Sarahah Uploads Your Data, Internet of Things Creds Exposed – Threat Wire
Sarahah was Caught Uploading Contacts, ROPEMAKER Changes Emails Post-Delivery, default credentials are still impacting IoT devices, and a New Crowdfunding Campaign for MalwareTech is now up and running. All that coming up now on ThreatWire.
——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————
Links:
Anonymous Messaging App Sarahah to Halt Collection of User Data With Next Update
https://thehackernews.com/2017/08/sarahah-privacy.html
https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/
Sarahah App asked for contacts for a planned "find your friends" feature
— ZainAlabdin Tawfiq (@ZainAlabdin878) August 27, 2017
https://www.theregister.co.uk/2017/08/28/crowdfunding_for_hutchins_legal_fees/?mt=1503964117577
https://www.theregister.co.uk/2017/08/23/ropemaker_exploit/
ROPEMAKER Exploit Allows for Changing of Email Post-Delivery
https://www.mimecast.com/globalassets/documents/whitepapers/wp_the_ropemaker_email_exploit.pdf
https://arstechnica.com/information-technology/2017/08/leak-of-1700-valid-passwords-could-make-the-iot-mess-much-worse/
33000+ telnet credentials of IoT devices exposed on pastebin.
Link : https://t.co/v5uGw4Llsv #iot #hacking #malware #infosec @newskysecurity pic.twitter.com/0Lg7q8G0Kq— Ankit Anubhav (@ankit_anubhav) August 24, 2017
From the 8,233 hosts about 2,174 are still running an open telnet services and some of them still accessible with the leaked credentials. pic.twitter.com/umbNhYwAGV
— Victor Gevers (@0xDUDE) August 25, 2017
http://www.securityweek.com/thousands-iot-devices-impacted-published-credentials-list
Race is On To Notify Owners After Public List of IoT Device Credentials Published
https://arstechnica.com/tech-policy/2017/08/malwaretechs-legal-defense-fund-bombarded-with-fraudulent-donations/?comments=1
Ummm, so I have questions. As someone who runs an online store / and a previous credit card processing employee…….. https://t.co/FpzTQOjKoz
— Shannon Morse (@Snubs) August 15, 2017
Tweets by tarah
https://www.crowdjustice.com/case/malwaretech/
Youtube Thumbnail credit:
https://cdn.pixabay.com/photo/2016/06/06/10/48/communication-1439187_960_720.jpg
David Moore