Month: January 2014

Snapchat working to fix security for “Find Friends”

Snapchat has responded to yesterday’s hack that left over 4.6 million usernames and phone numbers exposed. The company has acknowledged the fact that it was warned by a security group about the vulnerability back in August 2013 and had taken steps toward securing the exploited Find Friends feature.

Snapchat took measures like rate limiting requests but apparently it wasn’t enough to stop hackers, who abused Snapchat’s API by flooding it with requests for random phone numbers. Phone numbers could then be matched up with a database of real phone numbers. Snapchat reassures that no other information was leaked in the attack.

In a plea to help make the service better, Snapchat asked security researchers to contact the company directly by email (security@snapchat.com) instead of using found exploits, which the hackers behind Snapchatdb.info did.

Users can look forward to an update to the Snapchat app which plugs this security hole soon, though the company did not provide a specific date. Users will also be able to opt-out of appearing in Find Friends after verifying their phone number, which is a welcomed layer of security.

Download Snapchat: Android | iOS

Source: Snapchat

RELATED STORIES

Winamp sold to Radionomy

When AOL announced it would be shuttering its Winamp music player, fans were disappointed and quickly gathered to persuade AOL to open source its code to keep it alive. Today, TechCrunch reports that AOL (its parent company) is selling Winamp and Shoutcast to internet radio aggregator, Radionomy. A forum member was first to notice that Winamp’s nameservers were being to transferred to Radionomy.

Radionomy currently has 6,000 internet radio channels and could be looking to bolster its catalog with Shoutcast’s 50,000 plus catalog of radio stations. TechCrunch also speculates that Winamp could help Radionomy with playback and other additional services.

Although Winamp stated it would shut down Winamp’s services and remove downloads for Winamp on December 20th, users are still able to download the media player from the company’s site. It’s unclear what Radionomy will do with Winamp so now is a good time to download a copy of Winamp before it’s no longer available.

Download Winamp for Windows

Source: TechCrunch

RELATED STORIES

Firefox app for Windows 8 delayed again, aims for March release

Windows 8 users will have to wait just a bit longer to get their hands on Mozilla Firefox for the Windows Modern UI. Mozilla has already pushed back the release date once and is doing it again due to the myriad of bugs to be fixed before the app is stable enough. The company first announced its intention to create a Modern-UI app back in February 2012, almost two years ago.

The Modern-UI version of Firefox will be launching with version 28 of the desktop version of Firefox. Previously, Mozilla expected to roll out the app with Firefox 27, the next version of Firefox for desktops.

For those who can’t wait, Mozilla currently has a beta version of Firefox for Windows 8 Touch in the Aurora and Nightly channels of its desktop browser. Users will have to download and install the desktop version of an Aurora or Nightly build and set it as the default browser for the operating system. This will create a tile in the Modern UI interface.

Source: Mozilla | Via: Neowin

RELATED STORIES

Snapchat hack exposes 4.6 million usernames and phone numbers

A recent Snapchat hack has left over 4.6 million usernames and phone numbers exposed. This news comes just days after security research firm, Gibson Security, warned Snapchat of a vulnerability that would allow attackers access to this data.

While Snapchat was aware of the security issues with its friend finder feature, it dismissed the issue in a blog post written on December 27th saying  the company had “implemented various safeguards to make it more difficult to do.” The blog post goes on to explain how the hack would work:

“Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way.”

And that’s exactly what the hackers did. A website called SnapchatDB.info quickly appeared (and has since been taken down), offering the usernames and passwords of 4.6 million Snapchat users. The hackers behind SnapchatDB.info explained to The Verge that they wanted to bring this vulnerability to light so that Snapchat would take it seriously. While the site has since been taken down, caches and mirrors of the database are still circulating the internet.

This hack will create huge headaches for millions of Snapchat users as changing a phone number is not as simple as changing a password. Users who have had their user names and phone numbers exposed will now be vulnerable to SMS based phishing and malware attacks. Users should be wary of calls and texts from unknown numbers. Snapchat has yet to formally respond to news of the hack nor has the company patched the security hole.

To check if your information has been leaked in this attack, check out Have I Been Pwned to see if your username has been exposed. We’ve covered Have I Been Pwned previously after Adobe’s database hack.

Source: SnapchatThe Verge

RELATED STORIES