It only took five hours to close a critical vulnerability in Signal’s desktop client

A critical vulnerability found in the desktop version of secure messaging app Signal was patched less than five hours after disclosure to the developers, a rapid response that’s earned some plaudits from observers. Security researchers detailed a remote code execution flaw in the Signal desktop application across Windows, Mac OSX and Linux operating systems. A hacker could execute code on a targeted system just by sending a message to the victim because Signal’s desktop app failed to sanitize specific HTML tags that can inject HTML code into remote chat windows. “The critical thing here was that it didn’t require any interaction form[sic] the victim, other than simply being in the conversation,” the researchers wrote. “Anyone can initiate a conversation in Signal, so the attacker just needs to send a specially crafted URL to pwn the victim without further action. And it is platform independent!” Joshua Lund, a developer at Signal, commented that “exploiting this requires the attacker […]

The post It only took five hours to close a critical vulnerability in Signal’s desktop client appeared first on Cyberscoop.

Continue reading It only took five hours to close a critical vulnerability in Signal’s desktop client

Skype users are finally getting end-to-end encryption

The move was announced on Thursday by Open Whisper Systems, the software organization behind the open source Signal Protocol, which has been implemented by Microsoft to offer the feature. Private Conversations The option, named Private Conversations, i… Continue reading Skype users are finally getting end-to-end encryption

Signal Testing New Private Contact Discovery Service

Signal is testing out a new private contact discovery service that will let the app determine if a user has Signal contacts in their address book, but forbid its servers from accessing the users’ address book. Continue reading Signal Testing New Private Contact Discovery Service

Senate’s Use of Signal A Good First Step, Experts Say

The Senate’s use of the end-to-end encrypted messaging app Signal is a good first step in protecting U.S. democratic institutions, but much more needs to be protected. Continue reading Senate’s Use of Signal A Good First Step, Experts Say

WikiLeaks Dumps Docs on CIA’s Hacking Tools

WikiLeaks on Tuesday dropped one of its most explosive word bombs ever: A secret trove of documents apparently stolen from the U.S. Central Intelligence Agency (CIA) detailing methods of hacking everything from smart phones and TVs to compromising Internet routers and computers. KrebsOnSecurity is still digesting much of this fascinating data cache, but here are some first impressions based on what I’ve seen so far. Continue reading WikiLeaks Dumps Docs on CIA’s Hacking Tools

WikiLeaks Dumps Docs on CIA’s Hacking Tools

WikiLeaks on Tuesday dropped one of its most explosive word bombs ever: A secret trove of documents apparently stolen from the U.S. Central Intelligence Agency (CIA) detailing methods of hacking everything from smart phones and TVs to compromising Internet routers and computers. KrebsOnSecurity is still digesting much of this fascinating data cache, but here are some first impressions based on what I’ve seen so far. Continue reading WikiLeaks Dumps Docs on CIA’s Hacking Tools

Why WhatsApp’s ‘Backdoor’ Isn’t a Backdoor

A chorus of security experts say allegations WhatsApp’s end-to-end messaging platform has a backdoor are wrong and explain why reports making the claim are false. Continue reading Why WhatsApp’s ‘Backdoor’ Isn’t a Backdoor