Reply With Quote
I don't even know what snapchat is and I already know I hate it. I got a few annoying automated messages from Girls from school asking to download and use Snapchat...probably some new Social media bs.
This is exclusively for boobies, right?
I don't even know what snapchat is and I already know I hate it. I got a few annoying automated messages from Girls from school asking to download and use Snapchat...probably some new Social media bs.
You send or receive a pic on your cell, but only have 10 secs to view it.
Now you can send pics to that chick 3 cubicles down w/o worrying about a sexual harassment complaint.
I might have missed an opportunity....
Couldn't someone just screenshot that ?
What if I manage to save it within those 10 secs ?
The app probably has a script that disallows screenshot when you're using the app.
^ Same, probably has some sort of script that disallows saving..
I need confirmation. I might have gotten overly excited before reading that screenshot post. Pics may or may not have gone out.
what if you took a picture of the screen with a different camera?
I don't know man. 10 seconds is way too fast, chances are you're going to end up with a super crappy copy mainly because you're taking screen pictures and only have 10 seconds...Could easily claim fake
Tim Worstall, Contributor
I write about business and technology.
Follow (871)
TECH
|
12/26/2013 @ 12:56PM |1,172 views
Snapchat's API Is Hacked And Exploits Allowing Phone Number Collection And Bogus Account Creation Published
Comment Now Follow Comments
So, if you happen to use Snapchat you might want to think a little about what you’re using it to do. Some very annoyed hackers have just published the API to the service: and a couple of exploits that allow some serious information harvesting to take place. The full release is here and this is an example of one of the exploits that can be done:
This is one of our personal favorites since it’s just so ridiculously easy to exploit. A single request (once logged in, of course!) to /ph/find_friends can find out whether or not a phone number is attached to an account.For those not technically minded the basic point: it is not a good thing that this can be done to Snapchat’s software.
This is one of the things we initially wrote about in our previous release, approximately four months ago (at the time of writing)! They’ve yet to add any rate limiting to this, so we thought we’d add a non-watered down version of the exploit to this release; maybe Evan Spiegel will fix it when someone finds his phone number via this?
We did some back-of-the-envelope calculations based on some number crunching we did (on an unused range of numbers). We were able to crunch through 10 thousand phone numbers (an entire sub-range in the American number format (XXX) YYY-ZZZZ – we did the Z’s) in approximately 7 minutes on a gigabyte line on a virtual server. Given some asynchronous optimizations, we believe that you could potentially crunch through that many in as little as a minute and a half (or, as a worst case, two minutes). This means you’d be railing through as many as 6666 phone numbers a minute (or, in our worst case, 5000!).
Using the reported 8 million users in June as a rough estimate for Snapchat’s user base (however, it will have undoubtedly exponentially grown since then), we can do some rough calculations on how long it would take to crunch through all of Snapchat’s user base:
Given user_base = 8e6 (8 million), and a numbers crunchable per minute (ncpm) of approximately 6666, we can assume that it would take approximately 20 hours for one $10 virtual server to eat through and find every user’s phone number (hours = user_base / (ncpm*60)). At our worst case of ncpm = 5000, it would take approximately 26.6 hours.
Before Snapchat, There Was Eva Hesse (See Her Art While It Lasts)
Jonathon KeatsContributor
Snapchat: 'Your Ad Here'
Charles WarnerContributor
Delete By Default: Why More Snapchat-Like Messaging Is On Its Way
Parmy OlsonForbes Staff
Consumer Behavior, Not Snapchat, Created The Need For Instagram Direct
Kyle WongContributor
There’s a less technical description of what is goingon here:
After having its security disclosure go ignored since August, Gibson Security has published Snapchat’s previously undo ented developer hooks (API) and code for two exploits that allow mass matching of phone numbers with names and mass creation of bogus accounts.Now the real point of all of this is not to point to Snapchat’s software and point out that it’s got some holes in it. There’s hardly a piece of software out there that doesn’t have some holes in it. Rather it’s to make the point that all of this was pointed out four months ago and we would all rather like people to fix such flaws in their software when they are pointed out to them. And that’s what is driving these hackers. Not at all that there are flaws: but that after they pointed out the flaws they weren’t fixed. That’s something that doesn’t bode well for the future security of whatever it is that Snapchat might develop into. And that, given the current valuations and offers at $3 billion and up is something that perhaps the company might want to start thinking about more seriously.
