![]() However, in the context of an end-to-end encrypted communications application like Keybase, the failure takes on added weight, Jackson wrote. ![]() In most cases, the failure to remove files from cache after they were deleted would count as a "low priority" security flaw. chicksdaddy writes: The Security Ledger reports that a flaw in Zoom's Keybase secure chat application left copies of images contained in secure communications on Keybase users' computers after they were supposedly deleted, according to researchers from the security research group Sakura Samurai. Users can help keep themselves secure by applying current updates or downloading the latest Keybase software with all current security updates," the spokesman said. "We addressed the issue identified by the Sakura Samurai researchers on our Keybase platform in version 5.6.0 for Windows and macOS and version 5.6.1 for Linux. In a statement, a Zoom spokesman said that the company appreciates the work of the researchers and takes privacy and security "very seriously." The application used a custom extension to name the files, but they were easily viewable directly or simply by changing the custom file extension to the PNG image format, researcher John Jackson told Security Ledger. Sakura Samurai researchers Aubrey Cottle, Robert Willis, and Jackson Henry discovered an unencrypted directory, /Cache, associated with the Keybase client that contained a comprehensive record of images from encrypted chat sessions. It comes as millions of users have flocked to apps like Keybase, Signal and Telegram in recent months. The flaw in the encrypted messaging applicat. However, it could put their security, privacy and safety at risk, especially for users living under authoritarian regimes in which apps like Keybase and Signal are increasingly relied on as a way to conduct conversations out of earshot of law enforcement or security services. Exclusive: Flaws in Zoom’s Keybase App Kept Chat Images From Being Deleted A serious flaw in Zoom’s Keybase secure chat application left copies of images contained in secure communications on Keybase users’ computers after they were supposedly deleted. The flaw in the encrypted messaging application, CVE-2021-23827 does not expose Keybase users to remote compromise. I'm think this PGP info is also stored on my Macbook Air.Chicksdaddy writes: The Security Ledger reports that a flaw in Zoom's Keybase secure chat application left copies of images contained in secure communications on Keybase users' computers after they were supposedly deleted, according to researchers from the security research group Sakura Samurai. Maybe if I had done keybase login on my Macbook Pro and authenticated with my Keybase passphrase instead of the paper key I chose (or the other option - "another device")?Ģ) I also have a PGP fingerprint node in my graph with my Macbook Air as a parent and a couple of social media accounts as children. I think that worked?ġ) For future reference, is it possible to start a new link from the very top of my graph, which is labeled keybase"? Right now the only thing connected to that is my now-deleted Macbook Air node. This left the Macbook Air in my graph, but it's now greyed and marked as "deleted". I then revoked my Macbook Air with keybase device remove. This added my Macbook Pro to my graph as a child of the paper key. Update: I installed the Keybase macOS app on my Macbook Pro and authenticated using my paper key (a child of my Macbook Air key, the "eldest key", in my graph). I don't feel like I have a good grasp about how everything ties together and the underlying system works. I downloaded the Keybase app and basically followed the instructions in the docs to the letter, and opted to not upload my encrypted private key to Keybase. I originally setup Keybase on my Macbook Air. I haven't found the docs to be super helpful outside of the initial setup. edit: See my updated comment here Original Post. ![]() I'm a software engineer so I'm relatively comfortable on the command line, but I don't really ever work with crypto so PGP is pretty foreign to me (and I don't really understand what to use the keybase CLI for vs. I now have a new Macbook Pro that I'm replacing my Macbook Air with, and I'd like to move everything over to the MBP so I can comfortably wipe and sell the MBA.ġ) What's the best way to accomplish this? The original private key is on my Macbook Air, so I'm guessing I need to extract this, move it to my MBP, and then import it?Ģ) Do I need to "deauthorize" my MBA somehow? Right now it's at the base of my "graph", 1 level down from my keybase account, and everything else below is tied to it (social media accounts, PGP, paper). ![]() ![]()
0 Comments
Leave a Reply. |