Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

New Settings Let Hackers Easily Pentest Facebook, Instagram Mobile Apps

Facebook has introduced a new feature in its platform that has been designed to make it easier for bug bounty hunters to find security flaws in Facebook, Messenger, and Instagram Android applications.

Since almost all Facebook-owned apps by default use security mechanisms such as Certificate Pinning to ensure integrity and confidentiality of the traffic, it makes it harder for white hat hackers and security researchers to intercept and analyze network traffic to find server-side security vulnerabilities.

For those unaware, Certificate Pinning is a security mechanism designed to prevent users of an application from being a victim of network-based attacks by automatically rejecting the whole connection from sites that offer bogus SSL certificates.

Dubbed "Whitehat Settings," the new option now lets researchers easily bypass Certificate Pinning on the Facebook-owned mobile apps by: Disabling Facebook's TLS 1.3 supportEnabling proxy for Platform API requestsUsing...(continued)
View All Trending Stories