Polish blog dedicated to IT topics, and denounces one of the site's articles, published in October 2020. The article describes how Zielinski found that in some cases, when UseCrypt Messenger users wanted to invite a friend to the app, the application used an insecure domain (autofwd.com) to send out user invitations. Zielinski found that besides running on an insecure HTTP connection, the AutoFWD.com website was also vulnerable to SQL injection and cross-site scripting (XSS) vulnerabilities that would have allowed anyone to hijack the site and then read or tamper with UseCrypt invitations. But while the authors of the AutoFWD.com website admitted to the security weaknesses in their service and shut down their website, Zieliski received a firm rebuttal of his research from V440 SA, the legal entity behind the UseCrypt Messenger. In a message the company sent Zieliski a day after his blog post went live, they claimed his research contained "false information." In a message the company sent Zieliski a day after his blog post went live, they claimed his research contained "false information." V440 SA said their app did not use the AutoFWD.com service to handle user invitations but instead relied on an in-house solution hosted on the get.usecryptmessenger.com domain. But in a subsequent update, Zieliski claims that the UseCrypt team was lying and that, in reality, they silently patched their app to remove the AutoFWD.com from its user invite mechanism after his research was posted online and were merely trying to dismiss his findings, even after he notified them in advance of his research. To make matters worse, V440 SA had reportedly filed criminal complaints against not only Zielinksi's blog but also against Niebezpiecznik and Zaufana Trzecia Strona, two other Polish IT security blogs, claiming that the three were working as part of an "organized criminal group." "Requests to remove articles, requests for apologies and other letters from law firms addressed to our editors will not make us stop being interested in a certain issue," the editors of the Polish blogs said in a joint statement. It's currently unknown if there is actually a criminal investigation underway against the three sites or if this is just an intimidation tactic.

Read more of this story at Slashdot.

...


Kompletten Artikel lesen (externe Quelle: https://it.slashdot.org/story/21/04/07/2156256/polish-blogger-sued-after-revealing-security-issue-in-encrypted-messenger?utm_source=rss1.0mainlinkanon&utm_medium=feed)

Zur Team IT Security IT Sicherheit Nachrichtenportal Startseite

➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)

Stable Channel Update for Desktop

vom 447.28 Punkte
The Chrome team is delighted to announce the promotion of Chrome 84 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.Chrome 84.0.4147.89 contains a number of fixes and improvements -- a list of changes is avai

Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs

vom 294.95 Punkte
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be

Polish Blogger Sued After Revealing Security Issue In Encrypted Messenger

vom 281.87 Punkte
An anonymous reader quotes a report from The Record: The company behind the UseCrypt Messenger encrypted instant messaging application filed a lawsuit last month against a Polish security researcher for publishing an article that exposed a vulnerability

Jok3R - Network And Web Pentest Framework

vom 247.23 Punkte
Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests.Its main goal is to save time on everything that can be automated during network/web pentest in order to enjoy more

Btlejack - Bluetooth Low Energy Swiss-army Knife

vom 235.14 Punkte
Btlejack provides everything you need to sniff, jam and hijack Bluetooth Low Energy devices. It relies on one or more BBC Micro:Bit. devices running a dedicated firmware. You may also want to use an Adafruit's Bluefruit LE sniffer or a nRF51822 Eval Kit

Glances - An Eye On Your System. A Top/Htop Alternative For GNU/Linux, BSD, Mac OS And Windows Operating Systems

vom 201.37 Punkte
Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface.It can also work in client/serv

Stable Channel Update for Desktop

vom 188.78 Punkte
The stable channel has been updated to 86.0.4240.111 for Windows, Mac & Linux which will roll out over the coming days/weeks.A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a g

SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules' Misconfigurations And Vulnerabilities Within Sudo

vom 180.59 Punkte
Linux Privilege Escalation through SUDO abuse.If you like the tool and for my personal motivation so as to develop other tools please a +1 star *The tool can be used by pentesters, system admins, CTF players, students, System Auditors and trolls :). INTRO**WAR

Thank you, Visual Studio docs contributors (March 2020)

vom 175.79 Punkte
We want to say a big thank you to everyone who contributed to the docs in March of 2020! You are helping make the Visual Studio docs clearer, more complete, and more understandable for everyone. We love that our community takes the time to get involve

Efficient And Safe Allocations Everywhere!

vom 171.31 Punkte
In our constant work to improve performance, our engineers sometimes have to seek optimizations in places that most software developers don’t venture. In this post in our series, The Fast and The Curious, a team of senior engineers showed how they approached repl

Android Studio 3.5 Beta

vom 160.66 Punkte
Posted by Jamal Eason, Product Manager, Android Android Studio 3.5 Beta is ready to download today. Last year, at Google I/O, we heard from many of you that you wanted us to focus even more on quality and stability over features. Consequently, we kicked off Project Marble, focused on making the fundamental features and flows of the Integrated Development Environment

Bandit - Tool Designed To Find Common Security Issues In Python Code

vom 157.62 Punkte
Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates

Team Security Diskussion über Polish Blogger Sued After Revealing Security Issue In Encrypted Messenger