- cross-posted to:
- TooDumbToImagine@europe.pub
- news@hexbear.net
- news@lemmy.world
- cross-posted to:
- TooDumbToImagine@europe.pub
- news@hexbear.net
- news@lemmy.world
You must log in or # to comment.
Just remember, no matter what way they spin this, they chose to ignore national security protocols and went out of their way to use an unsecure messaging app. That’s the real story. The witch hunt they’re undoubtedly going to go on is a perfect opportunity to redirect the public, save face, and further erode our freedoms.
You know, SOP for the whole Trump regime…
Something something Hillary Clinton email servers
Buttery Males
Yes, HRC was also completely incompetent.
Do libs think this is some kind of own?
That they do exactly what they complain about because they a hypocritical? I mean, if you don’t have shame… it isn’t an own.
Actually, I’m more surprised people continue to believe the ‘end to end’ claims of these companies.
Signal makes it believable by providing source code and reproducible builds. It doesn’t rule out the possibility that they’ve done something clever with the random number generator, or have the app store you use give you a compromised app, or provide any protection against endpoint compromise, but it’s about as good as you can get.
Third party apps derived from theirs, which explicitly promise to log all your messages to a server somewhere, like TeleMessage, are, for obvious reasons, far less trustworthy.
well they’ve also had great peer code reviews, and the reproducible builds lets you know they’re not putting a different version on the app store….
Question: how can they even claim it’s e2ee if they also claim to log all the messages? Or is the claim that they log the messages in encrypted form? In which case any client(s) with the only copy of the keys could delete them, making the logs useless.
how can they even claim it’s e2ee if they also claim to log all the messages?
Who are the various "they"s in that question?
Signal claims that if you use the Signal app, it’s end-to-end encrypted. The Trump admin was using an unofficial Signal-compatible app TM SGNL which probably didn’t make those claims. And, Signal definitely never claimed that TM SGNL was end-to-end encrypted. In fact, it’s likely TeleMessage violated the copyrights and trademarks belonging to Signal with their app.
But, in the end, the messages were still technically end-to-end encrypted. It’s just that as soon as the messages arrived at one of those ends, they were sent to TeleMessage who archived them unencrypted in AWS. It’s still end-to-end encrypted, it’s just that one of those ends is incredibly leaky.
unencrypted in AWS
oh… mygod.
Yeah. The level of incompetence is impressive. Full data and metadata for all customers all dumped together in one datastore, stored in the clear in AWS.
“The data includes apparent message contents; the names and contact information for government officials; usernames and passwords for TeleMessage’s backend panel; and indications of what agencies and companies might be TeleMessage customers.”
…
"The server that the hacker compromised is hosted on Amazon AWS’s cloud infrastructure in Northern Virginia."
…
"“If I could have found this in less than 30 minutes then anybody else could too. And who knows how long it’s been vulnerable?” the hacker said. "
"I’ll just put this together as proof of concept. I’ll look at security later.
Okay great, it works, now no need to ever touch it again."
Even with e2e security there is 2 e’s that can get compromised, their use of a altered version of the app on one end is enough to cancel out the whole encryption part it, also on the other end.
But in this case it’s like they have a lock for their garage door that is different from the lock on their car so they can’t steal the car when somebody steals the key to the garage door, but then think they can leave the keys in the lock because there is a lock (encryption) on the doors.
Also, the reason we know about it is because Mike Waltz invited a journalist to a group chat.
a snowball of stupidity if you will. Let’s see how big it grows… looks like it picked up momentum and size now with TG Signal hacked 🤡 ☃️
If leaking info to zios is unsecure, USA has much bigger problems.
It’s weird knowing Putin pays people to spew the same propaganda you regurgitate for free.
Wow. It’s almost like there is a reason that all those annoying OPSEC procedures exist.
Me(deadpan) : Wow, that is surprising.
Daily reminder that end to end encryption only works when both ends are secure
Does that include making sure the people using it are not morons
Also reminder, the greatest security vulnerability in every peice of software is the end user
While I agree that social engineering and phishing are a major part of security vulnerabilities, let‘s not diminish the shoddy coding work of many companies out there that try to safe as much money as possible to please their shareholders by leaving out QA and ignoring or even threatening security researchers.
We have forked off from the darkest timeline into its stupidest.
I like that your optimism separated the two
Well it’s a fork. So it’s technically got all of the darkest timeline up to the point they added the extreme stupidity patch.
There will be a merge PR soon enough.
The fact that we have incompetent evil instead of competent evil is what keeps me getting up to face the day in the morning. These guys having an IQ that could freeze nitrogen means that we, the people, have a slim chance to avoid total annihilation. It could be very much worse than it is.
This way adds the additional danger vector of traumatic brain injury due to repeated and forceful facepalming, but I’d rather that over intelligent evil in the white house. The one saving grace of Trump & Co is that they’re all dumb as a box of rocks and are incapable of flexing their power fully. I’m upset that the president of the USA is retarded, but I’m thankful that this president in particular is the retarded one.
Let’s put them back together:
“Like Idiocracy, only less fun”
For now, until they pull request it back to the dark timeline
Changes Requested
I think the darkest timeline and the stupidest merged into one. We get both.
But her emails!
Buttery Males!
You just have to assume that china and the blyats have all our shit.
That was a given when he kept boxes of top secret material in his bathroom.
Or when he was showing off docs at mar-a-fucko parties.
This was literally a zio project but somehow libs blame china. smh.
So we’re thinking hackers from other countries saw an opportunity but noticed it was ZIO so they backed off? Phew, that’s a relief.
Hopefully someone releases all their messages to throw more shit in their faces. Overwhelm them with bullshit just like they did to everything
So release the messages. Not that it matters what they said, absolutely nothing will happen except clicks for whoever reports on it.
You can be horrified by the lack of security and its implications, or you can rejoice in the rampant stupidity that will be on display when the leaks begin.
Emojis, ALL CAPS, general cluelessness, the JD Vance “I don’t know about this, but whatever” comments.
Cool, cool, cool, cool, cool, cool, cool, cool, cool…
Who could have seen this coming /s
These goddamned idiots are going to get at least one supercarrier sunk. At least one.
Funny how the USA went nuts and strong-armed other Western nations to outright ban Chinese hardware and companies due to “security concerns.” Yet allowed using a fork of Signal from a foreign nation, and those concerns were nowhere to be found. IOF is already known to be on par (if not better) with the USA in spying on and creating false flags globally. Yet the highest office chose to use it anyway. Which is beyond stupid given that a fork could have been made and ran by a USA company (or the NSA or whichever three letter agency) specifically for the same use. Hell those agencies already are and have been heavily funding the Signal Foundation.
The concerns are big enough that Waltz is being shunted off to the UN instead of being allowed to stay where he is.
Yet the highest office chose to use it anyway. Which is beyond stupid
Or they don’t care because that office is for show and they are kept out of the loop like Musk at SpaceX.
Sign up for free access to this post
Any copy of the article that doesn’t want my personal info?
