Jump to content
Donations Read more... ×

Search the Community

Showing results for tags 'whatsapp'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 62 results

  1. Letter to judge reveals 731 pages of messages, call logs uncovered on one of two phones. Michael Cohen leaving the United States District Court Southern District of New York on May 30, 2018 in New York City. A letter today revealed that the FBI had recovered over 700 pages of messages and call logs from encrypted messaging apps on one of two BlackBerry phones belonging to Cohen. In a letter to the presiding judge in the case against Michael Cohen, President Donald Trump's long-time personal attorney, the US Attorney's Office for the Southern District of New York revealed today that it had obtained additional evidence for review—including a trove of messages and call logs from WhatsApp and Signal on one of two BlackBerry phones belonging to Cohen. The messages and call logs together constitute 731 pages of potential evidence. The FBI also recovered 16 pages of documents that had been shredded, but it has not yet been able to complete the extraction of data from the second phone. The letter to Judge Kimba Wood stated that "the Government was advised that the FBI’s original electronic extraction of data from telephones did not capture content related to encrypted messaging applications, such as WhatsApp and Signal... The FBI has now obtained this material." This change is likely because of the way the messages are stored by the applications, not because the FBI had to break any sort of encryption on them. WhatsApp and Signal store their messages in encrypted databases on the device, so an initial dump of the phone would have only provided a cryptographic blob. The key is required to decrypt the contents of such a database, and there are tools readily available to access the WhatsApp database on a PC. In a post to Twitter, attorney Michael Avenatti, who represents Stormy Daniels in her suit against Cohen over a nondisclosure agreement regarding her alleged sexual encounters with Donald Trump, crowed about the new evidence. The messages and logs were provided to Cohen's attorneys today. Cohen has until June 25 to review the materials and make any claims of attorney-client privilege; after that, any messages he claims are protected will be reviewed by the Special Master, retired federal judge Barbara Jones. Jones and Cohen's attorneys have already reviewed an initial collection of data from two phones and an iPad. Jones ruled that out of 291,770 total items from those devices, "148 items are Privileged and/or Partially Privileged and that 7 items are Highly Personal." But an additional 315 megabytes of data have been pulled from the first of the two BlackBerries, and its contents were delivered to Cohen's attorneys on June 14. An unknown amount of data remains on the second BlackBerry. "The Government will update the Court on the final BlackBerry extraction as soon as possible," US Attorney Robert Khuzami wrote in the letter to Judge Wood. Source
  2. (Reuters) — As Europe’s new privacy law took effect on Friday, one activist wasted no time in asserting the additional rights it gives people over the data that companies want to collect about them. Austrian Max Schrems filed complaints against Google, Facebook, Instagram and WhatsApp, arguing they were acting illegally by forcing users to accept intrusive terms of service or lose access. That take-it-or-leave-it approach, Schrems told Reuters Television, violates people’s right under the General Data Protection Regulation (GDPR) to choose freely whether to allow companies to use their data. “You have to have a ‘yes or no’ option,” Schrems said in an interview recorded in Vienna before he filed the complaints in various European jurisdictions. “A lot of these companies now force you to consent to the new privacy policy, which is totally against the law.” The GDPR overhauls data protection laws in the European Union that predate the rise of the internet and, most importantly, foresees fines of up to 4 percent of global revenues for companies that break the rules. That puts potential sanctions in the ballpark of anti-trust fines levied by Brussels that, in Google’s case, have run into billions of dollars. Andrea Jelinek, who heads both Austria’s Data Protection Authority and a new European Data Protection Board set up under GDPR, appeared to express sympathy with Schrems’ arguments at a news conference in Brussels. Asked about the merits of Schrems’ complaints, Jelinek said: “If there is forced consent, there is no consent.” Scourge of Facebook Schrems was a 23-year-old law student when he first took on Facebook and he’s been fighting Mark Zuckerberg’s social network ever since – becoming the poster-boy for data privacy. He won a landmark European court ruling in 2015 that invalidated a ‘safe harbour’ agreement allowing firms to transfer personal data from the EU to the United States, where data protection is less strict. With GDPR in mind, he recently set up a non-profit called None of Your Business noyb.eu (noyb) that plans legal action to blunt the ability of the tech titans to harvest data that they then use to sell targeted advertising. His laptop perched on the table of a traditional Viennese coffee house, Schrems showed how a pop-up message on Facebook seeks consent to use his data – and how he is blocked when he refuses. “The only way is to really accept it, otherwise you cannot use your Facebook any more,” Schrems explained. “As you can see, I have my messages there and I cannot read them unless I agree.” Erin Egan, Facebook’s chief privacy officer, said in a statement that the company has prepared for 18 months to ensure it meets the requirements of GDPR by making its policies clearer and its privacy settings easier to find. Facebook, which has more than 2 billion regular users, has also said that advertising allows it to remain free, and that the whole service, including ads, is meant to be personalized based on user data. “1,000-euro brick” Schrems said, however, that Instagram, a photo-sharing network popular with younger users, and encrypted messaging service WhatsApp – both owned by Facebook – also use pop-ups to gain consent and bar users who refuse. The action brought by noyb against Google relates to new smartphones using its Android operating system. Buyers are required to hand over their data or else own “a 1,000-euro brick” that they can’t use, Schrems said. Google did not immediately respond to a request for comment. Noyb is filing the four claims with data protection authorities in France, Belgium, Germany and Austria. Ensuing litigation may play out in Ireland, where both Facebook and Google have their European headquarters. One filing, made against Facebook on behalf of an Austrian woman, asks the country’s data protection authority to investigate and, as appropriate, prohibit data processing operations based on invalid consent. It also asks the regulator to impose “effective, proportionate and dissuasive” fines as foreseen by GDPR, which in Facebook’s case could run to 1.3 billion euros ($1.5 billion). “So far it was cheaper just to ignore privacy rights,” said Schrems. “Now, hopefully, it’s going to be cheaper to follow them because the penalties are so high.” Source
  3. TextNow Dedicated Virtual Mobile Phone Number (USA) & Unlimited Free International Call to USA/Canada - UK Landline + Ability to Use Whatsapp Without SIM Card How is TextNow different from Whatsapp and Viber ? App Highlights Free Landline & Mobile call to USA/Canada (Tested to USA both Landline and mobile numbers) Free Landline to UK (Tested by myself) Sending Free SMS depending of the Country Zone... Receiving Verification Code: Currently Google & Microsoft Account verification code not working myself. Instruction: Signup for free during registration when you asked area code enter: 208 (That is the area code I can only get Whatsapp recognize the Phone Number) I got 2 Free USA Mobile Phone Number: (734) Whats up does not accept as a valid USA Number --> Got the number when ı enter Area cone 734 (208) Accepted number --> Have that number when I enter 555 during Area Code selection. Homepage:https://www.textnow.com/ Android:https://play.google.com/store/apps/details?id=com.enflick.android.TextNow&hl=en iTunes:https://itunes.apple.com/us/app/textnow-free-text-+-calls/id314716233?mt=8 Windows Phone:https://www.microsoft.com/en-us/store/p/textnow/9wzdncrfj38m (Android) TextNow – free text + calls PREMIUM v5.2.0 [Unlocked] Site: http://txt.do Sharecode[?]: /dtu7s ========================================================= How to Use WhatsApp Without Phone Number or SIM Via TextNow Method: In this method to use whatsapp messenger without sim verification, you need to install Textnow app on your android/ iPhone or windows phone. Using the Textnow number, you can install whatsapp without simcard. You need to have internet connectivity over wifi. Download Textnow app for your iPhone/Android/Windows phone. After installation, you will be provided with a Textnow number (when you asked area code enter: 208) We will use this number to run whatsapp without sim card. While setting up the whatsapp account, provide this Textnow number for verification. Then, wait for the Whatsapp sms verification to fail. You will be asked to verify your Whatsapp account via Call. Tap on the Call Me verification method You will get a call for the Textnow number, enter the interactive voice response Whatsapp verification code provided. Voila, you have installed whatsapp without sim using internet. Homepage:https://www.whatsapp.com/ Andrid:https://play.google.com/store/apps/details?id=com.whatsapp&hl=en iTunes:https://itunes.apple.com/tr/app/whatsapp-messenger/id310633997?mt=8
