They sound staggeringly incompetent. And anyone who bought their software without any investigation into its quality also sounds staggeringly incompetent.
How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes
Submitted 2 weeks ago by jeffw@lemmy.world to technology@lemmy.world
https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/
Comments
floofloof@lemmy.ca 2 weeks ago
Lost_My_Mind@lemmy.world 2 weeks ago
In the 1980s the trend of the day was patriotism.
In the 1990s the trend of the day was being a rebel.
In the 2000s, there started to become a divide on what the trend ofthe day was. You were either pro patriotism/pro war…or, you were anti war/pro protesting. At least in the USA.
2010s the trend of the day was culture wars and division.
2020s, the trend of the day seems to be batshit lunacy and mindnumbing stupidity.
It’s 2025. We have 5 more years to go. And with trump having 4 more of those years, I expect no change there.
God I hope the 2030s bring some kind of sanity, unity, and enlightenment.
Or, barring that, I’d also settle for UFOs visiting earth and allowing humans to leave earth. I mean seriously. How bad could other planets be, right? I mean their species is clearly more advanced then ours. I figure humans had their shot. Now I’ll roll the dice and give these grey guys a shot, right? What could POSSIBLY go wrong?
And hey, if they’re the anal probe kind of aliens, that’s just a bonus…uhhhh…I mean…what? No no, I didn’t say that. I’m just some random straight dude looking to leave this planet with some grey dudes I just met.
pineapplelover@lemm.ee 2 weeks ago
Not to mention TeleMessage violated the terms of the GPL. Signal is under gpl and I can’t find TeleMessage’s code anywhere.
Edit: it appears it is online somewhere just not in a github repo or anything
echodot@feddit.uk 2 weeks ago
I’m pretty sure that the licence also requires that you link to the source code you can’t just have it up “somewhere” and just expect people to find it.
Kazumara@discuss.tchncs.de 2 weeks ago
Yep. Relevant sentence bolded by me below
6d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements.
pineapplelover@lemm.ee 2 weeks ago
“yeah my code is open source, it’s somewhere on this site I’m just not gonna tell you where it is.”
Revan343@lemmy.ca 2 weeks ago
The requirement in the licence is that the source code or a link to it is distributed along with the binaries
Kazumara@discuss.tchncs.de 2 weeks ago
violated the terms of the GPL
Well we don’t know that, the terms say that you need to make the source available to people who got the binary. Either ship them together or ship a written offer for obtaining the source with the binary. You do not have to make the source available to the public (but any of your customers could).
To verify your claim we would have to get the binary from them, and check if source or an offer for it was included.
Ulrich@feddit.org 2 weeks ago
works in almost exactly the same way as Signal, except that it also archives copies of all the messages passing through it, shattering all of its security guarantees.
Pretty sure Signal does that as well, which is not a security issue.
disguy_ovahea@lemmy.world 2 weeks ago
Signal uses end-to-end encryption (E2EE). The only copies of messages are on the sender’s and recipient’s devices.
Ulrich@feddit.org 2 weeks ago
Copies of messages are also known as archives.
tfm@europe.pub 2 weeks ago
Good that the most powerful people in the world use it then
JuryNow@lemmy.world 2 weeks ago
getting hacked in just 20 minutes due to a basic misconfiguration is alarming!
x00z@lemmy.world 2 weeks ago
But not surprising.
NotSteve_@lemmy.ca 2 weeks ago
Botzo@lemmy.world 2 weeks ago
Here’s a link to the original article (from the same author) on the platform you should actually subscribe to.
www.404media.co/the-signal-clone-the-trump-admin-…
treadful@lemmy.zip 2 weeks ago
The Wired article is not based on the 404 article. This one goes into detail about the mechanics of the hack.
OsrsNeedsF2P@lemmy.ml 2 weeks ago
Non-paywall: archive.is/qwonI
BeatTakeshi@lemmy.world 2 weeks ago
How is archive working in general? Did you create this copy benevolently because you are a subscriber, or did someone else do it? How do you find such link then? Thanks
fmstrat@lemmy.nowsci.com 2 weeks ago
Big 404 fan, but “original” is misleading. “First article on this topic” is more accurate. OPs link is arguably more interesting.
Botzo@lemmy.world 2 weeks ago
You might enjoy the full blog post from the author:
micahflee.com/despite-misleading-marketing-israel…
dantheclamman@lemmy.world 2 weeks ago
404 has a partnership with Wired. They are both great publications; I subscribe to both. So reading this work on Wired supports 404
www.404media.co/404-media-is-partnering-with-wire…