In the summer of this year, “Vkontakte” has launched a rewards program for vulnerabilities. The minimum fee is $ 100. The reward depends on the severity vulnerabilities in direct proportion. Be that as it may, not all hackers are rushing to report about the vulnerabilities of the administration of the service, some are rushing to share with the public.
Found in “Vkontakte” vulnerability was publicly told by an expert Security company HeadLight Mikhail Firstov. Identified security loophole allows to intercept private messages in the attack known as Man-in-The-Middle (man in the middle).
Read someone else’s personal correspondence in social networks, it helps to be on the same wireless or local network with a computer or a mobile device of the victim, authorized in “Vkontakte”. To demonstrate the possibilities of exploiting this vulnerability, use the appropriate utility – vkmitm , which allows you to handle message traffic in real-time or offline from PCAP file.
As noted by Securitylab, Mikhail Firstov — the expert group penetration testing Security HeadLight . With 15 years speaks at major conferences on information security PHDays , Defcon Moscow , Zeronights . One of his last reports presented at the tenth meeting, Defcon Moscow, was devoted to the vulnerabilities of modern routers and modems.
“VKontakte” has not yet commented on reports about discovered vulnerabilities.