  4. WhatsApp cofounder Brian Acton expressed outrage at Facebook’s privacy policies last month by tweeting “It is time. #deletefacebook.” But WhatsApp’s Facebook-like group chat features also have design flaws that jeopardize user privacy. Maybe it’s also time to #DeleteWhatsApp. WhatsApp differentiates itself from parent company Facebook by touting its end-to-end encryption. “Some of your most personal moments are shared with WhatsApp,” the company writes on its website, so “your messages, photos, videos, voice messages, documents, and calls are secured from falling into the wrong hands.” But WhatsApp members may not be aware that when using the app’s Group Chat feature, their data can be harvested by anyone in the group. What is worse, their mobile numbers can be used to identify and target them. WhatsApp groups are designed to enable groups of up to 256 people to join a shared chat without having to go through a central administrator. Group originators can add contacts from their phones or create links enabling anyone to opt-in. These groups, which can be found through web searches, discuss topics as diverse as agriculture, politics, pornography, sports, and technology. Not all groups have links, but in those that do, anyone who finds the link can join the group. While all new joining members are announced to the group, they are not required to provide a name or otherwise identify themselves. This design could leave inattentive members open to targeting, as a new report from European researchers shows. The researchers demonstrated that a tech-savvy person can easily obtain treasure troves of data from WhatsApp groups by using nothing more than an old Samsung smartphone running scripts and off-the-shelf applications. This is not a security breach — the app is working exactly as designed. Kiran Garimella, of École Polytechnique Fédérale de Lausanne, in Switzerland sent me a draft of a paper he coauthored with Gareth Tyson, of Queen Mary University, U.K. titled “WhatsApp, doc? A first look at WhatsApp public group data.” It details how they were able to obtain data from nearly half a million messages exchanged between 45,794 WhatsApp users in 178 public groups over a six-month period, including their mobile numbers and any images, videos, and web links they had shared. The groups had titles such as “funny”, “love vs. life”, “XXX”, “nude”, and “box office movies”, as well as the names of political parties and sports teams. The researchers obtained lists of public WhatsApp groups through web searches and used a browser automation tool to join a few of the roughly 2,000 groups they found — a process requiring little human intervention and easily applicable to a larger set of groups. Their smartphone began to receive large streams of messages, which WhatsApp stored in a local database. The data are encrypted, but the cipher key is stored inside the RAM of the mobile device itself. This allowed the researchers to decrypt the data using a technique developed by Indian researchers L.P. Gudipaty and K.Y. Jhala. Note: The method Garimella and Tyson used only allowed them to access data posted to each of the groups after they’d joined them; they weren’t able to access any earlier data posted in the groups. The researchers’ goal was to determine how WhatsApp could be used for social-science research (they plan to make their dataset and tools publicly available after they anonymize the data). But their paper demonstrates how easily marketers, hackers, and governments can take advantage of the WhatsApp platform — with no contractual restraints and for almost no cost. This can have a much darker side. The New York Times recently published a story on the Chinese Government’s detention of human-rights activist Zhang Guanghong after monitoring a WhatsApp group of Guanghong’s friends, with whom he had shared an article that criticized China’s president. The Times speculated that the government had hacked his phone or had a spy in his group chat; but gathering such information is easy for anyone with a group hyperlink or access to a server. Earlier this year, Wired reported that researchers from Ruhr-University Bochum, in Germany, found a series of flaws in encrypted messaging applications that enable anyone who controls a WhatsApp server to “effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation.” Gaining access to a computer server requires sophisticated hacking skills or the type of access only governments can gain. But as Wired wrote, “the premise of so-called end-to-end encryption has always been that even a compromised server shouldn’t expose secrets.” Researcher Paul Rösler reportedly said, “The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them. … If I hear there’s end-to-end encryption for both groups and two-party communications, that means adding of new members should be protected against. And if not, the value of encryption is very little.” Facebook and its family of companies are being much too casual about privacy, as we have seen from the Cambridge Analytica revelations, harming freedom and democracy. They need to be held to higher standards. Editor’s note: VentureBeat reached out to WhatsApp regarding the researchers’ findings, but the company did not provide a statement. Vivek Wadhwa is Distinguished Fellow at Carnegie Mellon University Engineering at Silicon Valley and author of The Driver in the Driverless Car: How Our Technology Choices Will Create the Future. Source
  5. Hello Gents, Press K (kick up my butt), if you reckon, I'm too unaware.. but I have my excuses- busy with work etc, so: (fed up having so many apps, conflicting contact issues etc), wonder, if somebody would have new (better) suggestions? Skype had it's glory days, but is too big, too unsafe, too much data FB Messenger is sort of "must", due to social interactions Like Telegram, but ever so few other users, also, it is not 100% as secure no more, What'sApp is OK, as there are some old contacts, sometimes handy, bhuuuttt Duo google product, expect to be failures, as per usual Hangouts- OK, just not sure if worth keeping it, as other apps-client do the same Thanks!
  6. ICO probe: No legal basis for Facebook slurps WhatsApp has agreed not to share users' data with parent biz Facebook after failing to demonstrate a legal basis for the ad-fuelling data slurp in the EU. The move comes after a years-long battle between the biz and European data protection agencies, which argued that changes to WhatsApp's small print hadn't been properly communicated and didn't comply with EU law. An investigation by the UK's Information Commissioner's Office, which reported today, confirmed the biz has failed to identity a legal basis for sharing personal data in a way that would benefit Facebook's business. Moreover, any such sharing would have been in breach of the Data Protection Act. In response, WhatsApp has agreed to sign an undertaking (PDF) in which it commits not to share any EU user data to any other Facebook-owned company until it can comply with the incoming General Data Protection Regulation. The ICO celebrated the deal as a "win for the data protection of UK customers" – a statement that Paul Bernal, IP and internet law expert at the University of East Anglia, said he agreed with only up to a point. "This is indeed a 'win', but a limited one," he told The Register. "It's only a commitment until they believe they've worked out how to comply with the GDPR – and I suspect they'll be working hard to find a way to do that to the letter rather than to the spirit of the GDPR." Using consent as the lawful basis? No dice At the heart of the issue is consent. In summer 2016, a privacy policy update said that, although it would continue to operate as a separate service, WhatsApp planned to share some account information, including phone numbers, with Facebook for targeted advertising, business analysis and system security. Although users could withhold consent for targeted advertising, they could not for the other two purposes – any users that didn't like the terms would have to stop using WhatsApp. The EU data protection bodies have previously said that this "like it or lump it" approach to service use doesn't constitute freely given consent – as required by EU rules. Similarly, they felt that WhatsApp's use of pre-ticked boxes was not "unambiguous" and that the information provided to users was "insufficiently specific". The ICO has also noted that matching account data might lead to "privacy policy creep", with further uses of data slipping into the Ts&Cs unnoticed by users. The investigation – which looked only at situations where WhatsApp wanted to share information with Facebook for business interests, not service support – confirmed concerns that the policy wasn't up to scratch. Information commissioner Elizabeth Denham said WhatsApp had not identified a lawful basis for processing, or given users "adequate fair processing information" about any such sharing. "In relation to existing users, such sharing would involve the processing of personal data for a purpose that is incompatible with the purpose for which such data was obtained," she said. She added that if the data had been shared, the firm "would have been in contravention of the first and second data protection principles" of the UK's Data Protection Act. WhatsApp has maintained that it hasn't shared any personal data with Facebook in the EU, but in a letter to the biz's general counsel Anne Hoge, Denham indicated that this had not been made clear at the outset. Denham wrote that the initial letter from WhatApp had only stated data sharing was paused for targeted ads. It was, she said, "a fair assumption for me to make" that WhatsApp may have shared data for the other two purposes, "but have at some point since that letter decided to pause" this too. However, she said that since WhatsApp has "assured" the ICO that "no UK user data has ever been shared with Facebook", she could not issue the biz with a civil monetary penalty and had to ask WhatsApp to sign the undertaking instead. Next up: Legitimate interests Denham's letter makes it clear that the companies will be working to make sure that data sharing can go ahead in a lawful way, particularly for system security purposes, for which it may consider using the "legitimate interests" processing condition. She noted that there would be "a range" of legitimate interests – such as fighting spam or for business analytics – but that in all cases it would need to show that processing was necessary to achieve it, and balance it against individuals' rights. Bernal said that if the biz had any plans to use the consent condition for processing, it "will need huge scrutiny". "It's almost impossible for most users to understand what they're really consenting to," he said. "And if ordinary users can't understand, how can they consent?" Jon Baines, data protection adviser at Mishcon de Reya, also noted that the fact WhatsApp had held its ground on what he described as a "key point" could put the ICO in a difficult position down the line. "It's very interesting that the ICO is classing this as a 'win', because – although on the surface it seems like a success – it's notable that WhatsApp have reserved their position on a key point, which is whether the processing in question falls under the UK's remit by virtue of the fact that it takes place in the UK on users' devices," he said. "Normally the effect of an informal undertaking will be to encourage a data controller voluntarily to take or cease action, to avoid the need for legal enforcement which would otherwise be available. "Here, should WhatsApp subsequently fail to perform the undertaking, the ICO might be compromised if there is no clear basis on which it can follow up with enforcement action." In a statement sent to The Register, WhatsApp emphasised the pause it had put on data sharing. "As we've repeatedly made clear for the last year we are not sharing data in the ways that the UK Information Commissioner has said she is concerned about anywhere in Europe." It added that it "cares deeply" about users' privacy and that "every message is end-to-end encrypted". Source
