mirror of
https://github.com/MarshalX/telegram-crawler.git
synced 2024-12-04 22:15:07 +01:00
216 lines
14 KiB
HTML
216 lines
14 KiB
HTML
<!DOCTYPE html>
|
||
<html class="">
|
||
<head>
|
||
<meta charset="utf-8">
|
||
<title>Crowdsourcing a More Secure Future</title>
|
||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||
<meta property="og:title" content="Crowdsourcing a More Secure Future">
|
||
<meta property="og:image" content="https://telegram.org/img/tl_card_castle.png">
|
||
<meta property="og:site_name" content="Telegram">
|
||
<meta property="og:description" content="A guy from Russia just earned $100,000. Crowdsourcing a More Secure Future">
|
||
|
||
<meta name="twitter:card" content="summary_large_image" /><meta name="twitter:image" content="https://telegram.org/img/tl_card_castle.png" />
|
||
<meta property="fb:app_id" content="254098051407226">
|
||
<meta property="vk:app_id" content="3782569">
|
||
<meta name="apple-itunes-app" content="app-id=686449807">
|
||
<meta name="telegram:channel" content="@telegram">
|
||
<link rel="canonical" href="https://telegram.org/blog/crowdsourcing-a-more-secure-future" />
|
||
<link rel="icon" type="image/svg+xml" href="/img/website_icon.svg?4">
|
||
<link rel="apple-touch-icon" sizes="180x180" href="/img/apple-touch-icon.png">
|
||
<link rel="icon" type="image/png" sizes="32x32" href="/img/favicon-32x32.png">
|
||
<link rel="icon" type="image/png" sizes="16x16" href="/img/favicon-16x16.png">
|
||
<link rel="alternate icon" href="/img/favicon.ico" type="image/x-icon" />
|
||
<link href="/css/bootstrap.min.css?3" rel="stylesheet">
|
||
|
||
<link href="/css/telegram.css?241" rel="stylesheet" media="screen">
|
||
</head>
|
||
<body class="preload">
|
||
<div id="fb-root"></div>
|
||
<div class="tl_page_wrap">
|
||
<div class="tl_page_head navbar navbar-static-top navbar navbar-tg">
|
||
<div class="navbar-inner">
|
||
<div class="container clearfix">
|
||
<ul class="nav navbar-nav navbar-right"><li class="dropdown top_lang_select"><a class="dropdown-toggle" onclick="return dropdownClick(this, event)" href="#"><i class="dev_top_lang_icon"></i>EN <b class="minicaret"></b></a>
|
||
<ul class="dropdown-menu"><li class="chosen "><a href="?setln=en">English</a></li><li class="long "><a href="?setln=id">Bahasa Indonesia</a></li><li class="long "><a href="?setln=ms">Bahasa Melayu</a></li><li class=""><a href="?setln=de">Deutsch</a></li><li class=""><a href="?setln=es">Español</a></li><li class=""><a href="?setln=fr">Français</a></li><li class=""><a href="?setln=it">Italiano</a></li><li class=""><a href="?setln=nl">Nederlands</a></li><li class=""><a href="?setln=uz">O‘zbek</a></li><li class=""><a href="?setln=pl">Polski</a></li><li class="long "><a href="?setln=pt-br">Português (Brasil)</a></li><li class=""><a href="?setln=tr">Türkçe</a></li><li class=""><a href="?setln=be">Беларуская</a></li><li class=""><a href="?setln=ru">Русский</a></li><li class=""><a href="?setln=uk">Українська</a></li><li class=""><a href="?setln=ar">العربية</a></li><li class=""><a href="?setln=fa">فارسی</a></li><li class=""><a href="?setln=ko">한국어</a></li></ul></li><li class="navbar-twitter hidden-xs"><a href="https://twitter.com/telegram" target="_blank" data-track="Follow/Twitter" onclick="trackDlClick(this, event)"><i class="icon icon-twitter"></i> Twitter</a></li></ul>
|
||
<ul class="nav navbar-nav">
|
||
<li class=""><a href="/">Home</a></li>
|
||
<li class=""><a href="/faq">FAQ</a></li>
|
||
<li class=""><a href="/apps">Apps</a></li>
|
||
<li class="hidden-xs "><a href="//core.telegram.org/api">API</a></li>
|
||
<li class="hidden-xs "><a href="//core.telegram.org/mtproto">Protocol</a></li>
|
||
</ul>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
