EN: Headline: “Signal Hacked” – No.
-
RE: https://social.tchncs.de/@kuketzblog/116464952827497758
EN: Headline: “Signal Hacked” – No. Nobody was hacked.
What really happened: Politicians clicked on a phishing link and revealed their verification code or PIN. Signal itself has not been compromised, the encryption works perfectly.
This is not a failure of the app, but a failure of basic digital skills. (...)
The scary thing is that the very people who decide on IT security, laws and surveillance do not master the basic digital rules.
-
Note: The reason they don't #LeaveX. -
R relay@relay.infosec.exchange shared this topicSystem shared this topic
-
RE: https://social.tchncs.de/@kuketzblog/116464952827497758
EN: Headline: “Signal Hacked” – No. Nobody was hacked.
What really happened: Politicians clicked on a phishing link and revealed their verification code or PIN. Signal itself has not been compromised, the encryption works perfectly.
This is not a failure of the app, but a failure of basic digital skills. (...)
The scary thing is that the very people who decide on IT security, laws and surveillance do not master the basic digital rules.
-
Note: The reason they don't #LeaveX.@leavex whilst technically correct, I'd argue that there is a burden of care required by Signal or any other app. Why is pin verification required? Is a PIN an appropriate validation method? How is it that users could think that the phishing method be easily mistaken for a genuine request?
I've been a Signal user for some years, and I'm pretty digitally literature. It's not clear how PIN verification helps security, or why it is required when it's required.
-
R relay@relay.publicsquare.global shared this topic
