The Last HITB Security Conference in Malaysia

Hands-on Technical Trainings - 13th & 14th October

http://conference.hitb.org/hitbsecconf2014kul/#tile_schedule

Triple-Track Conference - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/conference-speakers/

 

Capture the Flag - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/capture-the-flag/

HackWEEKDAY - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/hackweekday/

CommSec Village - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/commsec-village/

REGISTER ONLINE NOW

Account theft still possible with latest WhatsApp

http://en.wikipedia.org/wiki/WhatsApp

Recent changes to WhatsApp, which appears to have captured a position as the popular app-based alternative to texting, have not actually secured the system, at least for Android users. In a test by The H's associates at heise Security, it was found to still be possible to take over an account unnoticed and send and receive WhatsApp messages on behalf of that user.

Just over two months ago, WhatsApp stopped transmitting users' messages in plain text. This meant that tools such as WhatsApp Sniffer no longer worked. But within weeks it became apparent that WhatsApp's new approach was hardly any protection as the application used the device's IMEI serial number on Android and the Mac address of the Wi-Fi interface on iOS to generate passwords. As these are easily obtained items of information, the WhatsAPI PHP library was quickly adapted to make use of this information and take over an account.