<div class="container clearfix tl_page_container ">
|
||
<div class="tl_page">
|
||
<div class="tl_contest_page_wrap">
|
||
<div class="tl_blog_side_blog"><div class="side_blog_wrap">
|
||
<div class="side_blog">
|
||
<a href="/blog" class="side_blog_header">Recent News</a>
|
||
<div class="side_blog_entries">
|
||
<a href="/blog/star-giveaways-iv-in-browser" class="side_blog_entry">
|
||
<div class="side_blog_date">Sep 6</div>
|
||
<div class="side_blog_title">Star Giveaways and More</div>
|
||
</a><a href="/blog/superchannels-star-reactions-subscriptions" class="side_blog_entry">
|
||
<div class="side_blog_date">Aug 14</div>
|
||
<div class="side_blog_title">Super Channels, Star Reactions and Subscriptions</div>
|
||
</a><a href="/blog/w3-browser-mini-app-store" class="side_blog_entry">
|
||
<div class="side_blog_date">Jul 31</div>
|
||
<div class="side_blog_title">Telegram Browser, Mini App Store, Gifting Stars and More</div>
|
||
</a><a href="/blog/mini-app-bar-paid-media-and-more" class="side_blog_entry">
|
||
<div class="side_blog_date">Jun 30</div>
|
||
<div class="side_blog_title">Mini App Bar, Paid Media, Story Search & More</div>
|
||
</a><a href="/blog/telegram-stars" class="side_blog_entry">
|
||
<div class="side_blog_date">Jun 6</div>
|
||
<div class="side_blog_title">Telegram Stars: Pay for Digital Goods and More</div>
|
||
</a><a href="/blog/message-effects-and-more" class="side_blog_entry">
|
||
<div class="side_blog_date">May 31</div>
|
||
<div class="side_blog_title">Message Effects, Hashtag Search, and More</div>
|
||
</a><a href="/blog/my-profile-and-15-more" class="side_blog_entry">
|
||
<div class="side_blog_date">Apr 25</div>
|
||
<div class="side_blog_title">My Profile, Recommended Channels and 15 More Features</div>
|
||
</a>
|
||
</div>
|
||
</div>
|
||
</div></div>
|
||
<div id="dev_page_content_wrap" class=" ">
|
||
<div class="dev_page_bread_crumbs"></div>
|
||
<h1 id="dev_page_title">Crowdsourcing a More Secure Future</h1>
|
||
|
||
<div id="dev_page_content"><div class="blog_side_image_wrap">
|
||
<img src="/img/tl_card_castle.png" class="blog_side_image"/>
|
||
</div>
|
||
|
||
<blockquote>
|
||
<p><strong>UPD:</strong> See <a href="https://core.telegram.org/bug-bounty">this page</a> for the latest details about the <a href="https://core.telegram.org/bug-bounty">Telegram Bug Bounty Program</a>.</p>
|
||
</blockquote>
|
||
<p>A few days ago we launched a <a href="http://telegram.org/crypto_contest"><strong>contest</strong></a> to improve Telegram's security and are delighted to already have the first results. A <a href="http://habrahabr.ru">Russian IT-community</a> user identified a potentially vulnerable spot in our secret chat implementation. While this would not help him decipher the traffic and win <a href="http://telegram.org/crypto_contest">the contest</a>, his achievement deserves a notice — and a big prize.</p>
|
||
<blockquote>
|
||
<p>The habrahabr user <a href="http://habrahabr.ru/users/x7mz/">x7mz</a> had discovered that in case the Telegram server could be seized by a malicious third party, it could send different nonce numbers to each of the clients participating in a secret chat.</p>
|
||
<p>These nonce numbers were introduced to add more randomness to the secret chat keys, mostly because of possible undiscovered vulnerabilities of the random generators on mobile devices (for example, one such vulnerability was found this August in <a href="http://android-developers.blogspot.ru/2013/08/some-securerandom-thoughts.html">android phones</a>).</p>
|
||