  7. WhatsApp has launched a separate app designed for use by small businesses to more easily connect with customers. WhatsApp Business adds key features like dedicated business profiles for details like email address, business description, store addresses, and website; smart messaging tools like greetings, quick replies, and away messages; and metrics for how many messages were sent, delivered, and read. For those who use a business number and a personal one, both the WhatsApp Business and WhatsApp Messenger apps can be used on the same device and registered with your different numbers. WhatsApp Business is also compatible with WhatsApp Web, the app’s desktop web browser client. The quick replies feature Business accounts will be clearly listed as such. WhatsApp says over time, businesses that have confirmed their account phone number matches their business one will receive a confirmation badge on their profile. That’s similar to WhatsApp adding green verification badges to select business accounts last year in the standard app. WhatsApp says other users can continue to use the standard app as usual and will still have full control over the messages they receive like blocking numbers and reporting spam. WhatsApp Business is free and available to download now for Android users, though there’s no mention of an iOS release yet. WhatsApp Business is currently available in Indonesia, Italy, Mexico, the UK, and the US, with a global rollout scheduled in the coming weeks. The Verge.com
  8. WhatsApp Messenger v2.17.397 Requirements: 4.0.3+ Overview: WhatsApp Messenger is a messaging app available for Android and other smartphones. WhatsApp uses your phone’s Internet connection (4G/3G/2G/EDGE or Wi-Fi, as available) to message and call friends and family. Switch from SMS to WhatsApp to send and receive messages, calls, photos, videos, and Voice Messages. First year FREE!* (WhatsApp may charge thereafter, current price is $0.99 USD/year). WHY USE WHATSAPP: • NO ADDITIONAL FEES: WhatsApp uses your phone’s Internet connection (4G/3G/2G/EDGE or Wi-Fi, as available) to message and call friends and family, so you don’t have to pay for every message or call.* • MULTIMEDIA: Send and receive photos, videos, and Voice Messages. • WHATSAPP CALLING: Call your friends and family using WhatsApp for free, even if they’re in another country. WhatsApp calls use your phone’s Internet connection rather than your cellular plan’s voice minutes.* (Note: you can’t access 911 and other emergency service numbers through WhatsApp). • GROUP CHAT: Enjoy group chats with your contacts so you can easily stay in touch with your friends or family. • WHATSAPP WEB: You can also send and receive WhatsApp messages right from your computer’s browser. • NO INTERNATIONAL CHARGES: There’s no extra charge to send WhatsApp messages internationally. Chat with your friends around the world and avoid international SMS charges.* • SAY NO TO USERNAMES AND PINS: Why bother having to remember yet another username or PIN? WhatsApp works with your phone number, just like SMS, and integrates seamlessly with your phone’s existing address book. • ALWAYS LOGGED IN: With WhatsApp, you’re always logged in so you don’t miss messages. No more confusion about whether you’re logged in or logged out. • QUICKLY CONNECT WITH YOUR CONTACTS: Your address book is used to quickly and easily connect you with your contacts who have WhatsApp so there’s no need to add hard-to-remember usernames. • OFFLINE MESSAGES: Even if you miss your notifications or turn off your phone, WhatsApp will save your recent messages until the next time you use the app. • AND MUCH MORE: Share your location, exchange contacts, set custom wallpapers and notification sounds, email chat history, broadcast messages to multiple contacts at once, and more! WHAT'S NEW • You can once again set a text-only update in your profile and it's called About. Tap Settings and then your profile name to edit it. Thanks for the feedback! • Search for the perfect animated GIF right from within WhatsApp. Tap the emoji button in a chat and then tap GIF at the bottom of the emoji panel to get started. This app has no advertisements https://play.google.com/store/apps/details?id=com.whatsapp Download:
  9. Watch out! There’s a WhatsApp account thief about! Have you received an email claiming to come from WhatsApp that warns that you have been using the service for more than one year and that it’s time to take out a subscription? Beware! The emails are, of course, a scam designed to trick you into clicking links that might result in you handing your payment information over to fraudsters. Part of the email reads as follows: What makes the scam somewhat more convincing is that in the past WhatsApp did use to ask users to pay a fee after they had been using the service for over a year. But that all stopped in January 2016, when WhatsApp announced that it would no longer charge a fee, and was making its app completely free for everybody. So, don’t be duped into clicking on suspicious links claiming to come from WhatsApp suggesting you need to pay your subscription to continue to use the app. It’s not just nonsense, it’s potentially dangerous nonsense that could leave a hole in your wallet. And while we’re on the subject, as others have previously warned, you should always be wary of unsolicited SMS text messages claiming to come from WhatsApp demanding that you verify your account and buy a WhatsApp subscription. You ultimately decide what links you click on, and whether you hand over your passwords and payment card details. Always think twice, because the wrong decision could prove costly. Article source
  10. Fake website : http://шһатѕарр.com/?colors Actual site it redirects to : http://blackwhats.site/ Archive.is link : http://archive.is/9gK5Y Screenshots when you visit the website in smartphone : http://imgur.com/a/UsKue User gets the message saying whatsapp is now available with different colors " I love the new colors for whatsapp http://шһатѕарр.com/?colors " When you click the fake whatsapp.com url in mobile, the user is made to share the link to multiple groups for human verification. once your done sharing you are made to install adware apps, after you have installed the adware the website says the whatsapp color is available only in whatsapp web and makes you install an extention. Fake whatsapp extention : https://chrome.google.com/webstore/detail/blackwhats/apkecfhccjhdmicfliebkdekbkoioiaj these fake sites and spam messages are always circulating in whatsapp. Source Fake WhatsApp.com URL gets users to install adware Next time someone links you to whatsapp.com, make sure you take a second look. There’s some adware currently circulating around the web by tricking users to visit a ‘шһатѕарр.com’ domain instead. Yes, those are different URLs – the fake URL uses characters from the Cyrillic alphabet. As spotted by redditor u/yuexist, the site promises to let you install WhatsApp in different colors – I mean, everyone likes color options, right? If you visit the link, you’re asked to share the site with your friends for ‘verification.’ Your friends then receive a message saying “I love the new colors for whatsapp’ along with the fake URL. Once you’ve ‘verified’ yourself, you’re then told that WhatsApp’s colors can only be accessed on a desktop, and are asked to install an extension from the real Chrome Web Store called BlackWhats (still, click at your own risk). All this should send about 27,531 red flags to anyone remotely tech savvy, but there are plenty of WhatsApp users who don’t spend their time on tech blogs and might fall for it – the fake URL is certainly convincing enough at first glance. The extension itself has over 16,000 users and a 4 star rating from 55 ratings, though there are only 3 text reviews – it’s hard to tell if these ratings are somehow fake. We’ve reached out to Google to alert them about the adware. And as always, make sure to double check URLs on any unexpected links you may receive. Update: Google has removed this extension from the Chrome Web Store. Good riddance. Article source
  11. The idea of watching a whole season of your favorite TV how or the latest movies online for free is extremely appealing. Fraudsters are all too aware of this, as we’ll show. And it is obvious that cybercriminals are using Netflix – which has almost 100 million users – to spread their attacks, as it is one of the most popular ‘internet television networks” in the world today. In this post, we look at how fraudsters are using this well-known brand as the hook for a news WhatsApp scam. Let’s analyze how this false campaign, which offers users free access to Netflix for a whole year, works, and also look at how it has ended up misleading thousands of people worldwide. The initial message and its multiple false sites First things first – if you have received messages from trustworthy WhatsApp contacts inviting you to gain free access to the service through a particular link, let me be clear … Don’t do it! Don’t click on the link! Don’t share it! As we can see with the following images (in both the Spanish and English versions), the message appears to come from the Netflix.com domain. However, when users look at the shortened URL, they’ll notice that clicking on it will redirect them to another domain that is not related with the legitimate Netflix.com site: Spanish version English version Portuguese version The first click on the campaign takes the user to an external domain unrelated to Netflix, which curiously uses a trusted certificate as shown in the following image: Just like Netflix, it is also multilingual Another curious fact is that the page has the capacity to detect the language of the device and can change its language automatically. The following images show the same campaign in Spanish, Portuguese, and English: The method used for this scam is similar to what we are used to. The page promises a year’s worth of services from Netflix, provided that the user shares the fraudulent link with at least 10 of their contacts. Meanwhile, the page checks the number of times the user presses the share button, and if the target is not reached, opens another window requiring the victim to continue sharing the link. Then, the victim is redirected to pages that falsely claim that they are on the “final step” to achieve activation, when what is really happening is that they are stealing information from users’ mobile phones for different types of subscriptions, or opening the system’s messaging application in order to send an SMS to a premium number with a certain text or even encouraging users to download applications from unofficial sites. What should you do if you shared or clicked on the link? First of all, stay calm. It’s important to understand that, contrary to what some people believe, this is not a “WhatsApp virus” as there is no executable file that is being downloaded and installed in the terminal when you access the page. Although it is a potential risk, we have not found evidence that the fraudulent sites are attempting to exploit the vulnerabilities of the connected devices; so, in theory, there is no greater risk of infection by simply clicking on the link. If you have shared the link with friends and family, follow these steps: Get in touch with them as soon as you can and let them know that it is a scam and to stop sharing the message. If you entered your telephone number into any form, as seen in previous images, get in touch with your telephone provider to ensure that you have not subscribed “without noticing” to a premium messaging service that charges a fee. Finally, if you have downloaded any applications onto your cellphone, uninstall them. If you can’t do this, get in touch with a professional who can do it for you and restore the device to its manufacturing settings. Remember that you should think twice about these messages with shortened links and consider their trustworthiness before sharing. Given that the campaign is multilingual, it has the capacity to spread much faster, not only in Spanish-speaking countries but also in countries where English or Portuguese is spoken. Likewise, it is important to notify any users that have sent you the link about the importance of not providing their mobile phone numbers to Premium SMS services. In this way, you can be a hero, not in your favorite online seasons, but in real life, by putting a stop to these malicious campaigns and enjoying more secure use of your technology. Article source
  12. UK Home Secretary Amber Rudd on Sunday called for greater government access to encrypted content on mobile apps. Apps with end-to-end encryption, like Facebook's WhatsApp, should not be allowed to conceal terrorists' communications from law enforcement, Rudd said in an appearance on The Andrew Marr Show, a BBC broadcast. "There should be no place for terrorists to hide," she said. "We need to make sure that organizations like WhatsApp -- and there are plenty of others like that -- don't provide a secret place for terrorists to communicate with each other." Khalid Masood, who killed four people outside the UK's parliament building last week before being shot dead, reportedly used WhatsApp a few minutes before going on his murder spree. "On this situation, we need to make sure that our intelligence services have the ability to get into situations like encrypted WhatsApp," Rudd maintained. Backdoor Law in Place? Even though she supported end-to-end encryption as a cybersecurity measure, Rudd later said in an interview on Sky News, it was "absurd" to have terrorists talking on a formal platform and not have access to those conversations. "We are horrified at the attack carried out in London and are cooperating with law enforcement as they continue their investigations," WhatsApp spokesperson Anne Yeh said in a statement provided to TechNewsWorld. During her appearance on Marr's show, Rudd disclosed that she would be meeting with Facebook and other technology companies on Thursday to discuss ways to meet the information needs of security officers. She did not rule out new legislation to regulate encrypted messaging if the government and the tech companies were unable to reach an accord. However, that law may already exist. The UK last year adopted the Investigatory Powers Act, which compels tech companies to "provide a technical capability" to remove "electronic protection" within their products. That law has been interpreted in some quarters to mean that tech companies can be compelled to install "backdoors" into their products in order to decrypt data when necessary. A backdoor would not have helped prevent Masood's attack, however. "To use a backdoor, you have to identify somebody as a target and hack them," explained Matthew Green, a computer science professor specializing in cryptography at Johns Hopkins University. "With this terrorist, they identified this person and decided he wasn't a threat and stopped monitoring him," he told TechNewsWorld. "Nothing is going to help once you look at a guy then look away." No Door Secure Enough Backdoors have been criticized as a means to meet the information needs of law enforcement because they undermine the purpose of encryption. "Many technologists and even many in law enforcement have acknowledged there's no secure backdoor," said Chris Calabrese, vice president for policy at the Center for Democracy & Technology. "You simply cannot build a door that only the good guys can walk through," he told TechNewsWorld. "If you start building backdoors, they will be exploited by hackers; they will be exploited by terrorists." Tech companies have been skeptical of creating backdoors to break the encryption used by their products and then turning over the keys to law enforcement. Another idea floated is that the companies should create the backdoors but retain control of the keys to prevent abuse. "That won't work. The systems are too complicated and the backdoors too difficult to keep secure," Calabrese said. "Companies don't want to have to worry about their employees misusing these keys, and they don't want to have to secure them," said Johns Hopkins' Green. Application Hopping Even if backdoors were installed in applications like WhatsApp, they most likely would miss their mark -- assuming that mark is to prevent terrorists from communicating securely. "If the bad guys feel that this application has been compromised by government officials and backdoors become available, this leads to a simple response by the bad guys -- use a different application," explained Paul Calatayud, CTO at FireMon. "WhatsApp is a third-party application on a mobile device," he told TechNewsWorld. "Nothing prevents the bad guys from moving to a lesser known third-party application." While WhatsApp can't crack the encrypted contents on the parliament killer's phone, it still can provide authorities with information about the terrorist's phone activity -- such as the time a message was sent, who it was sent to, and the physical location of the sender and recipient. "It doesn't matter what this guy said before he did this thing," said Bruce Schneier, CTO of IBM Resilient. "What matters is who it was, and WhatsApp doesn't protect that." Investigators can access all kinds of information without recourse to backdoors, he told TechNewsWorld, "but that would require a real conversation about the problem, which you don't get from these people who grandstand after tragedies." Source
  13. Google will meet UK govt Google is going to participate in a meeting with the British government this week, a meeting that seems to have been sparked by the terror attack that took place in London last week. The meeting will likely focus on the advantages and disadvantages of offering end-to-end encryption to users, something that British authorities have been quite vocal these past few days, especially as they slammed WhatsApp for not providing them with the last messages sent out by the author of the attack, something that is impossible due to the same encryption featured in the messaging app. For its part, Google will also be scolded over the extremist material accessible through its search engine, and even on YouTube. Google confirmed to Business Insider that it is among the companies that will participate at this meeting with the British government, although it declined to comment further. Although not confirmed, as of yet, Facebook will probably be on the same list of participants, along with Yahoo and even Apple. "There should be no place for terrorists to hide," Home Secretary Amber Rudd said in regards to the terrorist incident, and, more specifically, to the fact that encryption helped hide the terrorist's last sent messages. The neverending discussion over encryption There are many messaging apps that provide end-to-end encryption, including Google's Allo, Apple's iMessage and many others, from other companies. This, of course, is the perpetual discussion over whether or not people should be allowed to have complete privacy of their communications via end-to-end encryption. Security experts and tech companies say "yes," while authorities and politicians say "no" due to the "inconvenience" of being unable to decrypt these conversations. In fact, on numerous occasions, people that have been put in positions of power, in the United States and Europe alike, have called for encryption backdoors to be used by law enforcement. This, however, would make billions of users vulnerable to hackers and government surveillance. Source
