Confide Secure-Message App Wasn't So Secure After All

Confide Secure-Message App Wasn't So Secure After AllConfide, the secure-messaging service used by many staffers in the White House and on Capitol Hill, turned out to not be very secure after all. IOActive called Confide’s security flaws “critical,” and noted that its researchers gained access to the account records of 7,000 Confide users, including usernames, phone numbers, email addresses and public cryptographic keys. The service allowed unencrypted messages to be sent without notifying the receiver that the messages would be readable to anyone, and that “the application failed to adequately prevent brute-force attacks on user account passwords,” which could be short and simple instead of long and complex, making the task of guessing a password even easier.



Yahoo News – Latest News & Headlines