Linux fréttir

Researchers at the University of Vienna extracted phone numbers for 3.5 billion WhatsApp users by systematically checking every possible number through the messaging service's contact discovery feature. The technique yielded profile photos for 57% of those accounts and profile text for 29 percent. The researchers checked roughly 100 million numbers per hour using WhatsApp's browser-based app. The team warned Meta in April and deleted their data. The company implemented stricter rate-limiting by October to prevent such mass enumeration. Meta called the exposed information "basic publicly available information" and said it found no evidence of malicious exploitation. The vulnerability had been identified before. In 2017, Dutch researcher Loran Kloeze published a blog post detailing the same enumeration technique. Meta responded then that WhatsApp's privacy settings were functioning as designed and denied him a bug bounty reward. The researchers collected 137 million U.S. phone numbers. In India, they found nearly 750 million numbers. They also discovered 2.3 million Chinese numbers and 1.6 million Myanmar numbers, despite WhatsApp being banned in both countries. The researchers analyzed the cryptographic keys and found some accounts used duplicate keys. They speculate this resulted from unauthorized WhatsApp clients rather than a platform flaw.

Read more of this story at Slashdot.

European Commission probes whether Amazon and Microsoft wield outsized control under Digital Markets Act

The European Commission has launched investigations into Amazon and Microsoft's cloud services, and plans to review if legislation introduced in 2022 is being applied effectively to the cloud market.…

Lawsuit alleges he poached staff, lifted trade secrets, and set up Red Stapler before quitting

NetApp has accused its former senior vice president and CTO of secretly building a rival cloud control platform while still on its payroll, triggering an urgent legal scramble.…