  14. WhatsApp can't hand over messages End-to-end encryption services like WhatsApp are once more being slammed for offering protection for users everywhere. This time, the UK is doing all the finger pointing, and it's because of the terrorist attack that took place on Wednesday. British Home Secretary Amber Rudd has accused WhatsApp of giving terrorists "a place to hide," after the company has failed to comply with a demand to hand over the last messages sent by London attacker, Adrian Ajao, the Telegraph reports. "This terrorist sent a WhatsApp message, and it can't be accessed," Rudd said. She also said that it is completely unacceptable for end-to-end encryption to be offered because there should be no place for terrorists to hide. "We need to make sure that organizations like WhatsApp - and there are plenty of others like that - don't provide a secret place for terrorists to communicate with each other," she added. The British authorities are complaining that Scotland Yard and the security services cannot access encrypted messages sent via WhatsApp, so they cannot know who Ajao contacted or what the told them before the attack. Not only did Rudd slam WhatsApp, but also went after Google and social media platforms which have been known for being late to take down extremist material or refusing to take it down altogether due to their protection of "free speech" and the way their Terms are worded. A much-desired backdoor This isn't the first time, nor will it be the last time, when WhatsApp and other similar services, as well as encrypted email tools, are slammed by authorities. End-to-end encryption is supposed to protect users from hackers, but also mass-surveillance, such as that exposed by Edward Snowden's NSA files. The way it works, a message is encrypted the second it is sent by one user, and it only gets decrypted once it reached the recipient. In this way, WhatsApp doesn't have access to any plain-text messages, which means it cannot share anything with authorities. In recent months there have been more and more voices asking for encryption backdoors for authorities, something that tech companies will likely never agree to; not without losing users in droves. Source
  15. WhatsApp and Telegram fix big vulnerability WhatsApp and Telegram have patched critical flaws in their apps that could allow attackers to gain control over user accounts. According to researchers from Check Point Software Technologies, they discovered issues with the way the two apps process several types of files without checking to see if they contain malicious code. They mention that the online versions of these platforms - WhatsApp Web and Telegram Web - mirror all messages sent and received by the user, being fully synced with the smart device. If exploited, the vulnerability they found could allow attackers to completely take over users' accounts on any browser, access their personal and group conversations, photos, videos and other shared files, as well as contact lists and basically any other information they share with the app. That translates into someone stealing your photos, sending messages in your name, demanding ransom, and so on. So how does this work? Well, it all starts with the attacker sending a file that looks innocent to the victim, but which contains malicious code. The file can be easily modified to make sure the victim takes the bait and opens it. Once it is opened, the attacker can go ahead and "own" the account. "Since messages were encrypted without being validated first, WhatsApp and Telegram were blind to the content, thus making them unable to prevent malicious content from being sent," researchers note in their post. The vulnerability was disclosed to WhatsApp and Telegram last week, and they've both rolled out updates for their web clients soon after. All users need to do to get the update is restart their browser, so it's probably safe to say everyone is now protected. The impact of this bug is massive. WhatsApp has over 1 billion users worldwide, and Telegram has another 100 million monthly users. It's unknown at this point what percentage of these numbers use the web platforms provided by the apps. The technical details In the case of WhatsApp, Check Point researchers managed to bypass the restrictions set by the app's mechanism by uploading a malicious HTML document with a legitimate preview of an image to fool a victim into thinking they were clicking on a link to view a cool cat picture, or whatever else may interest them. Once the victim clicks on the document, the URL is accessed and users can say good-bye to their accounts. "Once he clicks on the file, the victim will see a funny cat under blob object which is an html5 FileReader object under web.whatsapp.com. That means the attacker can access the resources in the browser under web.whatsapp.com," the post reads. The user doesn't have to do anything else because just clicking on the link makes the victim's local storage data available to the attacker. Via a JavaScript function that checks frequently for new data, the local storage is replaced with the victim's. The attack on Telegram works pretty much the same with the attackers having to bypass the upload policy in order to upload a malicious HTML document with a mime type of a video file. Once the file is accessed, the attacker can get its hands on the users' data. Thankfully, however, this problem has been fixed. It is unknown if anyone else picked up on the problem before it was reported to the two companies. "This flaw shows how difficult it is to balance security and usability. WhatsApp did the right thing by encrypting the content, but by doing it too early in the message analysis pipeline, they could not determine that a message might be crafted to contain malicious code. This code could then access malicious information, which could be used to log into a user’s account for the web application. This flaw could be easily mitigated by using 2-factor authentication (recently introduced by WhatsApp), which has been proven to be one of the best security mechanisms to prevent wide-spread compromise," said Professor Giovanni Vigna, co-founder of malware detection firm Lastline. “As the bad guys get smarter our applications need to keep up. More and more of our communications are open to abuse from cybercriminals and the opportunistic eaves dropper. One of the ways to get around this process is using something called end-to-end message encryption. WhatsApp states that “When end-to-end encrypted, your messages, photos, videos, voice messages, documents, status updates and calls are secured from falling into the wrong hands.” I.e. I encrypt it (automatically) from my application before I send it and you decrypt it at your end when you receive it. That means if anyone compromises the data in transit they are unable to use or identify anything within it, and there lies the problem - it limits your options for checking for anything malicious. Luckily this only affected the web platform so once resolved by WhatsApp themselves it only requires a browser restart," added Mark James, security specialist at ESET. Updated to include expert commentary. Source
  16. Encrypted messaging apps are safe, as long as the CIA doesn't target you There seems to be a bit of an uproar online as people are urging each other to dump the messaging apps they've been using because the CIA can render useless the encryption safeties they set in place. The problem, however, is with the operating systems of the phones, not the apps themselves, Following the Vault 7 revelations from WikiLeaks, many people worry that their privacy is at risk due to the newly exposed capacities of the CIA. Of course, so far, there's been no indication that the CIA is doing anything illegal with its powers, aside from the fact that it really should be sharing the zero-day vulnerabilities it finds with the companies they affect so they can fix them and protect millions of users. Then, there's the fact that, according to the files, the CIA has developed malware that can bypass the encryption layers used by apps such as WhatsApp, Signal, Telegram and so on. This isn't the fault of the apps, however, since the CIA based its malware on vulnerabilities it discovered in iOS and Android, zero-day bugs it chose to keep secret rather than share with Apple and Google, respectively. There's nothing the app can do if the OS is compromised Basically, when the operating system is attacked in such a way, there's very little an app can do to protect the user further. The app itself is made to fit with the operating system; it depends on it to work properly. Once you receive a message, the app will do what it was built to do - decrypt the message. If the operating system has been compromised by malware such as the one built by the CIA, the data is no longer protected. Even regular hackers can compromise your device without that much trouble as bypassing app encryption settings. If, for instance, you tap a link you shouldn't, download a malicious file which then triggers a malware to be downloaded to your device, you can be just as vulnerable. One method many hackers use to get their hands on your data is to take a screenshot every half second, or every second. That alone would expose whatever you are typing, protected by end-to-end encryption or not. The CIA's job Once more, we should point out that there is no indication that CIA is using these tools on the masses. They could very well simply use them on their criminal targets. Of course, given our history with the NSA leaks a few years back, the CIA may very well have overreached too, although mass-spying is less likely with the CIA than the NSA. "The CIA, like any other governmental intelligence agency, uses and will continue using various hacking tools and techniques to obtain any information they need to protect the country. This is their duty. So far, we don't have any evidence that these capacities were used unlawfully, for example, to violate reasonable expectation of privacy of innocent US citizens or for illicit interference with elections," High-Tech Bridge CEO Ilia Kolochenko told Softpedia. At this point, the worst we can accuse the CIA of is collecting zero-day vulnerabilities and exploiting them instead of sharing the data with the companies that could protect millions of users by patching up their systems. Source
