Zoom Accused of Misleading Users With ‘End-to-End Encryption’ Claims

Zoom is facing fresh scrutiny today following a report that the videoconferencing app’s encryption claims are misleading.


Zoom states on its website and in its security white paper that the app supports end-to-end encryption, a term that refers to a way of protecting user content so that the company has no access to it whatsoever.

However, an investigation by The Intercept reveals that Zoom secures video calls using TLS encryption, the same technology that web servers use to secure HTTPS websites:

This is known as transport encryption, which is different from end-to-end encryption because the Zoom service itself can access the unencrypted video and audio content of Zoom meetings. So when you have a Zoom meeting, the video and audio content will stay private from anyone spying on your Wi-Fi, but it won’t stay private from the company.

As the report makes clear, for a Zoom meeting to be end-to-end encrypted, the call would need to be encrypted in such a way that ensures only the participants in the meeting have the ability to decrypt it through the use of local encryption keys. But that level of security is not what the service offers.

When asked by The Intercept to comment on the finding, a spokesperson for Zoom denied that the company was misleading users:

“When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point… The content is not decrypted as it transfers across the Zoom cloud.”

Technically, Zoom’s in-meeting text chat appears to be the only feature of Zoom that is actually end-to-end encrypted. But in theory, the service could spy on private video meetings and be compelled to hand over recordings of meetings to governments or law enforcement in response to legal requests.

Zoom told The Intercept that it only collects user data that it needs to improve its service – this includes IP addresses, OS details, and device details – but it doesn’t allow employees to access the content of meetings.

Last week, Zoom’s data sharing practices were criticized after it emerged that the service was sending data to Facebook without disclosing the fact to customers. The company subsequently updated the app to remove its Facebook log-in feature and prevent the data access.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

WildPressure targets industrial-related entities in the Middle East – 10 minute mail

In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine (KTAE) doesn’t show any code similarities with known campaigns. Nor have we seen any target intersections. In fact, we found just three almost unique samples, all in one country. So we consider the attacks to be targeted and have currently named this operation WildPressure.

The compilation timestamps for all these files is the same – March 2019. This is coherent with the fact that we registered no infections before May 31, 2019, so the compilation dates don’t seem to be spoofed. For their campaign infrastructure the operators used rented OVH and Netzbetrieb virtual private servers (VPS) and a domain registered with the Domains by Proxy anonymization service.

The malware uses the JSON format for configuration data and as a C2 communication protocol over HTTP as well. Inside the encrypted communications within the HTTP POST requests we found several interesting fields. One of them shows the malware version – 1.0.1. A version number like this indicates an early stage of development. Other fields suggest the existence of, at the very least, plans for non-C++ versions.

The only encryption implemented is the RC4 algorithm with different 64-byte keys for different victims. Also, the developers were kind enough to leave RTTI data inside the files. Kaspersky products detect this malware as Backdoor.Win32.Agent. For more information, please contact: [email protected]

Why we call it Milum and why it’s of interest

All the aforementioned C++ Trojans are compiled as standalone PE files, originally named Milum46_Win32.exe. The word ‘milum’ is used in the C++ class names inside the malware, so we named the Trojan after it.

Another distinctive characteristic is that the malware exports lots of zlib compression functions, such as zlibVersion(), inflate() or deflate(). This compression is needed for C2 communication, but in reality there is no need to export them in the case of a standalone application.

The JSON configuration fields are not limited to just the version and programming language; the campaign operators also use target IDs that are found in the samples. Among them, we found HatLandM30 and HatLandid3 – neither of which we are familiar with. The following table provides Milum samples that have similar PE header compilation timestamps but different target IDs:

Milum46_Win32.exe sample MD5 hash Timestamp (GMT) clientid
0C5B15D89FDA9BAF446B286C6F97F535 2019.03.09 06:17:19 839ttttttt
17B1A05FC367E52AADA7BDE07714666B 2019.03.09 06:17:19 HatLandid3
A76991F15D6B4F43FBA419ECA1A8E741 2019.03.09 06:17:19 HatLandM30

Rather than describing all the configuration fields one by one, we have gathered them together in the following table, with all the main characteristics for this malware family:

