![]() ![]() Optional: Change the conversation retention policy to auto-delete messages after 7 days. Ensure the macOS machine can see the messages. On the macOS Keybase client, switch out of the Chat tab and put the machine to sleep. In a statement, a Zoom spokesman said that the company appreciates the work of the researchers and takes privacy and security 'very seriously.' The application used a custom extension to name the files, but they were easily viewable directly or simply by changing the custom file extension to the PNG image format, researcher John Jackson told Security Ledger. 'We addressed the issue identified by the Sakura Samurai researchers on our Keybase platform in version 5.6.0 for Windows and macOS and version 5.6.1 for Linux. Users can help keep themselves secure by applying current updates or downloading the latest Keybase software with all current security updates,' the spokesman said. #Flaws in deleted keybase app chat software In most cases, the failure to remove files from cache after they were deleted would count as a 'low priority' security flaw. However, in the context of an end-to-end encrypted communications application like Keybase, the failure takes on added weight, Jackson wrote.Thus, if an attacker manages to establish local access onto the user’s machine, they could potentially access files that have supposedly been securely erased on Keybase. This is very bad, especially for users who have picked Keybase specifically to stay safe from authoritarian regimes. These users may have their devices seized by the police for analysis so that the “physical access” part wouldn’t be far-fetched for a significant portion of Keybase’s userbase. The discovery of the flaws came thanks to Zoom's bug bounty hunting program when it acquired the project back in May 2020. Thus, CVE-2020-23827 has already been reported to the firm and subsequently fixed with the release of Keybase 5.6.0 for Windows and Keybase 5.6.1 for macOS and Linux. If you are using an earlier version, make sure to update your Keybase client immediately. ![]() #Flaws in deleted keybase app chat update The patched releases came out on January 23, 2021, so it’s been a full month already. The bug bounty received by the Sakura Samurai team for this finding was $1,000, while the hacking group commented that Zoom was very responsive to their reports. #Flaws in deleted keybase app chat software. ![]() #Flaws in deleted keybase app chat full.#Flaws in deleted keybase app chat update. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |