Secure chat software Telegram will reveal in which the Copy-Paste of the text-vulnerability warning-the black bar safety net

ID MYHACK58:62201677561
Type myhack58
Reporter 佚名
Modified 2016-08-03T00:00:00


! Security researcher Kirill Firsov found,currently more popular chat app Telegram the occurrence of a data breach. In OS X versions, the application will take the user to copy and paste the text is written to the/var/log/system. log file(the file is also known as syslog) ,and thus the private conversation or notes of the contents of the backup. MacOS on the Telegram will put each of the pasted message is logged to syslog,even if is the secret of dialogue is no exception.@ durov in the end what happened? -- Kirill Firsov(@k_firsov), 2 0 1 6 7 2 3, Telegram and recently appeared on the market many of the new software, is committed to create a safe chat environment,and self-proclaimed than the chat application WhatsApp“more security”. Macs will use the system log to save seven days,and the attacker usually needs to device physical access to read these logs. However, in a corporate environment, log messages can sometimes be forwarded to a dedicated log server,this will create a is not controlled by the user of the replica, also let the snooper with. The app's founder Pavel Durov via Twitter responded,he said access to the syslog file is difficult, and that you want to read a copy-paste of the text there is an easier way--“any application that can read your clipboard content.” within the app can not access the syslog, but any application can read your clipboard. --Pavel Durov (@durov), the 2 0 1 6 7 2 4,, He also noted that application vulnerabilities were disclosed soon after got patched,so now Telegram the user does not have to worry about data leakage. Before, due to more concern about security and privacy, Telegram usage has been on the rise, it has also been a focus on the privacy and security of users and criminals of all ages. This vulnerability could be corresponding with a reputation caused great influence, but since the problem has been solved quickly,the scope will be reduced. Facebook may be for your own chat software to add end-to-end encryption,therefore the Telegram and other services need to be more cautious, lest in the competition at a disadvantage.