Programming language C++ with STL functions used mostly to parse JSON data and exception handling.
Configuration data Base64-encoded JSON data in PE resources. Includes timeouts, C2 URLs and keys for communication, including RC4 64-byte key.
Network protocol Trojan transmits compressed JSON data in HTTP POST requests with gzip, base64-encoded and RC4 encrypted.
Beacon data Encrypted JSON contains the malware version “1.0.1”, Epoch timestamp and client id. It also has specific fields such as “vt” and “ext” that correspond to programming language “c++” and file extension “exe”. If our hypothesis is correct, this suggests that non-C++ Trojan versions may be planned, if not already implemented.
Persistence HKCU autorun system registry keys Run and RunOnce.
Encryption The communication encryption used is RC4 with the 64-byte key stored in the configuration data.
Compression For compression the Trojan uses an embedded gzip code. For some reason gzip functions are exported from PE, although the samples are standalone executables, not DLLs.

Let’s dig a little deeper inside

The most popular sample in our telemetry was:

SHA256 a1ad9301542cc23a04a57e6567da30a6e14eb24bf06ce9dd945bbadf17e4cf56
MD5    0c5b15d89fda9baf446b286c6f97f535
Compiled     2019.03.09 06:17:19 (GMT)
Size   520704
Internal name       Milum46_Win32.exe

This application exists as an invisible toolbar window. The main malicious functions are implemented in a separate thread. Milum decodes its configuration data and, besides timeouts, it gets the parameters “clientid” and “encrypt_key” to use in RC4 encryption.

Example of the decoded and beautified configuration data. The “clientid” field differs in every sample observed

The following table describes the different configuration parameters:

Config parameter Parameter features
shortwait Pause in milliseconds between C2 communication working cycles
clientid Unique ASCII target name
encrypt_key RC4 encryption key for JSON-based C2 communications
relays – url Full URL to send HTTP POST beacon and GET commands
relays – key Unique ASCII key for each C2 to communicate with it

The operators can run the Trojan using the key (“b” or “B”) as the first argument and the file name as the second. In this case, Milum will delete the file sent as a parameter. Then the Trojan will create the C:ProgramDataMicappWindows directory and parse its configuration data to form the beacon to send to its C2.

To send the beacon, Milum uses the HTTP POST request with three parameters as enumerated in the table below.

Beacon parameter Parameter values
md Clientid from config, with prefix 01011 and random five-character ASCII suffix
nk Key from config to communicate with C2, differs for each server
val Compressed, encrypted and encoded command JSON data

The first two parameters are taken from the configuration data. The third one is encrypted and after decryption, decompression, decoding and beautifying, it looks like this:

Decoded and beautified JSON beacon to C2. In this case, the connection to the first server was unsuccessful

There are several fields worth mentioning here. We referred above to different programming languages besides C++: “vt” seems to reference a programming language and “ext” a file extension. The only reason that we could think of for keeping these is if the attackers have several Trojans, written in different languages, to work with the same control server.

Regarding the “command” field, the control servers were inaccessible at the time of the analysis, so we don’t have commands from them. However, we analyzed the command handlers in Milum’s code as described below:

Code Meaning Features
1 Execution Silently execute received interpreter command and return result through pipe
2 Server to client Decode received content in “data” JSON field and drop to file mentioned in “path” field
3 Client to server Encode file mentioned in received command “path” field to send it
4 File info Get file attributes: hidden, read only, archive, system or executable
5 Cleanup Generate and run batch script to delete itself
6 Command result Get command execution status
7 System information Validate target with Windows version, architecture (32- or 64-bit), host and user name, installed security products (with WQL request “Select From AntiVirusProduct WHERE displayName <>’Windows Defender’”)
8 Directory list Get info about files in directory: hidden, read only, archive, system or executable
9 Update Get the new version and remove the old one

Who was attacked?

According to our telemetry, the Milum Trojan was exclusively used to attack targets in the Middle East from at least the end of May 2019.

