Collaborate Disseminate
Over the weekend rumours circulated on social networks of an unpatched security hole in the Signal messaging app that could allow a remote hacker to seize control of your smartphone.
But were they true?
Read more in my article on the Hot for Secu… Continue reading Signal debunks online rumours of zero-day security vulnerability
The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applic… Continue reading Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)
Totally expected, but still good to hear:
Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the country’s recently passed Online Safety Bill forced Signal to build “backdoors” into its end-to-end encryption.
“We would leave the U.K. or any jurisdiction if it came down to the choice between backdooring our encryption and betraying the people who count on us for privacy, or leaving,” Whittaker said. “And that’s never not true.”…
Continue reading Signal Will Leave the UK Rather Than Add a Backdoor
Signal has announced an upgrade to its end-to-end encryption (E2EE) protocol to protect users of its popular messaging app from encryption-breaking attacks through quantum computers. Getting ready for quantum computing “Quantum computing represen… Continue reading Signal takes a quantum leap with E2EE protocol upgrade
Google removed fake Signal and Telegram apps from its Play store.
An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also available in the Samsung app store and on signalplus[.]org, a dedicated website mimicking the official Signal.org. An app calling itself FlyGram, meanwhile, was created by the same threat actor and was available through the same three channels. Google removed it from Play in 2021. Both apps remain available in the Samsung store…
Continue reading Fake Signal and Telegram Apps in the Google Play Store
ESET researchers have identified two active campaigns targeting Android users, where the threat actors behind the tools for Telegram and Signal are attributed to the China-aligned APT group GREF. Most likely active since July 2020 and since July 2022, … Continue reading Trojanized Signal, Telegram apps found on Google Play, Samsung Galaxy Store
Signal claims they only know when users created their account and when users last connected to the server, but what about the message queue waiting for users devices to come online?
I don’t know how Signal Protocol works, but it must be ti… Continue reading How does Signal protocol work? Message queue is somehow disappeared after requested?
Say WhatsApp and Signal on Android devices, how do they keep the E2EE not be broken?
Some answers claimed that WhatsApp uses VoIP background mode on iOS to make the push notification invoke the app to decrypt the message and send a local n… Continue reading How do end-to-end encryption (E2EE) IM apps implementing push notifications? [duplicate]
Researchers have developed a new technique to better detect extraterrestrial radio signals by weeding out the interference caused by Earth-based devices. It’s hoped that the technique will lead to the discovery of the first evidence of life outside our… Continue reading New technique will more accurately detect ET’s signals from space
I am a front-end developer with little experience in infosec and there is a popular tutorial by Rob Braxman you can view here:
https://rumble.com/v24xdb9-session-private-messenger-really-understands-privacy.html
regarding monitoring sessio… Continue reading Can session traffic be monitored on Signal? [closed]