Posts
A little off topic of the channel, but I can’t help but share 👨💻 Recently, the top dom…
November 19, 2024 at 1:30 AM•Max Knyazev is typing…Telegram mirror
A little off topic of the channel, but I can’t help but share
👨💻
Recently a top domestic information security company Positive Technologies
🟥
announced the presentation of its NGFW. In this regard, it was decided to hold a small interactive event with prizes in the form of our own merch
To do this, they launched their mini app in Telegram (clicker). In it, they talked a little about their new product (NGFW), gave a short excursion into the history of filtering network traffic and firewalls, and also gave the opportunity to play as attackers who are trying to attack the network with malicious packets
⌨️
To get merch you need to be in the TOP 50 participants using a set of coins (as in any similar clicker). The drawing should take place on November 20
🌟
◼️
The funny thing about this is that their app got hacked.
👍
To begin with, some users (or one from different accounts) filled themselves with the maximum possible number of coins. Then they decided to play around with the names of the players and renamed everyone they could get their hands on. Next, they gave all users a nickname
Adolf Hitler
and the number of coins is 1488 (those who understand, understand, I don’t want to explain neo-Nazi symbols here). True, they quickly erased this and put the id of some group in the telegram in the user names (just in case, I won’t give the link either)
⚠️
Naturally, I highlighted this fact to the support of Positive Technologies, but it’s unlikely that anyone would have been able to hide it anyway. Therefore, I decided not to waste time on trifles and tell you about it myself first-hand.
🚨
You can approach this in different ways. Is it funny that a mini-application in a telegram was hacked at a top information security company? It’s more of an oxymoron. As a security specialist, I am more interested in the question whose fault it is: PT specialists or Telegram developers? How safe are the Mini Apps that Pavel Durov recently presented?
😇
So far there are more questions than answers, but perhaps I can find out something more about this incident
📹
#information_security
Open original post on TelegramRecently a top domestic information security company Positive Technologies
To do this, they launched their mini app in Telegram (clicker). In it, they talked a little about their new product (NGFW), gave a short excursion into the history of filtering network traffic and firewalls, and also gave the opportunity to play as attackers who are trying to attack the network with malicious packets
To get merch you need to be in the TOP 50 participants using a set of coins (as in any similar clicker). The drawing should take place on November 20
To begin with, some users (or one from different accounts) filled themselves with the maximum possible number of coins. Then they decided to play around with the names of the players and renamed everyone they could get their hands on. Next, they gave all users a nickname
Naturally, I highlighted this fact to the support of Positive Technologies, but it’s unlikely that anyone would have been able to hide it anyway. Therefore, I decided not to waste time on trifles and tell you about it myself first-hand.
You can approach this in different ways. Is it funny that a mini-application in a telegram was hacked at a top information security company? It’s more of an oxymoron. As a security specialist, I am more interested in the question whose fault it is: PT specialists or Telegram developers? How safe are the Mini Apps that Pavel Durov recently presented?
So far there are more questions than answers, but perhaps I can find out something more about this incident
#information_security
Discussion
Comments
Comments are available only to confirmed email subscribers. No separate registration or password is required: a magic link opens a comment session.
Join the discussion
Enter the same email that you already used for your site subscription. We will send you a magic link to open comments on this device.
There are no approved comments here yet.