<p>As was pointed out, this solution would have also made it possible for the visual representations of the shared secret key to be identical in case of a man-in-the-middle attack — provided such attack was done by the seized server. Obviously, the server has been under Telegram's control all this time, so this theoretical threat never had a chance to come to life.</p>
|
||
</blockquote>
|
||
<p>The developer who found the potential weakness has earned a reward of <strong>$100,000</strong>. We have contacted him to find out how he would like to collect his prize.</p>
|
||
<p>A similar reward awaits anyone who finds viable ways of compromising <a href="https://core.telegram.org/mtproto">MTProto’s</a> security (and there is an outstanding reward of $200,000 for <a href="http://telegram.org/crypto_contest">deciphering Telegram traffic</a>). All submissions to <strong>security@telegram.org</strong> which result in a change of code or configuration are eligible for bounties, ranging from <strong>$500</strong> to <strong>$100,000</strong> or more, depending on the severity of the issue.</p>
|
||
<p>This story showcases the importance of keeping the <a href="https://core.telegram.org/mtproto">protocol specification</a> and <a href="http://telegram.org/source">source code</a> open — this way thousands of bright minds from all over the world can help us find potential vulnerabilities and improve the protocol.</p>
|
||
<p>Let’s keep on looking for any weak spots. Together we can make Telegram unbreakable.</p>
|
||
<p>December 21, 2013<br><em>The Telegram Team</em></p>
|
||
</div>
|
||
|
||
</div>
|
||
<div class="tl_main_share clearfix">
|
||
<a href="https://t.me/share/url?url=https%3A%2F%2Ftelegram.org%2Fblog%2Fcrowdsourcing-a-more-secure-future&text=A%20guy%20from%20Russia%20just%20earned%20%24100%2C000.%20Crowdsourcing%20a%20More%20Secure%20Future" class="tl_telegram_share_btn" id="tl_telegram_share_btn" data-text="A guy from Russia just earned $100,000. Crowdsourcing a More Secure Future" data-url="https://telegram.org/blog/crowdsourcing-a-more-secure-future"><i class="tl_telegram_share_icon"></i><span class="tl_telegram_share_label" target="_blank">Forward</span></a>
|
||
<a href="https://twitter.com/share" class="tl_twitter_share_btn" id="tl_twitter_share_btn" data-text="A guy from Russia just earned $100,000. Crowdsourcing a More Secure Future" data-url="https://telegram.org/blog/crowdsourcing-a-more-secure-future" data-via="Telegram">Tweet <span class="tl_twitter_share_cnt"></span></a>
|
||
</div>
|
||
|
||
</div>
|
||
<div class="tl_main_recent_news_wrap tlb_other_news_wrap tl_blog_list_page_wrap">
|
||
<h3 class="tl_main_recent_news_header">
|
||
<a href="/blog">Other News</a>
|
||
</h3>
|
||
<div class="tl_main_recent_news_cards clearfix">
|
||
<a class="dev_blog_card_link_wrap" href="/blog/star-giveaways-iv-in-browser"><div class="dev_blog_card_wrap">
|
||
<img class="dev_blog_card_image" src="https://telegram.org/file/400780400331/1/tuLhKJmWKdw.276665/463e789d166b4e3890" />
|
||
<div class="dev_blog_card_alltext_wrap">
|
||
<h4 class="dev_blog_card_title">Star Giveaways and More</h4>
|
||
<div class="dev_blog_card_lead">With today's update, groups and channels can use Telegram Stars as prizes in Giveaways. Also, any article you open in the Telegram Browser can now be converted to Instant View, making…</div>
|
||
</div>
|
||
<div class="dev_blog_card_date">Sep 6, 2024</div>
|
||
</div></a><a class="dev_blog_card_link_wrap" href="/blog/superchannels-star-reactions-subscriptions"><div class="dev_blog_card_wrap">
|
||
<img class="dev_blog_card_image" src="https://telegram.org/file/400780400436/1/AFpKVW0u5fw.267441/5fd61b6d2531113c45" />
|
||
<div class="dev_blog_card_alltext_wrap">
|
||
<h4 class="dev_blog_card_title">Super Channels, Star Reactions and Subscriptions</h4>
|
||