Number of detections for one of the samples from September 2019

We were able to sinkhole one of the WildPressure C2 domains (upiserversys1212[.]com) in September 2019. The vast majority of visitor IPs were also from the Middle East, and we believe the rest were network scanners, TOR exit nodes or VPN connections.

C2 domain sinkholing also shows active infections mostly from the Middle East

And who’s behind it?

To date we haven’t observed any strong code- or victim-based similarities with any known actor or set of activity. Their C++ code is quite common, regarding configuration data and communication protocol malware uses base64-encoded JSON-formatted configuration data stored in the binary’s resource section and parses it with Standard Template Library (STL) functions. However, these commonalities are not conclusive enough for attribution and our hypothesis is that they are merely coincidence. We would continue to monitoring this activity

To sum up

To date, we don’t have any data regarding Milum’s spreading mechanism. A campaign that is, apparently, exclusively targeting entities in the Middle East (at least some of them are industrial-related) is something that automatically attracts the attention of any analyst. Any similarities should be considered weak in terms of attribution, and are may simply be techniques copied from previous well-known cases. Indeed, this “learning from more experienced attackers” cycle has been adopted by some new interesting actors in recent years.

We should also be cautious regarding the true targeting of this new set of activities, as it is probably too soon to jump to conclusions. The targeted nature seems to be clear, but the targeting itself might be limited by our own visibility. The malware is not exclusively designed against any kind of victim in particular and might be reused in other operations.

Indicators of compromise

Files MD5
0C5B15D89FDA9BAF446B286C6F97F535
17B1A05FC367E52AADA7BDE07714666B
A76991F15D6B4F43FBA419ECA1A8E741
Original file names are Milum46_Win32.exe; on the target side they exist as system32.exe

URLs
upiserversys1212[.]com/rl.php
37.59.87[.]172/page/view.php
80.255.3[.]86/page/view.php


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

WildPressure targets industrial-related entities in the Middle East – 10 minute mail

In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine (KTAE) doesn’t show any code similarities with known campaigns. Nor have we seen any target intersections. In fact, we found just three almost unique samples, all in one country. So we consider the attacks to be targeted and have currently named this operation WildPressure.

The compilation timestamps for all these files is the same – March 2019. This is coherent with the fact that we registered no infections before May 31, 2019, so the compilation dates don’t seem to be spoofed. For their campaign infrastructure the operators used rented OVH and Netzbetrieb virtual private servers (VPS) and a domain registered with the Domains by Proxy anonymization service.

The malware uses the JSON format for configuration data and as a C2 communication protocol over HTTP as well. Inside the encrypted communications within the HTTP POST requests we found several interesting fields. One of them shows the malware version – 1.0.1. A version number like this indicates an early stage of development. Other fields suggest the existence of, at the very least, plans for non-C++ versions.

The only encryption implemented is the RC4 algorithm with different 64-byte keys for different victims. Also, the developers were kind enough to leave RTTI data inside the files. Kaspersky products detect this malware as Backdoor.Win32.Agent. For more information, please contact: [email protected]

Why we call it Milum and why it’s of interest

All the aforementioned C++ Trojans are compiled as standalone PE files, originally named Milum46_Win32.exe. The word ‘milum’ is used in the C++ class names inside the malware, so we named the Trojan after it.

Another distinctive characteristic is that the malware exports lots of zlib compression functions, such as zlibVersion(), inflate() or deflate(). This compression is needed for C2 communication, but in reality there is no need to export them in the case of a standalone application.

The JSON configuration fields are not limited to just the version and programming language; the campaign operators also use target IDs that are found in the samples. Among them, we found HatLandM30 and HatLandid3 – neither of which we are familiar with. The following table provides Milum samples that have similar PE header compilation timestamps but different target IDs:

Milum46_Win32.exe sample MD5 hash Timestamp (GMT) clientid
0C5B15D89FDA9BAF446B286C6F97F535 2019.03.09 06:17:19 839ttttttt
17B1A05FC367E52AADA7BDE07714666B 2019.03.09 06:17:19 HatLandid3
A76991F15D6B4F43FBA419ECA1A8E741 2019.03.09 06:17:19 HatLandM30

Rather than describing all the configuration fields one by one, we have gathered them together in the following table, with all the main characteristics for this malware family:

