Follow

How sloppy OPSEC gave researchers an inside look at the exploit industry

cyberscoop.com/mobile-zero-day

“Those government developers were testing out the WhatsApp malware on their own devices, and it was storing their discussions on the program’s servers.

The nation-state essentially had hacked itself and accidentally dumped highly sensitive information on the open internet—including details of its interactions with the secretive vendors who sell spyware to governments.”

HT @lorenzofb@twitter.com

@aral It should not come as a surprise to any penetration tester and security tester that one should always test on a separate, dedicated machine, and never ever on one's own machine.

@aral Now THIS is the right way to share something you saw on Twitter. Thanks!

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!