How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes
Technology
31
Beiträge
18
Kommentatoren
4
Aufrufe
-
Signal does not archive messages on server side
They weren't talking about the server:
This app...works in almost exactly the same way as Signal, except that it also archives copies of all the messages passing through it, shattering all of its security guarantees.
-
They weren't talking about the server:
This app...works in almost exactly the same way as Signal, except that it also archives copies of all the messages passing through it, shattering all of its security guarantees.
It's why Molly has local database encryption.
-
They weren't talking about the server:
This app...works in almost exactly the same way as Signal, except that it also archives copies of all the messages passing through it, shattering all of its security guarantees.
Later in the article, it talks specifically about the server-side archives being stored in plain text. That’s why the hacker was able to access messages. This isn’t about the local copies on phones.
-
It's why Molly has local database encryption.
That doesn't really do anything. Attackers need local access to the device to get the database itself. Chances are, they'll get the key right with it.
-
That doesn't really do anything. Attackers need local access to the device to get the database itself. Chances are, they'll get the key right with it.
Molly encrypts it using a passphrase instead of a locally stored key for exactly that reason.
-
Later in the article, it talks specifically about the server-side archives being stored in plain text. That’s why the hacker was able to access messages. This isn’t about the local copies on phones.
Yeah I didn't read past the misinformation
-
Yeah I didn't read past the misinformation
Kinda seems like you're the misinformation.
-
Yeah I didn't read past the misinformation
Maybe you should start reading up on stuff you don't know about before adding nonsense to internet threads.
-
Kinda seems like you're the misinformation.
You're confused, I am not the author of this article. I did not write the statement above, just copied and pasted it here.
-
Maybe you should start reading up on stuff you don't know about before adding nonsense to internet threads.
Don't know what you mean. I didn't add any "nonsense". Just a direct quote from the article in question.
-
This post did not contain any content.
How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes
The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration.
WIRED (www.wired.com)
-
You're confused, I am not the author of this article. I did not write the statement above, just copied and pasted it here.
I'm not confused, you're intentionally misreading what's happening for some reason.
"Passing through it" pretty clearly refers to the server as that's what was hacked into and had plain text archives.
You're hyper fixating on the fact that the article says "the app" when referring to both the phone and server pieces to try and argue... something.
-
I'm not confused, you're intentionally misreading what's happening for some reason.
"Passing through it" pretty clearly refers to the server as that's what was hacked into and had plain text archives.
You're hyper fixating on the fact that the article says "the app" when referring to both the phone and server pieces to try and argue... something.
You are confused. I'm not "intentionally misreading" anything, it was written incorrectly. I'm not trying to argue anything. I'm just reading the (wrong) words used in the article. When I come across a piece of misinformation, I don't continue reading in the hopes that they clear it up later, I write it off and close it.
Someone else cleared this up. There's no reason to continue arguing about it.
-
You are confused. I'm not "intentionally misreading" anything, it was written incorrectly. I'm not trying to argue anything. I'm just reading the (wrong) words used in the article. When I come across a piece of misinformation, I don't continue reading in the hopes that they clear it up later, I write it off and close it.
Someone else cleared this up. There's no reason to continue arguing about it.
I'm still not confused and you're still missing the forest for the trees because you don't like the common practice of including the server infrastructure when talking about apps.
There was a plaintext archive of messages on a remote server. That's a security problem no matter what point you're trying to make about the term app.
-
I'm still not confused and you're still missing the forest for the trees because you don't like the common practice of including the server infrastructure when talking about apps.
There was a plaintext archive of messages on a remote server. That's a security problem no matter what point you're trying to make about the term app.
I do like common terminology, that's the problem.
Once again, this has already been cleared up elsewhere. Since you seem intent on dragging this out for some reason, you're going to be blocked. Have a nice night.
-
This post did not contain any content.
How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes
The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration.
WIRED (www.wired.com)
They sound staggeringly incompetent. And anyone who bought their software without any investigation into its quality also sounds staggeringly incompetent. Apparently there's a lot of it going around.
-
Molly encrypts it using a passphrase instead of a locally stored key for exactly that reason.
The passphrase or the unencrypted database are still open in memory. Though that is, of course, a more complicated attack but they could simply read it through the app itself.
-
Maybe you should start reading up on stuff you don't know about before adding nonsense to internet threads.
This is now the third post in the last 24 hours where I stumble into a needlessly long thread because this user is completely obtuse and can't handle being wrong or a different opinion.
-
The passphrase or the unencrypted database are still open in memory. Though that is, of course, a more complicated attack but they could simply read it through the app itself.
You can set it to wipe them from memory on different conditions, including instantly if youre that paranoid, sure its still possible. Its an optional feature most people wont use, but its pretty well thought out.
-
They sound staggeringly incompetent. And anyone who bought their software without any investigation into its quality also sounds staggeringly incompetent. Apparently there's a lot of it going around.
In the 1980s the trend of the day was patriotism.
In the 1990s the trend of the day was being a rebel.
In the 2000s, there started to become a divide on what the trend ofthe day was. You were either pro patriotism/pro war.....or, you were anti war/pro protesting. At least in the USA.
2010s the trend of the day was culture wars and division.
2020s, the trend of the day seems to be batshit lunacy and mindnumbing stupidity.
It's 2025. We have 5 more years to go. And with trump having 4 more of those years, I expect no change there.
God I hope the 2030s bring some kind of sanity, unity, and enlightenment.
Or, barring that, I'd also settle for UFOs visiting earth and allowing humans to leave earth. I mean seriously. How bad could other planets be, right? I mean their species is clearly more advanced then ours. I figure humans had their shot. Now I'll roll the dice and give these grey guys a shot, right? What could POSSIBLY go wrong?
And hey, if they're the anal probe kind of aliens, that's just a bonus.....uhhhh......I mean......what? No no, I didn't say that. I'm just some random straight dude looking to leave this planet with some grey dudes I just met.