Programming language C++ with STL functions used mostly to parse JSON data and exception handling.
Configuration data Base64-encoded JSON data in PE resources. Includes timeouts, C2 URLs and keys for communication, including RC4 64-byte key.
Network protocol Trojan transmits compressed JSON data in HTTP POST requests with gzip, base64-encoded and RC4 encrypted.
Beacon data Encrypted JSON contains the malware version “1.0.1”, Epoch timestamp and client id. It also has specific fields such as “vt” and “ext” that correspond to programming language “c++” and file extension “exe”. If our hypothesis is correct, this suggests that non-C++ Trojan versions may be planned, if not already implemented.
Persistence HKCU autorun system registry keys Run and RunOnce.
Encryption The communication encryption used is RC4 with the 64-byte key stored in the configuration data.
Compression For compression the Trojan uses an embedded gzip code. For some reason gzip functions are exported from PE, although the samples are standalone executables, not DLLs.

Let’s dig a little deeper inside

The most popular sample in our telemetry was:

SHA256 a1ad9301542cc23a04a57e6567da30a6e14eb24bf06ce9dd945bbadf17e4cf56
MD5    0c5b15d89fda9baf446b286c6f97f535
Compiled     2019.03.09 06:17:19 (GMT)
Size   520704
Internal name       Milum46_Win32.exe

This application exists as an invisible toolbar window. The main malicious functions are implemented in a separate thread. Milum decodes its configuration data and, besides timeouts, it gets the parameters “clientid” and “encrypt_key” to use in RC4 encryption.

Example of the decoded and beautified configuration data. The “clientid” field differs in every sample observed

The following table describes the different configuration parameters:

Config parameter Parameter features
shortwait Pause in milliseconds between C2 communication working cycles
clientid Unique ASCII target name
encrypt_key RC4 encryption key for JSON-based C2 communications
relays – url Full URL to send HTTP POST beacon and GET commands
relays – key Unique ASCII key for each C2 to communicate with it

The operators can run the Trojan using the key (“b” or “B”) as the first argument and the file name as the second. In this case, Milum will delete the file sent as a parameter. Then the Trojan will create the C:ProgramDataMicappWindows directory and parse its configuration data to form the beacon to send to its C2.

To send the beacon, Milum uses the HTTP POST request with three parameters as enumerated in the table below.

Beacon parameter Parameter values
md Clientid from config, with prefix 01011 and random five-character ASCII suffix
nk Key from config to communicate with C2, differs for each server
val Compressed, encrypted and encoded command JSON data

The first two parameters are taken from the configuration data. The third one is encrypted and after decryption, decompression, decoding and beautifying, it looks like this:

Decoded and beautified JSON beacon to C2. In this case, the connection to the first server was unsuccessful

There are several fields worth mentioning here. We referred above to different programming languages besides C++: “vt” seems to reference a programming language and “ext” a file extension. The only reason that we could think of for keeping these is if the attackers have several Trojans, written in different languages, to work with the same control server.

Regarding the “command” field, the control servers were inaccessible at the time of the analysis, so we don’t have commands from them. However, we analyzed the command handlers in Milum’s code as described below:

Code Meaning Features
1 Execution Silently execute received interpreter command and return result through pipe
2 Server to client Decode received content in “data” JSON field and drop to file mentioned in “path” field
3 Client to server Encode file mentioned in received command “path” field to send it
4 File info Get file attributes: hidden, read only, archive, system or executable
5 Cleanup Generate and run batch script to delete itself
6 Command result Get command execution status
7 System information Validate target with Windows version, architecture (32- or 64-bit), host and user name, installed security products (with WQL request “Select From AntiVirusProduct WHERE displayName <>’Windows Defender’”)
8 Directory list Get info about files in directory: hidden, read only, archive, system or executable
9 Update Get the new version and remove the old one

Who was attacked?

According to our telemetry, the Milum Trojan was exclusively used to attack targets in the Middle East from at least the end of May 2019.

