Sarahah Uploads Your Data, Internet of Things Creds Exposed – Threat Wire

Sarahah was Caught Uploading Contacts, ROPEMAKER Changes Emails Post-Delivery, default credentials are still impacting IoT devices, and a New Crowdfunding Campaign for MalwareTech is now up and running. All that coming up now on ThreatWire.

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Links:

Anonymous Messaging App Sarahah to Halt Collection of User Data With Next Update

https://thehackernews.com/2017/08/sarahah-privacy.html
https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/

Sarahah App asked for contacts for a planned "find your friends" feature

— ZainAlabdin Tawfiq (@ZainAlabdin878) August 27, 2017

https://www.theregister.co.uk/2017/08/28/crowdfunding_for_hutchins_legal_fees/?mt=1503964117577

https://www.theregister.co.uk/2017/08/23/ropemaker_exploit/

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

https://www.mimecast.com/globalassets/documents/whitepapers/wp_the_ropemaker_email_exploit.pdf

https://arstechnica.com/information-technology/2017/08/leak-of-1700-valid-passwords-could-make-the-iot-mess-much-worse/

33000+ telnet credentials of IoT devices exposed on pastebin.
Link : https://t.co/v5uGw4Llsv #iot #hacking #malware #infosec @newskysecurity pic.twitter.com/0Lg7q8G0Kq

— Ankit Anubhav (@ankit_anubhav) August 24, 2017

From the 8,233 hosts about 2,174 are still running an open telnet services and some of them still accessible with the leaked credentials. pic.twitter.com/umbNhYwAGV

— Victor Gevers (@0xDUDE) August 25, 2017

http://www.securityweek.com/thousands-iot-devices-impacted-published-credentials-list

Race is On To Notify Owners After Public List of IoT Device Credentials Published

https://arstechnica.com/tech-policy/2017/08/malwaretechs-legal-defense-fund-bombarded-with-fraudulent-donations/?comments=1

Ummm, so I have questions. As someone who runs an online store / and a previous credit card processing employee…….. https://t.co/FpzTQOjKoz

— Shannon Morse (@Snubs) August 15, 2017

Tweets by tarah
https://www.crowdjustice.com/case/malwaretech/

Youtube Thumbnail credit:
https://cdn.pixabay.com/photo/2016/06/06/10/48/communication-1439187_960_720.jpg