mastodon.sdf.org is part of the decentralized social network powered by Mastodon.
"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko

Administered by:

Server stats:

2.3K
active users

Learn more

There's a "Signal deanonymized" thing going around:
gist.github.com/hackermondev/4

Stay calm. Deep breaths.

👉 while this is a real consideration, the only thing the attacker gets from this is a very rough (kilometers or tens of kilometers radius) location

👉 other communication platforms that use any kind of caching CDN to deliver attachments are just as affected

👉 you almost certainly should continue to use Signal, unless you specifically know that this is a big problem for you.

#Signal #InfoSec

Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platformGist
pkprotoplasm

@rysiek if I had a nickel for every write up I’ve read from a “15 year old who hacks big companies and builds cool stuff” that turns out to be a CVSS of √-1

@pkprotoplasm well, I disagree. This is a solid write-up and the issue *can* put (very specific) people (doing very specific things) in danger.

It's just much less of an issue that clickbaity headline and somewhat sensational claims could lead people to believe.

@rysiek Apologies, this was more a commentary on the youthful perspective’s “imaginary severity” (the 250+ km radius isn’t practically actionable in any realistic case) and not the quality of the explanations. I agree he’s a smart kid but there’s just no measurable risk there.