The Australian hackers announced its publication of Snapchat’s API and the two exploits on the GibSec Twitter account on Christmas Eve — which by time difference is Christmas Day in Australia.
Now anyone can build an exact clone of Snapchat’s API and stalk the popular app’s alleged 8 million users.
Oh, and the second exploit is worrying as well: it allows the mass creation of bogus accounts. That, in turn, could lead to mass spamming of the service which really isn’t going to make it any more popular.
Comment Now Follow Comments
Report Corrections
Reprints & Permissions
Post Your Comment
Please log in or sign up to comment.
Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.
Most Read on Forbes
- NEWS
- People
- Places
- Companies
- 'Man Of Steel,' 'Elysium' And The Worst Films Of 2013 +381,730 views
- The Best Story Yet About The UK's Online Porn Filters +178,860 views
- Day-After-Christmas Sales Will Be Huge +95,168 views
- Want To Succeed? Don't Check Your Email - And Work Out At Lunch+88,509 views
- What Porn Stars Do When The Porn Industry Shuts Down +68,712 views
- Are Walmart And McDonald's 'Welfare Queens'? +58,015 views
- President Obama's Top 10 Cons utional Violations Of 2013+34,147 views
- A New Era For Entrepreneurs And Startups Has Begun +29,557 views
- Mentally Strong People: The 13 Things They Avoid +28,095 views
- Judge Rules That NSA Can Only Spy On Phone Records Of 6.7 Billion Non-Americans +23,260 views
+ show more
+ show more
I'm a Fellow at the Adam Smith Ins ute in London, a writer here and there on this and that and strangely, one of the global experts on the metal scandium, one of the rare earths. An odd thing to be but someone does have to be such and in this flavour of our universe I am. I have written for The Times, Daily Telegraph, Express, Independent, City AM, Wall Street Journal, Philadelphia Inquirer and online for the ASI, IEA, Social Affairs Unit, Spectator, The Guardian, The Register and Techcentralstation. I've also ghosted pieces for several UK politicians in many of the UK papers, including the Daily Sport.
The author is a Forbes contributor. The opinions expressed are those of the writer.
TIM WORSTALL’S POPULAR POSTS
- The Best Story Yet About The UK's Online Porn Filters 601,727 views
- Warren Buffett's Very Strange Tax Argument238,664 views
- Apple's Very Clever Trick With The iPhone Trade-In Program 221,525 views
- Two Things Apple Got Absolutely Right In The iPhone 5s And iOS 7 206,159 views
- Six Waltons Have More Wealth Than the Bottom 30% of Americans 168,318 views
MORE FROM TIM WORSTALL
That copy/paste job
Sorry guys
lefty with the terrible terrible bads
Jeves forgive me pls
I write about business and technology.
Follow (871)
TECH
|
12/26/2013 @ 12:56PM |1,172 views
Snapchat's API Is Hacked And Exploits Allowing Phone Number Collection And Bogus Account Creation Published
Comment Now Follow Comments
So, if you happen to use Snapchat you might want to think a little about what you’re using it to do. Some very annoyed hackers have just published the API to the service: and a couple of exploits that allow some serious information harvesting to take place. The full release is here and this is an example of one of the exploits that can be done:This is one of our personal favorites since it’s just so ridiculously easy to exploit. A single request (once logged in, of course!) to /ph/find_friends can find out whether or not a phone number is attached to an account.For those not technically minded the basic point: it is not a good thing that this can be done to Snapchat’s software.
This is one of the things we initially wrote about in our previous release, approximately four months ago (at the time of writing)! They’ve yet to add any rate limiting to this, so we thought we’d add a non-watered down version of the exploit to this release; maybe Evan Spiegel will fix it when someone finds his phone number via this?
We did some back-of-the-envelope calculations based on some number crunching we did (on an unused range of numbers). We were able to crunch through 10 thousand phone numbers (an entire sub-range in the American number format (XXX) YYY-ZZZZ – we did the Z’s) in approximately 7 minutes on a gigabyte line on a virtual server. Given some asynchronous optimizations, we believe that you could potentially crunch through that many in as little as a minute and a half (or, as a worst case, two minutes). This means you’d be railing through as many as 6666 phone numbers a minute (or, in our worst case, 5000!).
