this post was submitted on 17 Oct 2023
54 points (100.0% liked)

Technology

37712 readers
168 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
top 10 comments
sorted by: hot top controversial new old
[–] otter@lemmy.ca 39 points 1 year ago (1 children)

TLDR: Person posted about a tip, Signal investigated, turns out claim was unfounded and person took down post and apologized.

Issue was thought to be with the link previews


The rumors about an unknown vulnerability impacting Signal started when certain users on X, including @gaughen, posted about it, claiming that he had received a tip on its existence. Other sources pointed to U.S. Cyber Command as being the original source of the zero-day without providing any evidence.

Gaughen’s post on X claimed that the vulnerability related to the ‘Generate link previews’ feature, accessible through Settings → Chat, suggesting that everyone disables it to prevent becoming a victim. However, no further details about the alleged flaw, or other information about its exploitation were provided in that post.

Signal says claims unfounded

In a public service announcement published on X earlier today, Signal informed its userbase that after investigating the unfounded claims, it has found no actual information or evidence proving the existence of a zero-day relating to ‘Generate link previews.’

The platform also contacted people from USCYBERCOM, which was rumored to have more info on the subject, and received assurances that the agency holds no such info. Signal’s president, Meredith Whittaker, even went as far as characterizing the report as a typical example of a disinformation campaign, being purposefully vague while carrying enough clues to go viral.

Today, Gaughen deleted his original tweet about the zero-day vulnerability and posted an apology to his followers, saying that “the information he had been given earlier was false,” and there’s no zero-day on Signal relating to link previews.

[–] enkiusz@is-a.cat 4 points 1 year ago

@otter @hedge psyop against signal

[–] DeltaTangoLima@reddrefuge.com 32 points 1 year ago (1 children)

Today, Gaughen deleted his original tweet about the zero-day vulnerability and posted an apology to his followers, saying that “the information he had been given earlier was false,” and there’s no zero-day on Signal relating to link previews.

And, yet, they still lead with the clickbait headline "denies existence". Dickhead move.

[–] unix_joe@lemmy.sdf.org 8 points 1 year ago* (last edited 1 year ago)

There is an entire industry of shady companies who make tens of millions per by selling dogshit "secure comms" products to barely literate and computer illiterate LtCols and procurement officers in the US Government.

Those officers are close to retirement and by regurgitating big words they do not understand while still in their procurement positions, they can land a job at said company and receive some of those funds once they hit minimum retirement age and wait a year.

Signal is free and disruptive to those business models.

Ergo the misinformation campaign, the FUD, is well funded, by people who have a lot to lose.

[–] abhibeckert@beehaw.org 15 points 1 year ago

The title should be "the person who reported a vulnerability denies it's existence."

This remind me of the article a while back that eluded to get the "fact" that Signal isn't as private as people think, then went on to "prove" that by saying that "an attacker" can see your private messages on Signal private messenger with little to no effort............................ if they had unlocked physical access to your phone. Yeah. No shit. This "attacker" will have access to everything else, too, since the phone is unlocked and in their hands. Stupid disinformation against Signal is unrelenting. I'm really glad that you changed your post title, OP. Thank you for looking out.

[–] hedge@beehaw.org 3 points 1 year ago (2 children)

Wishing I hadn't posted this now 🙁

[–] ted@beehaw.org 7 points 1 year ago (1 children)

You can edit the title. Maybe

Signal fights disinformation about fake zero-day vulnerability

[–] hedge@beehaw.org 3 points 1 year ago

Nah. It's important to share, but with proper title, like the one you edited. Thanks!