The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration.
«When they loaded this URL, the server responded with a Java heap dump, which is a roughly 150-MB file containing a snapshot of the server’s memory at the moment the URL was loaded.»
Comedy gold, the whole article…
Client side md5 password hashing, JSP, having public facing links to dump the heap due to default configuration…
Either this was made by someone who took a programming course twenty years ago and haven’t touched it since. Or it was intentionally made to be insecure.
What the….? Why use a knockoff? Signal is free…
Because they want to archive their messages assumedly, and because they’re clownishly incompetent of course