Number of detections for one of the samples from September 2019

We were able to sinkhole one of the WildPressure C2 domains (upiserversys1212[.]com) in September 2019. The vast majority of visitor IPs were also from the Middle East, and we believe the rest were network scanners, TOR exit nodes or VPN connections.

C2 domain sinkholing also shows active infections mostly from the Middle East

And who’s behind it?

To date we haven’t observed any strong code- or victim-based similarities with any known actor or set of activity. Their C++ code is quite common, regarding configuration data and communication protocol malware uses base64-encoded JSON-formatted configuration data stored in the binary’s resource section and parses it with Standard Template Library (STL) functions. However, these commonalities are not conclusive enough for attribution and our hypothesis is that they are merely coincidence. We would continue to monitoring this activity

To sum up

To date, we don’t have any data regarding Milum’s spreading mechanism. A campaign that is, apparently, exclusively targeting entities in the Middle East (at least some of them are industrial-related) is something that automatically attracts the attention of any analyst. Any similarities should be considered weak in terms of attribution, and are may simply be techniques copied from previous well-known cases. Indeed, this “learning from more experienced attackers” cycle has been adopted by some new interesting actors in recent years.

We should also be cautious regarding the true targeting of this new set of activities, as it is probably too soon to jump to conclusions. The targeted nature seems to be clear, but the targeting itself might be limited by our own visibility. The malware is not exclusively designed against any kind of victim in particular and might be reused in other operations.

Indicators of compromise

Files MD5
0C5B15D89FDA9BAF446B286C6F97F535
17B1A05FC367E52AADA7BDE07714666B
A76991F15D6B4F43FBA419ECA1A8E741
Original file names are Milum46_Win32.exe; on the target side they exist as system32.exe

URLs
upiserversys1212[.]com/rl.php
37.59.87[.]172/page/view.php
80.255.3[.]86/page/view.php


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

IT Security FAQ 8: SSL? Https:// – how do you connect it? What info should be encrypted? – 10 minute mail

Secure Sockets Layer (SSL) is a cryptographic protocol designed to provide communications security over a computer network. SSL makes the communication safe between two points, and ensures that ”no one” is sitting in-between, eavesdropping on the conversation. You’ll usually see if a site is encrypted if the url starts with https:// instead of http://.

Comment from our expert:
”An SSL encrypts communication on the web to make it harder for hackers to tap into a conversation. To be honest, all sites online should use SSL today. The only reason that all aren’t is because it is sometimes difficult to implement.”

”You can activate a SSL on your own website by talking your site host, or with your system admin, because it needs to be activated on the server. The organization Let’s Encrypt are now looking at revolutionizing the whole SSL field, making it easier to setup, configure and renew SSL certificates. They are also offering free SSL certificates for all,” says Johan Edholm at Disposable mail.

Visit Let’s Encrypt to learn more.

Want more IT security information? Don’t miss out on the other parts of our IT Sec FAQ series!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

GDPR security from an ethical hacker’s perspective – 10 minute mail

Discussions about the GDPR (General Data Protection Regulation) often touch upon security, a topic that few people know as well as ethical hackers. What can organisations learn from the stories ethical hackers have to share? We take a look at the GDPR from a hacker’s perspective and explain why it is the perfect opportunity to transition to a security-first mindset.

Note: This article provides some helpful pointers, but we advise you to consult a legal expert when preparing for the GDPR to ensure you are fully compliant in May 2018.

Disposable mail’s take on GDPR security

Long before anyone even knew what GDPR was, our founders created Disposable mail with the vision of making the internet a safer place. Since then, alongside releasing the Disposable mail scanner, our ethical hackers have spent hours and hours doing security research and bringing critical data privacy issues to the light. For us, GDPR is an important step towards helping companies become more secure.

Chrome Extensions privacy

We’re glad that our security research has had an impact on the internet, and resulted in revised policies at Google, Slack and AWS – making users safer online. For instance, we exposed how popular Chrome extensions were tracking their users and selling their data to third party vendors.

The GDPR is complex, but the key thought behind it is very simple. Companies need to put customers’ privacy first, guided by the idea of data protection by design and by default. Investing in security and data protection is not just about avoiding hefty fines – it’s a no-brainer. To get you started, here are three tips that can help you comply with the GDPR, backed by ethical hacker knowledge.

