| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Dec 2017 05:48:11 -0500 From: Jeffrey Walton <noloader@...il.com> To: Nightwatch Cybersecurity Research <research@...htwatchcybersecurity.com> Cc: Full Disclosure List <fulldisclosure@...lists.org> Subject: Re: [FD] Follow-up on CVE-2017-8769 - WhatsApp Issues with Media Files On Tue, Dec 5, 2017 at 5:27 PM, Nightwatch Cybersecurity Research <research@...htwatchcybersecurity.com> wrote: > [https://wwws.nightwatchcybersecurity.com/2017/05/17/advisory-whatsapp-for-android-privacy-issues-with-handling-of-media-files-cve-2017-8769/] > > We reported an issue earlier this year to WhatsApp / Facebook, where > after deleting chats the media files would be retained on the device. > The vendor fixed the issue by adding an option of deleting these > files. HOWEVER, our testing now shows that the fix doesn't always work > and the vendor doesn't acknowledge the issue as a security problem. We > have updated the advisory accordingly and are recommending that users > delete the media files from the SD card manually. Deleting files from the SDcard likely won't fix the problem. The vendor has to fix the problem by avoiding plain text on the disk. Also see "Reliably Erasing Data From Flash-Based Solid State Drives," https://www.usenix.org/legacy/event/fast11/tech/full_papers/Wei.pdf . Jeff _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists