Pulse of Truth

1474 readers

63 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth

How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes (www.wired.com)

submitted 2 months ago by lemmydev2 to c/pulse_of_truth

4 comments fedilink hide all child comments

The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration.

you are viewing a single comment's thread
view the rest of the comments

[–] krogoth 7 points 2 months ago (1 children)

«When they loaded this URL, the server responded with a Java heap dump, which is a roughly 150-MB file containing a snapshot of the server’s memory at the moment the URL was loaded.»

Comedy gold, the whole article…

[–] raltoid@lemmy.world 1 points 2 months ago

Client side md5 password hashing, JSP, having public facing links to dump the heap due to default configuration..

Either this was made by someone who took a programming course twenty years ago and haven't touched it since. Or it was intentionally made to be insecure.