1. Work proactively with security

Security measures are often an afterthought rather than the starting point in the development process. When deadlines are looming, security checks might seem time-consuming and unnecessary. However, adopting a proactive approach to security is a smart move that pays off.

Linus Särud, security researcher and ethical hacker, who has legally hacked companies like Google, explains: “It costs more to recover from a hack than to work proactively on it to prevent it from happening in the first place. Recovering from a hack is also more stressful than working with security continuously.”

What the GDPR says about this

This proactive approach to security is at the core of Article 32 of the GDPR, where the necessity of security testing is emphasised, requiring companies to implement “a process for regularly testing, assessing and evaluating the effectiveness of technical measures for ensuring the security of the processing.” (Article 32, 1d)

What you can do

Use automated web security scanning

Running regular security tests with a tool like Disposable mail allows you to stay on top of security and ensure security of processing that is always up-to-date. The Disposable mail scanner is updated on a regular basis, powered by the research of over 100 skilled ethical hackers. The hackers send in their security research that is then built into the scanner, providing you with fresh vulnerabilities every time you test your web app.

Disposable mail findings

After every Disposable mail scan, you receive a detailed overview of your site’s security status.

Implement a responsible disclosure policy

Utilize the ethical hacker community by allowing them to report vulnerabilities to you. If companies like Google, Facebook, PayPal turn to external researchers to help them stay on top of threats, so should you. The first step is to set up a responsible disclosure email ([email protected]), so that ethical hackers can get in touch with you easily.

Karim Rahal

Karim Rahal hacked Spotify when he was only 13. Since Spotify had a responsible disclosure policy, they received his report and were able to fix the vulnerability immediately.

2. React quickly and transparently

Perhaps you think nobody would ever attack you, but hackers seldom pick a specific target. It is far more common for them to focus on one type of vulnerability and then try to exploit it on as many sites as possible. If this happens and your site gets hacked, remember that the way you react can greatly mitigate the impact of the incident.

Linus explains that it’s important to stay calm if your site gets hacked: “Realise it’s not personal. Hackers want to hack as many as possible, not you specifically. There is no reason to panic, people have been hacked before and survived. With that said, act quickly and do not just ignore it.”

What the GDPR says about this

Transparency is vital for GDPR compliance as personal data breaches need to be reported to the authorities and the affected data subjects within 72 hours of being discovered (articles 33 and 34). Companies that fail to report a serious breach can be subject to considerable fines, but trying to conceal a security incident comes with additional costs, the most dangerous one being the loss of your brand’s reputation and customers’ trust.

What you can do

Review your incident response plan

If you don’t have one already, devise a detailed incident response plan that will allow you to react quickly in the case of a security breach. Review your incident response plan regularly to check whether it’s still viable. In the case of a security incident, keep in mind that concealing a breach is never a good idea and don’t panic. If you see the “This site may be hacked” flag when you search for your business using Chrome, follow our step-by-step guide on how to remove the flag.

Communicate transparently

GDPR compliance and thorough security routines will not create a 100% bulletproof website, because that is not possible. If Google and other tech giants are vulnerable, so are you. The real difference is in how you react and communicate when a security issue emerges. Clear, quick communication and transparency can turn bad PR to good PR.

In 2016, we contacted Slack and reported a bug that allowed hackers to hijack accounts and gain complete access to users’ chat history. Although the report came in on a Friday evening, Slack reacted straightaway, fixed the vulnerability in a few hours, and issued a statement detailing the incident. When the story was covered in the media, Slack’s response was highlighted as a positive example of how companies should work with security. To find out more, check out WIRED’s article on the topic and Graham Cluley’s take on the incident.

Geoff Belknap tweet

Geoff Belknap, Slack’s CISO, and his team fixed a vulnerability in less than 5 hours and received positive feedback from the security community and the press. Belknap encourages everyone to run a bug bounty program.

3. Minimise potential damage

“There are two types of companies. Those that have been hacked and those that have been hacked but don’t know about it,” Linus says. A security incident is less damaging if you ensure that the data hackers get their hands on is useless.

