Before anyone freaks out about "efail", realize that using it would be: 1) extremely easy to detect 2) archived in your target's email As an attacker, I could not care less about this technique. It's intellectually neat, but operationally stupid. https://efail.de/efail-attack-paper.pdf …
-
-
I don’t know the details, but this disclosure has dragged on for weeks. I’m pretty sure major mail client vendors were in the loop. Why they haven’t patched, IDK.
-
I mean, even if Google surveyed all of Gmail for indicators of exploitation I'm pretty sure they'd find none. An attack that leaves the exploit payload in your target's inbox but does not provide code execution to clean it up is pretty useless IMHO.
- 1 more reply
New conversation -
-
-
Please no. That would be out of the frying pan, but into the fire.https://twitter.com/ortegaalfredo/status/995912662130229248?s=20 …
-
I think you’re confusing one bug with an architectural failure. I’d like it too if Signal completely ditched Desktop, but it’s miles and miles ahead of email even with it. Empheral communication and minimized metadata are huge wins for Signal.
-
I like that about signal, and really dislike PGP's failings. But most use them for different tasks. Signal largely does not attempt to meet the desktop messaging need, (e.g. send files) and its desktop version's recent bugs show it's traded one architectural dumpster for another
End of conversation
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
unless you don't want to be identified by a phone plan that you pay for, then you can't use Signal
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Signal may be practical and all, but it remains a US-based company that locks in it's users. Also, recommending signal but not signal desktop pushes users to rely on their smartphone for private communications. Since phones are inherently less secure, that may be a bad move.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.