  17. Explained — What's Up With the WhatsApp 'Backdoor' Story? Feature or Bug! What is a backdoor? By definition: "Backdoor is a feature or defect of a computer system that allows surreptitious unauthorized access to data, " either the backdoor is in encryption algorithm, a server or in an implementation, and doesn't matter whether it has previously been used or not. Yesterday, we published a story based on findings reported by security researcher Tobias Boelter that suggests WhatsApp has a backdoor that "could allow" an attacker, and of course the company itself, to intercept your encrypted communication. The story involving the world's largest secure messaging platform that has over a billion users worldwide went viral in few hours, attracting reactions from security experts, WhatsApp team, and Open Whisper Systems, who partnered with Facebook to implement end-to-end encryption in WhatsApp. Note: I would request readers to read complete article before reaching out for a conclusion. And also, suggestions and opinions are always invited What's the Issue: The vulnerability relies on the way WhatsApp behaves when an end user's encryption key changes. WhatsApp, by default, trusts new encryption key broadcasted by a contact and uses it to re-encrypt undelivered messages and send them without informing the sender of the change. In my previous article, I have elaborated this vulnerability with an easy example, so you can head on to read that article for better understanding. Facebook itself admitted to this WhatsApp issue reported by Boelter, saying that "we were previously aware of the issue and might change it in the future, but for now it's not something we're actively working on changing." What Experts argued: According to some security experts — "It's not a backdoor, rather it’s a feature to avoid unnecessarily re-verification of encryption keys upon automatic regeneration." Open Whisper Systems says — "There is no WhatsApp backdoor," "it is how cryptography works," and the MITM attack "is endemic to public key cryptography, not just WhatsApp." A spokesperson from WhatsApp, acquired by Facebook in 2014 for $16 Billion, says — "The Guardian's story on an alleged backdoor in WhatsApp is false. WhatsApp does not give governments a backdoor into its systems. WhatsApp would fight any government request to create a backdoor." What's the fact: Notably, none of the security experts or the company has denied the fact that, if required, WhatsApp, on government request, or state-sponsored hackers can intercept your chats. What all they have to say is — WhatsApp is designed to be simple, and users should not lose access to messages sent to them when their encryption key is changed. Open Whisper Systems (OWS) criticized the Guardian reporting in a blog post saying, "Even though we are the creators of the encryption protocol supposedly "backdoored" by WhatsApp, we were not asked for comment." What? "...encryption protocol supposedly "backdoored" by WhatsApp…" NO! No one has said it's an "encryption backdoor;" instead this backdoor resides in the way how end-to-end encryption has been implemented by WhatsApp, which eventually allows interception of messages without breaking the encryption. As I mentioned in my previous story, this backdoor has nothing to do with the security of Signal encryption protocol created by Open Whisper Systems. It's one of the most secure encryption protocols if implemented correctly. Then Why Signal is more Secure than WhatsApp? You might be wondering why Signal private messenger is more secure than Whatsapp, while both use the same end-to-end encryption protocol, and even recommended by the same group of security experts who are arguing — "WhatsApp has no backdoor." It's because there is always room for improvement. The signal messaging app, by default, allows a sender to verify a new key before using it. Whereas, WhatsApp, by default, automatically trusts the new key of the recipient with no notification to the sender. And even if the sender has turned on the security notifications, the app notifies the sender of the change only after the message is delivered. So, here WhatsApp chose usability over security and privacy. It’s not about 'Do We Trust WhatsApp/Facebook?': WhatsApp says it does not give governments a "backdoor" into its systems. No doubt, the company would definitely fight the government if it receives any such court orders and currently, is doing its best to protect the privacy of its one-billion-plus users. But what about state-sponsored hackers? Because, technically, there is no such 'reserved' backdoor that only the company can access. Why 'Verifying Keys' Feature Can't Protect You? WhatsApp also offers a third security layer using which you can verify the keys of other users with whom you are communicating, either by scanning a QR code or by comparing a 60-digit number. But here’s the catch: This feature ensure that no one is intercepting your messages or calls at the time you are verifying the keys, but it does not ensure that no one, in the past had intercepted or in future will intercept your encrypted communication, and there is no way, currently, that would help you identify this. WhatsApp Prevention against such MITM Attacks are Incomplete WhatsApp is already offering a "security notifications" feature that notifies users whenever a contact's security code changes, which you need to turn on manually from app settings. But this feature is not enough to protect your communication without the use of another ultimate tool, which is — Common Sense. Have you received a notification indicating that your contact's security code has changed? Instead of offering 'Security by Design,' WhatsApp wants its users to use their common sense not to communicate with the contact whose security key has been changed recently, without verifying the key manually. The fact that WhatsApp automatically changes your security key so frequently (for some reasons) that one would start ignoring such notifications, making it practically impossible for users to actively looking each time for verifying the authenticity of session keys. What WhatsApp should do? Without panicking all one-billion-plus users, WhatsApp can, at least: Stop regenerating users' encryption keys so frequently (I clearly don't know why the company does so). Give an option in the settings for privacy-conscious people, which if turned on, would not automatically trust new encryption key and send messages until manually accepted or verified by users. ...because just like others, I also hate using two apps for communicating with my friends and work colleagues i.e. Signal for privacy and WhatsApp because everyone uses it. Source
  18. WhatsApp Security: Make This Change Right Now! Security researchers found a backdoor in the popular messaging application WhatsApp recently that could allow WhatsApp to intercept and read user messages. Facebook, the owner of WhatsApp, claims that it is impossible to intercept messages on WhatsApp thanks to the services end-to-end encryption. The company states that no one, not even itself, can read what is sent when both sender and recipient use the latest version of the application. It turns out however that there is a way for WhatsApp to read user messages, as security researcher Tobias Boelter (via The Guardian) found out. Update: In a statement sent to Ghacks, a WhatsApp spokesperson provided the following insight on the claim: WhatsApp has the power to generate new encryption keys for users who are not online. Both the sender and the recipient of messages are not made aware of that, and the sender would send any message not yet delivered again by using the new encryption key to protect the messages from third-party access. The recipient of the message is not made aware of that. The sender, only if Whatsapp is configured to display security notifications. This option is however not enabled by default. While WhatsApp users cannot block the company -- or any state actors requesting data -- from taking advantage of the loophole, they can at least activate security notifications in the application. The security researcher reported the vulnerability to Facebook in April 2016 according to The Guardian. Facebook's response was that it was "intended behavior" according to the newspaper. Activate security notifications in WhatsApp To enable security notifications in WhatsApp, do the following: Open WhatsApp on the device you are using. Tap on menu, and select Settings. Select Account on the Settings page. Select Security on the page that opens. Enable "show security notifications" on the Security page. You will receive notifications when a contact's security code has changed. While this won't prevent misuse of the backdoor, it will at least inform you about its potential use. Source Alternate Source - 1: WhatsApp Encryption Has Backdoor, Facebook Says It's "Expected Behaviour" Alternate Source - 2: WhatsApp Backdoor allows Hackers to Intercept and Read Your Encrypted Messages Alternate Source - 3: Oh, for F...acebook: Critics bash WhatsApp encryption 'backdoor' Alternate Source - 4: Your encrypted WhatsApp messages can be read by anyone Alternate Source - 5: How to protect yourself from the WhatsApp 'backdoor' Alternate Source - 6: 'Backdoor' in WhatsApp's end-to-end encryption leaves messages open to interception [Updated] Detailed Explanation of the Issue and Prevention/Alternatives:
