Posts match “ telegram ” tag:

難防的漏洞

近日有Whatspp群組對話內容流出,當中更牽涉前保安局局長,掀起大眾關注「資訊科技保安」的議題。

「資訊科技保安」的概念說起來高深艱澀,當中不乏複雜用於加密的數學公式、確保登入者身份的認證方式等等。可惜,最常見的「保安漏洞」,往往不在資訊科技本身。

城市內有數間大宅一夜間接連被偷竊,有些甚至號稱保安十分完善。而且小偷手法相當純熟,這些大宅毫無破門痕跡。當人們大惑不解之際,涉案犯人終於落網。原來方法極為顯淺,小偷抓住了一個人們的心理「漏洞」:「人們提防沒帶鑰匙,通常會在信箱或是地毯下放一條後備鑰匙。」

去年,世上五個最常被使用的密碼分別是 「123456」 、「password」 、「12345」 、「12345678」和「qwerty」。駭客按著這排名表試著登入一萬個帳戶,總會有數個收穫。但不少系統基於保安原因,會強逼使用者設定較為複雜難記的密碼組合(例如: e3$!9Hmd2#&n4 )。由於超越記憶所及,不少人都會現實中在電腦附近放一條「後備鑰匙」。至於放在哪裡?不妨在辦公室走一圈,看看有多少收穫。

人類進化的,可能只有工具。

自從流動裝置普及以來,「埋身」的保安攻擊更趨容易。以往總要登上辦公室或者家裡才能登入對方的電腦,現在目標卻近在眼前。最強的「攻擊」根本不用使用「惡意軟件」或「木馬程式」,而是掌握心理漏洞。

是次建制派Whatsapp群組對話流出不幸事件,牽涉的「漏洞」更為低階,實際上與使用甚麼通訊軟件毫無關係。簡單來說,就是一群人在銀行提款機前,犯上不以手稍稍遮擋便直接輸入提款卡密碼的低階錯誤。

事後,不少議員紛紛轉用Telegram,應是見其加密功能較Whatsapp佳。然而Telegram 群組其實亦未有「秘密群組」功能,如若「人類總是要犯相同的錯誤」的話,或許號稱最為安全的Telegram也幫不上忙了。

終歸到底,日防夜防,難防的始終是:站在身後的人、Screen Cap,以及群組內的「隊友」。

comments powered by Disqus

Telegram Stickers

I (and my friends) fancy the stickers in Telegram a lot. That's actually how I pitched groups of my friends migrated from other WhatsApp to Telegram - just because it supports stickers.

Of course, Telegram is also a fast, rich and secure instant messenger app with an insanely smooth user interface.

First introduction of stickers

The first set of stickers was introduced in January 2015.

Telegram planned to offer stickers in for free:

All our stickers are and will be completely free, and you can always create and share your own stickers.

At first, there is only one set of official sticker on Telegram.

Make and submitting custom stickers

Since May 2015, artists can submit sticker sets to Telegram. I created a set of cat's sticker with our own cats, and the sticker attracted a large group of friends starting to use Telegram.

Submitting stickers doesn't require permissions nor approvals like Line / iMessage or other platforms do.

It's awesome to encourage sticker creation and sharing.

Distribution sites and channels

Since there is no official store in Telegram, distribution of stickers becomes a problem.

Then it appears loads of sites that list and distribute stickers for free.

Upon simple googling, I found many sticker catelog sites.

Stickers' original creator has no way to stop from people who steals

Despite Telegram wanted to create a open, free and limitless eco-system for stickers.

Open and free stickers seem to be great for consumers. Everyone can submit stickers and others can add them with a public link.

Submitter != creator

Sometimes, the one who submit the sticker might not be the original artist. They just download existing sticker packs from other platforms and upload them to Telegram.

"At least the stickers are for free and it doesn't be made profitable to anyone" - some may think.

Similar to freeware, being free doesn't imply you have the right to use the original work without permission.

Example

The Bac Bac's Diray sticker is popular on Line by artist Darylhochi.


ref. https://store.line.me/stickershop/product/1040299/
ref. https://store.line.me/stickershop/product/1140113/

The complete pack of stickers can be added with this link: https://telegram.me/addstickers/BacBac . However, Darylhochi claimed on their Facebook post that the stickers are not uploaded by them.


https://www.facebook.com/darylhochi.illustrations/posts/1129855440432047

Unlike other platforms, there is no way to prevent users from re-distributing copyright protected artworks as stickers.

Stickers are great, I hope they can be better.

Telegram may not have a plan to set up a sticker store yet. But as a creator, Telegram should to take some action to make sure creativity and effort of creators from the world is well-repected.


David Ng, Product Manager at Skygear.io

comments powered by Disqus