![]() Security Week Exclusive: Flaws in Zooms Keybase App Kept Chat Images From Being Deleted Paul Roberts, The Security Ledger. Even if a user had set the content to 'explode' or delete, the cache still contained residual image files as Keybase failed to adequately clear them. On Mac machines, all it took to recover this content was to view the directory, but on Windows, image file extensions would need to be changed to. However, the fate of Keybase’s existing products is a bit murky. This does mean that the issue remains local however, even local vulnerabilities need to be patched rapidly by services that promote themselves as privacy-centric. In a blog post today, Keybase said: Initially, our single top priority is helping to make Zoom even more secure. Keybase is owned by Zoom and currently has almost half a million privacy-focused users. "An attacker that gains access to a victim machine can potentially obtain sensitive data through gathered photos, especially if the user utilizes Keybase frequently," Jackson said. Here’s how it kept chat images that were retrievable. This is a post from Read the original post: Deleted Keybase chat images retrievable on Windows, macOS, Linux. The photos then can be stored insecurely on a case-by-case basis." "A user, believing that they are sending photos that can be cleared later, may not realize that occasionally pasted photos are not cleared from the cache and may send photos of credentials, etc, to friends or may even send other sensitive data. The vulnerability was reported through Keybase's bug bounty program on HackerOne on January 9, 2021. A fix was issued on January 23 which resolved the bug and also cleared out all of the images on clients that should have been previously wiped. Update 17.14 GMT: A Zoom spokesperson told ZDNet: Public disclosure was held back until February 22 to give users time to apply the update and Jackson was awarded $1,000 for his report. Flaws in deleted keybase kept chat update# Keybase Teams is a tool in the Group Chat & Notifications category of a tech stack. "Zoom takes privacy and security very seriously and appreciates vulnerability reports from researchers. We addressed the issue identified by the Sakura Samurai researchers on our Keybase platform in version 5.6.0 for Windows and macOS and version 5.6.1 for Linux. Users can help keep themselves secure by applying current updates or downloading the latest Keybase software with all current security updates. Flaws in deleted keybase kept chat software#įlaws in deleted keybase kept chat software#.Flaws in deleted keybase kept chat update#. ![]() This has caused venture capitalist investors, such as Tyler and Cameron Winklevoss, to call on entrepreneurs to build out censorship-resistant platforms for the Web3 age. News of Keybase’s acquisition comes as discontent with centralized social media and messaging platforms intensifies online, as these networks increasingly move to police their content. “We are proud to offer Gab Chat, an end-to-end encrypted alternative to Keybase, and will soon be launching ON-our video conferencing alternative to Zoom,” said Torba. Torba previously told Decrypt last year that Gab, a “free speech software company” that has come under fire for allegedly providing a safe space for hate speech, planned to fork Keybase, remove the “shitcoin” Stellar and replace it with Bitcoin. “It’s disappointing to see Keybase sellout to a company with 700 employees in China that has openly admitted to routing data through Chinese servers among other shady activities,” he said. Gab CEO Andrew Torba told Decrypt that Keybase sold out for all the wrong reasons. ![]() ![]() Other critics, however, were less forgiving. “Users should demand that Zoom makes their client open source to truly mitigate privacy concerns.” “Keybase devs will probably integrate some of their functionality directly into Zoom's closed source apps, while the main Keybase product gets less development resources and is eventually phased out,” Odell said. Odell added that the deal seems to be “mostly an acquihire,” referring to how one company might acquire another primarily to use the skills and expertise of its staff, rather than integrating the acquired firm’s products directly. He told Decrypt that “as a Keybase user this really sucks, but on a positive note, it's good to see end to end encryption becoming a mainstream requirement.” Privacy expert and Tales from the Crypt podcast host Matt Odell runs the “the largest Bitcoin focused Keybase group,”. ![]()
0 Comments
Leave a Reply. |