  19. Recent times have highlighted the need for better security against surveillance and privacy of every citizen yet there is small businesses who aim to reverse this all in the name of profit and today it has become clear to CWN that one of these smaller businesses, WtSpy has been breached and had a small amount of account information dumped. WtSpy is an service built for whatsapp.com that is provides an application designed for mobile devices that allows you to 'spy' on other users account activity. WtSpy attempts to sell its service as a way for parents to monitor their children and for employers to monitor their employees but there is no restriction as to who can register and one of the features they claim to provide is monitoring who a person is speaking to, when and how long for. The breach happened on the 4th of June 2016 by a hacker using the alias bRpsd and it appears the breach not only dumped data but left the website defaced too. The data was pasted to ghostbin and uploaded to various file sharing sites, some of which are still sharing the 30.6MB zip file which when extracted totals 112MB from 19 files over 10 folders. The content in the breach ranges from various android APK, server logs and user and administrator account information, user payment information and logs as well as a single image file called "Scam proof" which is published below but only shows a redacted page from the websites control panel which allows the administrator to set features for the payment types. Records Users/Accounts.txt 179,802 user accounts with usernames,email addresses and clear text passwords (some are encrypted, unsure why) Users/Messages.csv 700 msgs, mostly junk Users/Payments.csv 141,531 payment log entries with payment date, type, (unimportant information) Users/Admin Login.txt 1 administrator account with the weak password of okokfine. Users/old/Users.csv 76,699 user accounts in the same format as Users/Accounts.txt. All folders and contents: scam_proof.png One thing to take away from this if anything is that 29 of the registered accounts are using Saudi Arabia government emails addresses within the registration and that these types of tools appear to not be uncommon with a google search for "whatsapp, can i see who my contacts talk to" returns many promising results on how to get this done. Article source
  20. A dramatic privacy about-face by messaging app WhatsApp this summer, in which it revealed an update to its T&Cs would for the first time allow the sharing of its user data with parent company Facebook, is getting the pair into hot water in Europe. This week Facebook was ordered to stop harvesting data on WhatsApp users in Germany by the Hamburg city DPA, which hit out at the controversial change to WhatsApp’s T&Cs as both misleading to users and a breach of national data protection law. (Facebook disagrees, and is appealing the order in Germany.) It now looks the UK’s national data protection watchdog, the ICO, is preparing to ramp up its action too. The ICO had already been — in its words — “considering” the deal, questioning whether the two companies were being transparent with users about how their data is being shared and used. But speaking to the BBC’s PM program on Radio 4 yesterday, information commissioner Elizabeth Denham said it has launched “an investigation into the data-sharing”. Asked by the BBC whether the ICO intends to follow the Hamburg DPA’s lead and order the data-sharing to be stopped, Denham said: “My intervention is an advocacy intervention on behalf of all of the WhatsApp users in the UK — and boy have we heard from them! They are quite concerned. “There’s a lot of anger out there. And again it goes back to promises, commitment, fairness and transparency. We have launched an investigation into the data-sharing, remembering that in 2014 when Facebook bought WhatsApp there was a commitment made that between the two companies they would not share information.” The new WhatsApp T&Cs state that user data — including the mobile number used to register to use the service and a user’s last seen time within the app — will be shared with Facebook and the “Facebook family of companies”, including for marketing and ad targeting purposes. Users reading the T&Cs before clicking ‘I agree’ might notice that there is a way to opt out of the data-sharing for ad targeting — but the agreement default opts users in, and the text next to the toggle to refuse to share is arguably confusingly worded. So it’s likely that many WhatsApp users will have agreed to the new privacy policy without realizing that means they are now handing data to Facebook. “It’s an active and important investigation,” Denham added, during the PM interview. “I know the public wants to hear from us as to what we’re doing — and you will hear from us very shortly.” A spokeswoman for the ICO could not confirm whether or not the ICO has a formal investigation into the data-sharing underway at this point, but did say it would be putting out an update soon, perhaps later today or on Monday. In the PM interview, Denham was also pressed on whether the ICO is doing anything to stop data flowing now, while it probes the arrangement, but she said she thinks no data is yet flowing from UK WhatsApp users to Facebook. “We are told that data is not yet being shared — so I am hoping that there is a pause in the data-sharing, and some rethinking of the terms and the consent and what data is being shared,” she said. We’ve asked Facebook to confirm whether or not it is harvesting UK WhatsApp data at this point or not and will update this post with any response. Making a general statement about the data-sharing agreement earlier this month, Europe’s Article 29 Working Party, the data protection body that represents the collective views of the DPAs of all 28 Member State of the EU, asserted that: “Users should keep control of their data when Internet giants massively compile it.” Denham also referenced the WhatsApp-Facebook privacy controversy in other public comments this week, making her first public speech since taking over the role from the prior ICO, Christopher Graham. Speaking at an event in London she noted: “We are currently reviewing data sharing between WhatsApp and other Facebook companies — all of this is about transparency and individual control.” (Ironically that event, a one day conference entitled Personal Information Economy 2016, organized by a business consultancy called Ctrl–Shift, was funded with the help of Facebook cash — the event organizers confirmed to TechCrunch Facebook was one of the sponsors. So no surprise another of the speakers was Facebook’s Stephen Deadman, aka its global deputy “Chief Privacy Officer”. Ctrl Shift said all sponsors for the event were “printed clearly” in the event brochure that was shared with delegates on the day.) In a wide-ranging first public speech that set our her priorities for leading the UK regulator through turbulent post-Brexit times, Denham said the ICO intends to pick and choose its investigations with the aim of maximizing its impact — to, as she put it, “enable results which can cascade across a sector”. She added that technology is “already at the forefront of most of our major investigations”, noting that the ICO has also been asking questions about the massive Yahoo data breach, finally confirmed last week. “As an independent regulator we have powers to issue fines of up to half a million pounds which could eventually rise to four percent of a business’ global turnover,” she warned. “In an ideal world we wouldn’t need to enforce, but we will use the stick in the cupboard when necessary. And remember it’s not just about the money — it’s about your reputation too, with your customers, the public and in the media spotlight.” EC’s competition commissioner also eyeing big data and privacy The Facebook-WhatsApp data-sharing agreement has also caught the attention of the EC’s competition commissioner, Margrethe Vestager, who earlier this month revealed her department was asking questions about the privacy policy changes, noting that the fact they didn’t merge data was factored in when the acquisition was approved. Speaking at a conference on big data in Brussels this week, Vestager argued for the need for EU-wide regulation on data — referencing the Facebook-WhatsApp controversy and suggesting new rules are needed to enable the region’s regulators to keep up with tech giants’ use (and potential misuse) of data. “Europe’s competition enforcers need to work together on big data — not just the Commission, but the national competition authorities as well,” she said. “Many of them are already doing that. Our French colleagues have launched a sector inquiry on big data. And the German authority is looking at whether Facebook may have misused its power to impose unfair privacy terms. “But if we want to be able to deal with big data issues throughout the EU, then every national authority has to have the tools it needs to enforce the rules… I think there’s a strong case for new EU rules as part of the answer.” Big data as a currency that can be used by tech giants to stifle competition is a theme Vestager has spoken on several times before. This post was updated to include Vestager’s comments on Facebook-WhatsApp sharing data Source: https://techcrunch.com/2016/09/30/whatsapps-privacy-u-turn-on-sharing-data-with-facebook-draws-more-heat-in-europe/
  21. CatchApp Tool Can Siphon Encryption WhatsApp Messages From A Distance Israeli company claims it has developed CatchApp tool which can siphon encrypted WhatsApp data from a distance You may have seen in many Hollywood movies in which the main protagonist, an agent from the CIA or FBI placing his/her mobile besides the victim’s smartphone and copying data from it. Up to now, siphoning data from any smartphone just by being in its proximity was considered fiction but now an Israeli cyber surveillance company claims it has developed a sophisticated tool called CatchApp which can siphon off all WhatsApp chats, including encrypted communications, from phones within close proximity of a hidden Wi-Fi hacking device in a backpack. Haifa-based Wintego has released brochures for its CatchApp tool which it calls as a WhatsApp interceptor. Wintego promises that the Catchall App has an “unprecedented capability” to break through WhatsApp encryption and grab full data from a target’s account. It does so through a “man-in-the-middle” (MITM) attack; in theory, the traffic is intercepted between the app and the WhatsApp server and somehow the encryption is decoded by the device, though that may not be possible with the latest upgrades to the software’s cryptography. The company did not elaborate on how its CatchApp tool manages to decode/decrypt the WhatsApp encryption but Forbes has noted that the tool works on most versions of WhatsApp. The company has released the brochures of the App to advertise it to different police and law enforcement agencies around the globe. The CatchApp tool is a part of larger Wintego arsenal called WINT. According to the company, WINT hacking tool can fit into backpack. The company calls WINT a “data extraction solution” and says that it can can obtain “the entire contents of your targets’ email accounts, chat sessions, social network profiles, detailed contact lists, year-by-year calendars, files, photos, web browsing activity, and more” just by being near the victim’s PC/laptop/smartphone. It does that by acquiring login credentials for distinct accounts and then silently downloads “all the data stored therein”. Wintego claims WINT first gains access to a device by intercepting Wi-Fi communications, whether they’re open or private encrypted networks. WINT uses four separate Wi-Fi access points so it can track multiple targets and high-gain antennas to catch those at a distance. It’s small enough to fit into any backpack, said Wintego, so is ideal for stealthy operations. The details about Wintego dealings are top secret but reports indicate that it was founded by alumni of Verint, another Israeli firm. Verint itself was the top cyber surveillance tools supplier for America’s National Security Agency (NSA). According to Forbes, Yuval Luria acts as the face of the company, promoting the kit at major surveillance shows. He recently presented at the ISS World Training event in Prague (also known as the Wiretappers’ Ball), giving a talk on A Hybrid Tactical-Strategic Approach for Extracting Cyber Intelligence. Nhevo Kaufman appears to act as company chief, having set up the firm’s website back in 2011. Both the above tools are for sale only to police, law enforcement and spy firms but it is nowhere stated that the same can’t be bought by rogue actors. Source
