this post was submitted on 03 Sep 2022
25 points (100.0% liked)

Security

5010 readers
1 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS
25
submitted 2 years ago* (last edited 2 years ago) by jonesv@lemmy.ml to c/security@lemmy.ml
 

Users of the Signal messaging app got hit by a hacker attack. We analyze what happened and why the attack demonstrates that Signal is reliable.

you are viewing a single comment's thread
view the rest of the comments
[–] cypherpunks@lemmy.ml 12 points 2 years ago (2 children)

so... a bunch of twilio employees had (and still have) exactly the capability that the attackers gained with this phishing attack. As do employees of Signal, Amazon, and various telecom companies, not to mention governments.

"Secure messenger" and "requires a telephone number" are not compatible concepts.

[–] jonesv@lemmy.ml 9 points 2 years ago

“Secure messenger” and “requires a telephone number” are not compatible concepts.

Following that logic, could we say that "secure messenger" and "requires a computer" are not compatible concepts, because the computer could be compromised? I mean, in the Twilio situation above, users got informed that the conversation key had changed (suggesting that they should verify the keys again if it matters to them). Now if your phone is compromised, you're screwed, whether or not your secure messenger requires a telephone number.