MITM в альтернативном Telegram-клиенте Telega: разбор инцидента и технические детали
В середине марта 2026 года в открытом доступе появились исследования, указывающие на то, что популярный альтернативный клиент Telegram под названием Telega
https://enep-home.ru/2026/03/26/mitm-в-альтернативном-telegram-клиенте-telega-разбор-и/
#IPSec #MITM #MTProto #PFS #RFC2412 #RSA #telega #telegram #безопасность #мессенджер #шифрование
Bypassing iOS Application (17.x) SSL Pinning via Frida
This vulnerability involved bypassing SSL pinning using Frida, an open-source dynamic code injection tool for mobile and desktop platforms. The application trusted its own SSL certificates without validating that the certificate chain matched during app startup. By leveraging Frida to modify the SSL verification process in memory, the researcher injected a malicious root certificate into the trusted certificate store. This enabled interception of all network traffic by a man-in-the-middle attacker, effectively bypassing SSL pinning. The application's failure to perform proper SSL certificate validation allowed the attacker to conduct MitM attacks and potentially steal sensitive data. The researcher received $10,000 for disclosing this issue, and the app developer patched the vulnerability. To prevent similar issues, it is crucial to implement strict SSL pinning that includes verification of the entire certificate chain at both app startup and throughout the lifecycle. Key lesson: Always verify SSL certificates in memory and during every network request #BugBounty #Cybersecurity #SSL #MitM #iOS
And Cloudflare (see Alt text), Fastly and cloud/SaaS providers have access to anything anyway. #NoQuantumComputerNeeded
When has it become normal practice to intercept (as in #MitM attack!) connections secured by a #letsencrypt certificate? That's outrageous!
For years and years I didn't have a single such issue with my selfhosted service, but recently I had the "pleasure" - twice! - to deal with such malicious networks. It's beginning to be a huge annoyance. (Some of my services are relevant for my work.)
Do we have to go back to paid certificates??
@drscriptt @lobsters I know, because it's basically a poor-persons method of "sharding" data into smaller blocks and then iterating i.e. TXT records…
@grammasaurus : if I understand the patent correctly, the content seen by a user in their browser will not for 100% originate from your website given its domain name.
However, Google may let their Chrome browser show your domain name in the address bar and even suggest that a server-authenticated and encrypted valid https connection is being used (proving the authenticity of your website, which is then fully broken).
Google may even force other browser makers (such as Mozilla, sponsored by Google) to do the same.
#Authenticity #Authentic #MitM #AitM #GoogleIsEvil #BigTechIsEvil #TLSisBroken #httpsIsBroken #httpsIsNoLongerE2EE #E2EE
@makepkg It's not a matter of paranoia, but acknowledging #dependencies and how those can be abused abainst oneself.
@makepkg Congratulations!
ENEP Linuxoid
Bug Bounty Shorts
Erik van Straten
hambier
Kevin Karhan 
Reel Tubes
Justin Derrick