Weibo: social media chat easily sniffed or spoofed
Weibois a Chinese social media platform like Twitter or Facebook. You post your status, chat with your friends, etc. Now suppose you post a message as follows in Weibo:
微博是一个类似脸书和推特的中国社交平台,你可以发表状态,和朋友聊天等等。下面假如你在微博上发了这么一条:
You can see what’s being sent to the Weibo backend by capturing the traffic from Wireshark:
用wireshark可以查看被发送到微博后台的数据。
And the cookie is there for an attacker to harvest or even alter your post message via a[size=15.1200008392334px]man-in-the-middleattack.
cookies就那么放在那里等人收割,甚至允许中间人攻击来改变你发布的内容。
You may ask Who cares? This is a post on social media and is meant to be public. But what about your private chats with friends? We sent the following message via the chat window:
你可能会说Who TM Cares?社交媒体上发布的东西本来就是公开的。但是你和你朋友的私信聊天呢?我们从私信窗口发送了如下消息。
Again Wireshark shows us exactly the text, without encryption, begging for an attack (such as modifying the chat, injecting malicious links, etc.). There’s no privacy here!
Weibois a Chinese social media platform like Twitter or Facebook. You post your status, chat with your friends, etc. Now suppose you post a message as follows in Weibo:
微博是一个类似脸书和推特的中国社交平台,你可以发表状态,和朋友聊天等等。下面假如你在微博上发了这么一条:
You can see what’s being sent to the Weibo backend by capturing the traffic from Wireshark:
用wireshark可以查看被发送到微博后台的数据。
And the cookie is there for an attacker to harvest or even alter your post message via a[size=15.1200008392334px]man-in-the-middleattack.
cookies就那么放在那里等人收割,甚至允许中间人攻击来改变你发布的内容。
You may ask Who cares? This is a post on social media and is meant to be public. But what about your private chats with friends? We sent the following message via the chat window:
你可能会说Who TM Cares?社交媒体上发布的东西本来就是公开的。但是你和你朋友的私信聊天呢?我们从私信窗口发送了如下消息。
Again Wireshark shows us exactly the text, without encryption, begging for an attack (such as modifying the chat, injecting malicious links, etc.). There’s no privacy here!