Using the reported 8 million users in June as a rough estimate for Snapchat’s user base (however, it will have undoubtedly exponentially grown since then), we can do some rough calculations on how long it would take to crunch through all of Snapchat’s user base:
Given user_base = 8e6 (8 million), and a numbers crunchable per minute (ncpm) of approximately 6666, we can assume that it would take approximately 20 hours for one $10 virtual server to eat through and find every user’s phone number (hours = user_base / (ncpm*60)). At our worst case of ncpm = 5000, it would take approximately 26.6 hours.
There’s a less technical description of what is goingon here:After having its security disclosure go ignored since August, Gibson Security has published Snapchat’s previously undo ented developer hooks (API) and code for two exploits that allow mass matching of phone numbers with names and mass creation of bogus accounts.Now the real point of all of this is not to point to Snapchat’s software and point out that it’s got some holes in it. There’s hardly a piece of software out there that doesn’t have some holes in it. Rather it’s to make the point that all of this was pointed out four months ago and we would all rather like people to fix such flaws in their software when they are pointed out to them. And that’s what is driving these hackers. Not at all that there are flaws: but that after they pointed out the flaws they weren’t fixed. That’s something that doesn’t bode well for the future security of whatever it is that Snapchat might develop into. And that, given the current valuations and offers at $3 billion and up is something that perhaps the company might want to start thinking about more seriously.
The Australian hackers announced its publication of Snapchat’s API and the two exploits on the GibSec Twitter account on Christmas Eve — which by time difference is Christmas Day in Australia.
Now anyone can build an exact clone of Snapchat’s API and stalk the popular app’s alleged 8 million users.
Oh, and the second exploit is worrying as well: it allows the mass creation of bogus accounts. That, in turn, could lead to mass spamming of the service which really isn’t going to make it any more popular.
Comment Now Follow Comments
Report Corrections
Reprints & Permissions
Post Your Comment
Please log in or sign up to comment.
Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.
Most Read on Forbes
- NEWS
- People
- Places
- Companies
- 'Man Of Steel,' 'Elysium' And The Worst Films Of 2013 +381,730 views
- The Best Story Yet About The UK's Online Porn Filters +178,860 views
- Day-After-Christmas Sales Will Be Huge +95,168 views
- Want To Succeed? Don't Check Your Email - And Work Out At Lunch+88,509 views
- What Porn Stars Do When The Porn Industry Shuts Down +68,712 views
- Are Walmart And McDonald's 'Welfare Queens'? +58,015 views
- President Obama's Top 10 Cons utional Violations Of 2013+34,147 views
- A New Era For Entrepreneurs And Startups Has Begun +29,557 views
- Mentally Strong People: The 13 Things They Avoid +28,095 views
- Judge Rules That NSA Can Only Spy On Phone Records Of 6.7 Billion Non-Americans +23,260 views
+ show more
+ show more
I'm a Fellow at the Adam Smith Ins ute in London, a writer here and there on this and that and strangely, one of the global experts on the metal scandium, one of the rare earths. An odd thing to be but someone does have to be such and in this flavour of our universe I am. I have written for The Times, Daily Telegraph, Express, Independent, City AM, Wall Street Journal, Philadelphia Inquirer and online for the ASI, IEA, Social Affairs Unit, Spectator, The Guardian, The Register and Techcentralstation. I've also ghosted pieces for several UK politicians in many of the UK papers, including the Daily Sport.
The author is a Forbes contributor. The opinions expressed are those of the writer.
TIM WORSTALL’S POPULAR POSTS
- The Best Story Yet About The UK's Online Porn Filters 601,727 views
- Warren Buffett's Very Strange Tax Argument238,664 views
- Apple's Very Clever Trick With The iPhone Trade-In Program 221,525 views
- Two Things Apple Got Absolutely Right In The iPhone 5s And iOS 7 206,159 views
- Six Waltons Have More Wealth Than the Bottom 30% of Americans 168,318 views
MORE FROM TIM WORSTALL
unforgivable imo
, that will conspire with another broad and you're STILL ed.
Snap chat is for getting pics not sending them. Just find some naive big ty bimbo who thinks she's safe and screenshot.
Snapchat is ing pointless. Inventing an app that does what I could already do texting? If you ho's wanna send ty pics, don't be half ass about it. The number of people using snapchat should be limited to those who want to send nudes and who are too pussy to own it and too stupid to know what a screenshot is.
You should have just snap chatted it. , I only read it for ten seconds before moving on.
it tells you if and who screenshots your pics
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