<div class="dev_blog_card_lead">Today is Telegram's 11th anniversary. Meet Star Reactions and Star Subscriptions that let users support content creators, paid media for…</div>
|
||
</div>
|
||
<div class="dev_blog_card_date">Aug 14, 2024</div>
|
||
</div></a><a class="dev_blog_card_link_wrap" href="/blog/w3-browser-mini-app-store"><div class="dev_blog_card_wrap">
|
||
<img class="dev_blog_card_image" src="https://telegram.org/file/400780400778/4/yJDJIfzD2yk.228129/e8b08c158413db534e" />
|
||
<div class="dev_blog_card_alltext_wrap">
|
||
<h4 class="dev_blog_card_title">Telegram Browser, Mini App Store, Gifting Stars and More</h4>
|
||
<div class="dev_blog_card_lead">Today's update brings a new in-app browser that supports multiple tabs and makes Web3 available to almost a billion users, a Mini App Store…</div>
|
||
</div>
|
||
<div class="dev_blog_card_date">Jul 31, 2024</div>
|
||
</div></a><a class="dev_blog_card_link_wrap" href="/blog/mini-app-bar-paid-media-and-more"><div class="dev_blog_card_wrap">
|
||
<img class="dev_blog_card_image" src="https://telegram.org/file/400780400026/1/xwmW8Qofk5M.263566/16218cb12e7549e76b" />
|
||
<div class="dev_blog_card_alltext_wrap">
|
||
<h4 class="dev_blog_card_title">Mini App Bar, Paid Media, Story Search & More</h4>
|
||
<div class="dev_blog_card_lead">Our June update adds a way to minimize mini apps into a compact bar, helps content creators monetize their channels with paid photos and…</div>
|
||
</div>
|
||
<div class="dev_blog_card_date">Jun 30, 2024</div>
|
||
</div></a>
|
||
</div>
|
||
</div>
|
||
|
||
</div>
|
||
</div>
|
||
</div>
|
||
<div class="footer_wrap">
|
||
<div class="footer_columns_wrap footer_desktop">
|
||
<div class="footer_column footer_column_telegram">
|
||
<h5>Telegram</h5>
|
||
<div class="footer_telegram_description"></div>
|
||
Telegram is a cloud-based mobile and desktop messaging app with a focus on security and speed.
|
||
</div>
|
||
|
||
<div class="footer_column">
|
||
<h5><a href="/faq">About</a></h5>
|
||
<ul>
|
||
<li><a href="/faq">FAQ</a></li>
|
||
<li><a href="/privacy">Privacy</a></li>
|
||
<li><a href="/press">Press</a></li>
|
||
</ul>
|
||
</div>
|
||
<div class="footer_column">
|
||
<h5><a href="/apps#mobile-apps">Mobile Apps</a></h5>
|
||
<ul>
|
||
<li><a href="/dl/ios">iPhone/iPad</a></li>
|
||
<li><a href="/android">Android</a></li>
|
||
<li><a href="/dl/web">Mobile Web</a></li>
|
||
</ul>
|
||
</div>
|
||
<div class="footer_column">
|
||
<h5><a href="/apps#desktop-apps">Desktop Apps</a></h5>
|
||
<ul>
|
||
<li><a href="//desktop.telegram.org/">PC/Mac/Linux</a></li>
|
||
<li><a href="//macos.telegram.org/">macOS</a></li>
|
||
<li><a href="/dl/web">Web-browser</a></li>
|
||
</ul>
|
||
</div>
|
||
<div class="footer_column footer_column_platform">
|
||
<h5><a href="//core.telegram.org/">Platform</a></h5>
|
||
<ul>
|
||
<li><a href="//core.telegram.org/api">API</a></li>
|
||
<li><a href="//translations.telegram.org/">Translations</a></li>
|
||
<li><a href="//instantview.telegram.org/">Instant View</a></li>
|
||
</ul>
|
||
</div>
|
||
</div>
|
||
<div class="footer_columns_wrap footer_mobile">
|
||
<div class="footer_column">
|
||
<h5><a href="/faq">About</a></h5>
|
||
</div>
|
||
<div class="footer_column">
|
||
<h5><a href="/blog">Blog</a></h5>
|
||
</div>
|
||
<div class="footer_column">
|
||
<h5><a href="/apps">Apps</a></h5>
|
||
</div>
|
||
<div class="footer_column">
|
||
<h5><a href="//core.telegram.org/">Platform</a></h5>
|
||
</div>
|
||
<div class="footer_column">
|
||
<h5><a href="/press">Press</a></h5>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
<script src="/js/main.js?47"></script>
|
||
|
||
<script>twitterCustomShareInit();
|
||
blogSideImageInit();
|
||
backToTopInit("Go up");
|
||
removePreloadInit();
|
||
</script>
|
||
</body>
|
||
</html>
|
||
|