  22. German Officials Order Facebook to Delete WhatsApp User Data Facebook was infringing data protection law Needless to say that WhatsApp users weren't pleased with the new feature and they quickly found a workaround that allowed them to disable the sharing feature within 30 days from installing or updating the app on their phones. The measure would pose some security and privacy concerns, which meant that WhatsApp had to update its terms and privacy policy, which it did for the first time in four years. WhatsApp is one of the most secure chatting applications out there, with default message encryption and self-destruct messages that make sure that no one can access conversations between users. Since the app is focused on privacy and security, it's only normal that users were concerned by this measure for sharing information with Facebook. It seems that users from Germany no longer need to worry about this, since the Hamburg Commissioner for Data Protection and Freedom of Information ordered Facebook to delete user data shared from WhatsApp. Facebook is willing to work with the Commission to resolve the issue The report by Reuters mentions that Facebook was infringing data protection law and WhatsApp's 35 million users in Germany didn't provide effective approval for sharing their information. "After the acquisition of WhatsApp by Facebook two years ago, both parties have publicly assured that data will not be shared between them," commissioner Johannes Caspar said in a statement. "The fact that this is now happening is not only a misleading of their users and the public, but also constitutes an infringement of national data protection law," Caspar added. The Commission also said that Facebook and WhatsApp are independent companies that should process user data based on their own terms and conditions. Facebook issued a statement saying that the company is working with the Hamburg DPA to resolve any concerns. Facebook bought WhatsApp for $19 billion two years ago. Source More info on this news - Alternate Source - Germany bans Facebook from collecting WhatsApp users' data
  23. Information Commissioner To Investigate Data Sharing Between WhatsApp And Facebook WhatsApp's plans to share user data with Facebook are to be investigated by the Information Commissioner's Office (ICO) in the UK. The change in privacy policy goes against a previous public commitment not to share data in this way. The ICO has the power to regulate how companies make use of data belonging to people located in the UK, even if the companies themselves are located elsewhere. A key concern is whether there will be compliance with data protection laws. Users are particularly upset about the data sharing plans because when Facebook acquired WhatsApp back in 2014, the company said clearly that data would not be shared in this way. The backlash on social media has, predictably, resulted in many people complaining that they will stop using WhatsApp. It has also been suggested that in sharing private data from WhatsApp, Facebook will be violating an agreement it struck with the Federal Trade Commission. Information commissioner Elizabeth Denham said: Anyone who is concerned about their privacy is reminded that they can use WhatsApp's instructions to prevent data sharing. Or they could stop using WhatsApp... Source
  24. WhatsApp Is To Hand Your Phone Number To Facebook Roses are red, violets are blue, Facebook knows all that you think, say and do WhatsApp has updated its terms and privacy policy for the first time in four years as part of parent company Facebook’s plans to generate cash through app users' data. While WhatsApp has been a separate service from Facebook since its acquisition for $16bn two years ago, the companies are now going to enjoy a cosier relationship. If you’re a WhatsApp user you can expect the app to soon export more of your information to Facebook as the megacorp seeks to bleed some revenue from businesses by allowing them to advertise to you, without using third-party banner advertisements and spam. This will not affect the privacy of the content of users’ messages. As WhatsApp integrates the Signal messaging protocol, messages are protected with end-to-end encryption. “We won’t post or share your WhatsApp number with others,” the business stated today, “including on Facebook, and we still won’t sell, share or give your phone number to advertisers.” This suggests that WhatsApp might yet offer itself as a platform for business to contact you through, but the company itself has announced that “by coordinating more with Facebook, we'll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp.” That sounds lovely, of course, until the statement continued: “And by connecting your phone number with Facebook's systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them. For example, you might see an ad from a company you already work with, rather than one from someone you've never heard of.” Users are not able to opt out of this data sharing, although you can choose not to allow to be shared for the purpose of improving their experience with advertisements and product experiences on Facebook. WhatsApp is seeking to integrate features that regularly take place over SMS at the moment: "Whether it's hearing from your bank about a potentially fraudulent transaction, or getting notified by an airline about a delayed flight, many of us get this information elsewhere, including in text messages and phone calls. We want to test these features in the next several months, but need to update our terms and privacy policy to do so." Source Related Alternate Source Articles: WhatsApp to Share Your Data with Facebook — You have 30 Days to Stop It Use WhatsApp? Get ready to receive marketing messages from firms WhatsApp to give users' phone numbers to Facebook for targeted ads WhatsApp to share your user data with Facebook WhatsApp to share user data including phone numbers with Facebook WhatsApp does about face, will serve ads in Facebook-owned app WhatsApp to Share User Phone Number with Facebook For Advertising Block WhatsApp from sharing (most) data with Facebook
  25. WhatsApp Fails to Properly Delete Your Chats The problem is in the way WhatsApp's SQLite DB deletes data The core issue at the heart of this problem is the SQLite database, which WhatsApp and many other more mobile applications use to store data on the phone they are installed. WhatsApp's SQLite database fails to delete data Zdziarski has discovered that, when a user deletes a WhatsApp conversation, SQLite's normal mode of operation is to mark the data as deleted and add it to a "free list" of database entries that can be re-written by other information, instead of actually wiping the data from its index. The developer says that there can be cases where months pass without the data being overwritten with other information. During all this time, the data lingers around on the device and is included as part of the app's database when the user creates backups of their device. Zdziarski says that if the user backs up their device to an iCloud account, because there is no encryption enforced, the WhatsApp SQLite database gets backed up in clear text, and law enforcement can force Apple to hand over the backup files and implicitly the deleted WhatsApp messages, still present in the database. There are several ways to recover deleted WhatsApp messages If the user backs up their device to their own computer, the data is again susceptible to the same process of reverse-engineering and getting the deleted WhatsApp messages. Apple also allows users to create and save backups to computers protected with encryption. If the backup password (encryption key) is short and simple, the researcher says that there are ways to brute-force the password and break the encryption. If the user stores this backup password in the Apple Keychain utility, then there are forensics tools that can leak the content of the Keychain and allow access to the WhatsApp SQLite database. Furthermore, any attacker with access to the user's iOS device can retrieve the SQLite database and recover deleted conversations. iMessage has the same problem, Signal does not Zdziarski says that other apps that use SQLite databases to store data on iOS devices are likely affected by the same problem. The researcher says that iMessage suffers from the same issue but highlights that the Signal messaging app does not. In his blog post, Zdziarski details four ways that app developers and users could mitigate this issue and also recommends four solutions that Facebook could implement to fix WhatsApp's SQLite problem. "Software authors should be sensitive to forensic trace in their coding. The design choices they make when developing a secure messaging app has critical implications for journalists, political dissenters, those in countries that don’t respect free speech, and many others," Zdziarski says. "A poor design choice could quite realistically result in innocent people - sometimes people crucial to liberty - being imprisoned." Source
×