How sloppy OPSEC gave researchers an inside look at the exploit industry
“Those government developers were testing out the WhatsApp malware on their own devices, and it was storing their discussions on the program’s servers.
The nation-state essentially had hacked itself and accidentally dumped highly sensitive information on the open internet—including details of its interactions with the secretive vendors who sell spyware to governments.”
@aral this is delightful
@aral It should not come as a surprise to any penetration tester and security tester that one should always test on a separate, dedicated machine, and never ever on one's own machine.
@aral Now THIS is the right way to share something you saw on Twitter. Thanks!
This is my personal Mastodon.