Re: [Full-disclosure] whatsapp opening url in background
Hi, I have been talking with WhatsApp about this issue during some days and this error is solved in last version *2.11.134.* I have been written an advisory for this: http://foosec.com/docs/whatsapp.html Thanks for the info. Frank ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] whatsapp opening url in background
Hi Frank, I just received a URL via Whatsapp from a friend, and I haven't noticed that behavior. What's more, I don't remember if I ever noticed it. Could you post more precise reproduction steps, please? How did you notice that the URL was opened in background? Thanks. - Mensaje original - De: Frank Habermann Enviado: 14-11-13 13:02 Para: full-disclosure@lists.grok.org.uk Asunto: [Full-disclosure] whatsapp opening url in background Hi List, i wonder about url opening in background in whatsapp. I am using an android phone. If i send a url to some other user(with android) in whatsapp my whatsapp and the the other user is opening the url in background without any user interaction. Is this normal? I could reproduce this only on android. Not on ios. Is this a android problem or a whatsapp problem? Sounds very strange and insecure for me. regards, Frank ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] whatsapp opening url in background
Hi, fyi I've seen Chrome (on Mac OSX) doing at least two requests to the first domains of the results of a search It appears to be like a pre-cache functionality, however I didn't investigate more (so I don't know if it is related to pre-load / Do Not Track) I wonder how it could be used in combination with techniques like google bombing for tracking or malware... Regards /JA 2013/11/15 Frank Habermann lordla...@lordlamer.de: Hi, I have been talking with WhatsApp about this issue during some days and this error is solved in last version *2.11.134.* I have been written an advisory for this: http://foosec.com/docs/whatsapp.html Thanks for the info. Frank ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] whatsapp opening url in background
Hi there! Related to: http://seclists.org/fulldisclosure/2013/Nov/95 I have been talking with WhatsApp about this issue during some days and this error is solved in last version *2.11.134.* I have been written an advisory for this: http://foosec.com/docs/whatsapp.html Best regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] whatsapp opening url in background
Chrome does prefetch and prerender currently (https://developers.google.com/chrome/whitepapers/prerender [4]) in ancient times it did only DNS lookups. Am 2013-11-15 09:21, schrieb Jerome Athias: Hi, fyi I've seen Chrome (on Mac OSX) doing at least two requests to the first domains of the results of a search It appears to be like a pre-cache functionality, however I didn't investigate more (so I don't know if it is related to pre-load / Do Not Track) I wonder how it could be used in combination with techniques like google bombing for tracking or malware... Regards /JA 2013/11/15 Frank Habermann lordla...@lordlamer.de: Hi, I have been talking with WhatsApp about this issue during some days and this error is solved in last version *2.11.134.* I have been written an advisory for this: http://foosec.com/docs/whatsapp.html [1] Thanks for the info. Frank ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html [2] Hosted and sponsored by Secunia - http://secunia.com/ [3] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html [2] Hosted and sponsored by Secunia - http://secunia.com/ [3] Links: -- [1] http://foosec.com/docs/whatsapp.html [2] http://lists.grok.org.uk/full-disclosure-charter.html [3] http://secunia.com/ [4] https://developers.google.com/chrome/whitepapers/prerender ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] whatsapp opening url in background
Hi, please, refer to the advisory: http://foosec.com/docs/whatsapp.html Here you have an abstract: *WhatsApp http://www.whatsapp.com/* advisory published in *Nov-2013* about an internal side effect - as they said - that may provoke, among others, a DoS against the application and information disclosure as well, everything without any kind of human interaction with the device. Already *solved in version 2.11.134*. Kind regards! On Thu, Nov 14, 2013 at 5:58 PM, Ander Juaristi Alamos ajuari...@gmx.eswrote: Hi Frank, I just received a URL via Whatsapp from a friend, and I haven't noticed that behavior. What's more, I don't remember if I ever noticed it. Could you post more precise reproduction steps, please? How did you notice that the URL was opened in background? Thanks. - Mensaje original - De: Frank Habermann Enviado: 14-11-13 13:02 Para: full-disclosure@lists.grok.org.uk Asunto: [Full-disclosure] whatsapp opening url in background Hi List, i wonder about url opening in background in whatsapp. I am using an android phone. If i send a url to some other user(with android) in whatsapp my whatsapp and the the other user is opening the url in background without any user interaction. Is this normal? I could reproduce this only on android. Not on ios. Is this a android problem or a whatsapp problem? Sounds very strange and insecure for me. regards, Frank ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] whatsapp opening url in background
That is probably related to Predict network actions ... in Chrome advanced settings. On 15 November 2013 09:21, Jerome Athias athiasjer...@gmail.com wrote: Hi, fyi I've seen Chrome (on Mac OSX) doing at least two requests to the first domains of the results of a search It appears to be like a pre-cache functionality, however I didn't investigate more (so I don't know if it is related to pre-load / Do Not Track) I wonder how it could be used in combination with techniques like google bombing for tracking or malware... Regards /JA 2013/11/15 Frank Habermann lordla...@lordlamer.de: Hi, I have been talking with WhatsApp about this issue during some days and this error is solved in last version *2.11.134.* I have been written an advisory for this: http://foosec.com/docs/whatsapp.html Thanks for the info. Frank ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] whatsapp opening url in background
Hi List, i wonder about url opening in background in whatsapp. I am using an android phone. If i send a url to some other user(with android) in whatsapp my whatsapp and the the other user is opening the url in background without any user interaction. Is this normal? I could reproduce this only on android. Not on ios. Is this a android problem or a whatsapp problem? Sounds very strange and insecure for me. regards, Frank ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/