What kind of data would an attacker be interested in? Linus points out that you should be careful not to dismiss data as trivial: “Hacker are after credit card details to steal money, user credentials to log in to other places, personal information to use for blackmailing… The list goes on and it varies depending on what industry you are in. What’s important to keep in mind is that almost all data is interesting to someone.

What the GDPR says about this

The GDPR emphasises that companies should only process personal data that is necessary for operations (Article 6). Personal data should be protected using measures such as pseudonymisation and encryption (Article 32, 1a). In short, you should not process personal data unless you absolutely need to and the data that you do process should be protected and kept out of harm’s way.

What you can do

Encrypt personal data

Encrypt your users’ personal data and ensure that even if hackers were to breach your systems, they could not use whatever they might discover. Christoffer Fjellström, backend developer at Disposable mail, explains the steps you can take to protect your users’ data: “Make sure to use encryption that is fit for the purpose and implement it well. Encrypting data at rest is a good idea and if you use a cloud service provider, all you need to do is check a box. However, this will not protect data against an attack on a running server which is a very likely scenario.”

GDPR computer

How you encrypt data depends on how you intend to use it, Christoffer says: “For passwords that should only be verified but not be read in plain text use a cryptographic hash function like scrypt or bcrypt to safely store them. These both have parameters you can fiddle with to make them more (or less) secure so make sure you read up on how to use and implement them.”

Sensitive data that needs to be readable in its unencrypted form, on the other hand, is more of a challenge: “First off, always use a popular and well-tested encryption scheme and make sure you implement it the right way. The tricky part is to store the decryption key and there’s no single correct answer to this. As a bare minimum, do not store the key in the same place as the data it decrypts. Implement this so it’s possible to rotate the key periodically and do so. Finally, make sure that any access to the keys is properly logged.”

Are you considering adding web application security scanning to your GDPR compliance plan? Sign up for a free Disposable mail trial!

The most common vulnerabilities in EU countries

The most commonly identified vulnerabilities in EU countries based on Disposable mail’s scan statistics. Learn more about the impact and remediations of some of the featured vulnerabilities: XSS, CSRF, SQL Injection, Email spoofing. 

 

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Latest “incorruptible” Privacy Method that makes your VPN Out-of-Date – Disposable mail news



A unique chip that allows computers to send information using a 1-time ‘indestructible’ connection.


“Experts have made a unique unhackable safety system that is bound to transform the information secrecy,” says the University of St Andrews, King Abdullah University of Sciences and Technology (KAUST) and the Center for Unconventional Processes of Sciences (CUP Sciences).
The global organization of experts has built a new optical chip that enables the message to be transmitted from the sender to another receiver using a 1-time untraceable transmission that can accomplish ‘absolute privacy’ as private information is secured as one of the safest means, thanks to the experts. The experts’ designed method utilizes silicon chips that carry compact arrangements that are permanently modified to transfer data in a one-time-key that can’t be formed again or hijacked by the hackers.

A technology of the future- 
While the present conventional encryption methods permit messages to be transferred instantly, the information can, however, be hacked by quantum algorithms and computers of the future. But, as per the experts’ claim, the latest developed technique for encoding information is solid and utilizes present transmission systems. The newly devised method also occupies limited storage on the present computer systems compared to conventional encoded interactions.

“Due to the arrival of more robust and quantum machines and future computers, all present encodings would be deciphered without taking much time, revealing the confidentiality of our existing and past transmission networks that hold much importance. For example, a hacker can save a piece of encoded information that is available now and he can expect the appropriate systems and technologies that can be availed shortly to decrypt the information. Executing large and cost-effective means of world-class safety is a universal enigma,” says Dr. Andrea Fratalocchi, Associate Professor, Electrical Engineering at KAUST and Director of the Research.

He further says: Our research, however, has the caliber to resolve the problems of privacy for every individual across the globe. If by any chance this new technique could be executed across the world universally, the hackers would have a hard time trying to break into someone’s personal information and would be seeking jobs elsewhere.
For the moment, the groups of experts are currently planning to develop business apps for their trademarked technique and are planning to do a demo very soon.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.