Cellular security

T-Mobile quietly upgrades 2G network security

We teach you

How Microsoft Account two-step verification works

Here we go again

Dropbox accounts hacked, service not to blame for leak

Hypothetical threat watch

New malware exploits USB, but isn't really that scary

Microsoft News

Microsoft issues security advisory affecting all versions of Windows, Windows Phone

General News

UK government set to rush through emergency surveillance legislation

General News

UK officials follow US counterparts by banning electronics that have no charge from boarding flights

Microsoft News

Microsoft restores control of seized domains to No-IP

Windows Apps

1Password for Windows gets much needed 4.0 update

Editorials

Using strong passwords and keeping your online self secure

General News

First smartphone 'kill switch' bill in the US passed by… Minnesota

Windows Phone Apps

Secure your passwords and critical information with Enpass Password Manager

General News

Bitly alerts users of widespread account compromises, claims no accounts have been accessed

Windows Phone Apps

John McAfee's Chadder aims to keep your messages private, lands on Windows Phone before iOS

Windows

Microsoft issues security patch for Internet Explorer

Microsoft News

Microsoft issues warning about limited, targeted attack vulnerability in Internet Explorer

Windows

Windows 8.1 Update 1 enterprise rollouts slowed due to security bug

How To

Get secure by encrypting your PC with Microsoft BitLocker for Windows 8 Pro

Microsoft News

Microsoft Store giving away $100 credit; simply trade up your Windows XP dinosaur (US and Canada Only)

Microsoft News

Microsoft says it's really time to dump Windows XP thru this clever infograph

< >
1

Kik Messenger communicating without SSL

While nothing to be fearful about, I wouldn't recommend sending your bank account number and sort code via Kik Messenger for Windows Phone anytime soon, not that you would anyway. While the user's password is sent either hashed or encrypted, it's reported that Kik is sending user email addresses and messages in clear-text, viewable by any middle man, over an open connection (i.e. unsecured WiFi).

Mike Cardwell, a well established IT specialist, reported a year ago how Kik was insecure with Blackberry, Android and iOS. Kik has since resolved these issues this year and have commented on an article over at Within Windows covering the WP7 client:

 "Hi Rafael, Corry from Kik here. Thanks for your analysis.We are aware of this issue and plan to add WP7 message encryption in a future release. We want to reiterate that the password is not being sent in clear-text, and that our Android and iPhone clients feature full SSL encryption (login info + messages), as Mike Cardwell mentioned in his comment."

At least our passwords are safe, although we do recommend using multiple passwords for your online accounts, especially between social networks and e-commerce sites. Hopefully security will be added for emails and messages in Kik at some point in the near future. Use over 3G should be fine since the signal is encrypted.

Source: Within Windows and Mike Cardwell, thanks insi for the tip!

0
loading...
0
loading...
0
loading...
0
loading...

Reader comments

Kik Messenger communicating without SSL

1 Comment

There are several apps that are "light" on some of those basic measures for secure messaging - not good for the free wifi locations. Compare to the 4UrEyezOnly app which provides DRM communications and additional features