Philippe Vialle
3.7K posts
@ph_V
Cyber security engineer working in SecOps, and teacher in Master's degree. Please note that those publications are my own view.
Today marks the 10th anniversary of the #GDPR’s adoption, the 1st comprehensive data protection framework spanning an entire continent. Have you ever wondered what the data protection landscape looked like before the GDPR? Watch the video to find out more!
Hacking the #EU #AgeVerification app in under 2 minutes. During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory. 1. It shouldn't be encrypted at all - that's a really poor design. 2. It's not cryptographically tied to the vault which contains the identity data. So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app. After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid. Other issues: 1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying. 2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step. Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
🔴 Logis Hotels : Fuite de données massive - 600 000 personnes exposées, 14 ans d’historique (programme fidélité ETIK) Le hacker HexDex revendique le piratage de Logis Hotels, réseau de plus de 6 300 hôtels et restaurants en France. Une base de données massive (≈600K clients) serait mise en vente, couvrant plus de 14 ans de réservations et d’activité. Données potentiellement exposées : ➡️ Identité (nom, prénom, date de naissance, société) ➡️ Contact (email, téléphone, préférences marketing) ➡️ Adresse postale complète ➡️ Numéro de carte fidélité & statut ➡️ Comptes de points & historiques de transactions ➡️ Facturation & dépenses hôtelières ➡️ Bons cadeaux & campagnes ➡️ Identifiants de connexion (login)
