Users of the Signal messaging app got hit by a hacker attack. We analyze what happened and why the attack demonstrates that Signal is reliable.

1 point

so… a bunch of twilio employees had (and still have) exactly the capability that the attackers gained with this phishing attack. As do employees of Signal, Amazon, and various telecom companies, not to mention governments.

“Secure messenger” and “requires a telephone number” are not compatible concepts.

permalink
report
reply
-3 points
*
Removed by mod
permalink
report
parent
reply
0 points
*

Signal’s “sealed sender” metadata protection is a farce.

Their use of phone number identifiers is a gift to police and other violent adversaries around the world, including those that amazon doesn’t cooperate with. When one person’s phone gets seized or otherwise compromised, that adversary gets a list of the phone numbers - aka strong selectors in intelligence lingo - of all of the victim’s contacts.

Signal’s initial growth was funded with millions of USD from the US government, ostensibly for use by dissidents in places like China and Iran. The former requires ID to obtain a phone number, and the latter requires fingerprints. Even people who support the US’s soft power efforts to aid dissidents in those countries should be disturbed by the promotion of the use of phone numbers for “secure communication” in those contexts.

permalink
report
parent
reply
-3 points
*
Removed by mod
permalink
report
parent
reply
1 point

My Dog, “hackers hacking a hack”.

Can we please stop using the word “hacker” when we mean “cybercriminals”, “attackers”, “malicious agents”? We have plenty better terms. Like… “cybercriminals”, “attackers”, “malicious agents”: https://rys.io/en/155.html

I mean, I get the need for clickbaity titles and all, but surely we can do better.

permalink
report
reply
1 point

First, I did not make the title, I just linked an article.

Second, I get that you wish people did not use the word “hacker” the way they do, but… isn’t it how natural languages work? Words mean what people them for. I wish “crypto” did not mean “cryptocurrencies”, butibn many contexts it does. That’s life.

Talking about clickbaits, what about linking to your blog everywhere you can? It’s completely off topic (the link is about Signal, your blog is about how people misuse a word according to you), but nobody complains, because apparently you thought it was relevant, just like the author thought that calling them “hackers” was fine.

permalink
report
parent
reply
1 point
*

Complaining about use of the word hacker is the tech nerd’s equivalent of complaining about clips vs magazines. It doesn’t matter and everyone understands it anyway, there is absolutely no reason to be bent out of shape by it except in situations where being specific and clear instead of generalising actually matters.

Gun nerds deserve being laughed at for getting upset over it and so do tech nerds.

permalink
report
parent
reply
2 points
*

Gun nerds deserve being laughed at for getting upset over it and so do tech nerds.

People are allowed to ridicule me for nerding out my passion pompously, or any sort of perceived sincerity, for that matter.

I’ve always held that sincerity alone shouldn’t implicitly justify immunity from ridicule, but the ridicule tends to work better if it’s sincere in its own right.

What’s better is using it as a handy way to temper my own zealotry.

Complaining about people complaining does get old fast, however.

permalink
report
parent
reply
-2 points
*
Removed by mod
permalink
report
parent
reply

Security

!security@lemmy.ml

Create post

Confidentiality Integrity Availability

Community stats

  • 49

    Monthly active users

  • 203

    Posts

  • 358

    Comments

Community moderators