I can't come up with a Snapchat usernames myself so I need some help. My name is Liliana and I really want a username that has something to do with my name so people can find me easily. So if anyone has any cute/funny/interesting/creative ideas to work with my name that'd be great.
Internet trolls and stalkers could use this information to harass people in real life, unmasking the anonymity and privacy Snapchat provides.
The scariest part for us is the possibility of a company utilizing this exploit on a massive scale, only to sell a database of Snapchat names, phone numbers and locations to a third party.
With little work, a malicious party could steal large amounts of data and sell it on a private market, and that's highly illegal.
Gibson's advisory explains, "Snapchat [uses] a fairly simple (yet strangely implemented) protocol on top of HTTP. We won't reveal anything about the protocol, only what is needed for these problems, but the rest is easily figured out. We are privacy conscious, being users of the service ourselves.
ZDNet asked Gibson if it had contacted Snapchat usernames to report the security issues.
The company told ZDNet that Snapchat isn't "exactly easy to get hold of." Gibson also "attempted to apply for the software developer position at Snapchat. We would gladly help improve the security and performance of the application but failed to get a response.
The advisory page states it believes that using the API implementation, someone could save media sent to them, launch a DoS (denial of service) attack against Snapchat users, build a database of usernames and phone numbers, "easily" connect names to aliases, and "with further work" connect social media accounts to Snapchat identities.
The researchers stress that they believe if someone was able to gain access to Snapchat's servers they could easily view, modify or replace snaps being sent.
Internet trolls and stalkers could use this information to harass people in real life, unmasking the anonymity and privacy Snapchat provides.
The scariest part for us is the possibility of a company utilizing this exploit on a massive scale, only to sell a database of Snapchat names, phone numbers and locations to a third party.
With little work, a malicious party could steal large amounts of data and sell it on a private market, and that's highly illegal.
Gibson's advisory explains, "Snapchat [uses] a fairly simple (yet strangely implemented) protocol on top of HTTP. We won't reveal anything about the protocol, only what is needed for these problems, but the rest is easily figured out. We are privacy conscious, being users of the service ourselves.
ZDNet asked Gibson if it had contacted Snapchat usernames to report the security issues.
The company told ZDNet that Snapchat isn't "exactly easy to get hold of." Gibson also "attempted to apply for the software developer position at Snapchat. We would gladly help improve the security and performance of the application but failed to get a response.
The advisory page states it believes that using the API implementation, someone could save media sent to them, launch a DoS (denial of service) attack against Snapchat users, build a database of usernames and phone numbers, "easily" connect names to aliases, and "with further work" connect social media accounts to Snapchat identities.
The researchers stress that they believe if someone was able to gain access to Snapchat's servers they could easily view, modify or replace snaps being sent.
