076萌SNS
  • Login

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Untitled attachment

Download link

Notices where this attachment appears

  1. theruran 🌐🏴 (theruran@hackers.town)'s status on Thursday, 12-Jan-2023 03:27:20 JST theruran 🌐🏴 theruran 🌐🏴

    #Threema encrypted messenger got rekt:

    In our work, we present seven attacks against the cryptographic protocols used by Threema, in three distinct threat models. All the attacks are accompanied by proof-of-concept implementations that demonstrate their feasibility in practice.

    https://breakingthe3ma.app/
    archived at: https://web.archive.org/web/20230111141555/https://breakingthe3ma.app/

    In the event an ephemeral key is exposed even once, an attacker can permanently impersonate the client to the server and then obtain all metadata in all E2EE messages. This is a remarkable shortcoming because ephemeral keys should never be able to authenticate a user. With Threema, leaking of an ephemeral key has the same effect as leaking a long-term key.

    reported by: https://arstechnica.com/information-technology/2023/01/messenger-billed-as-better-than-signal-is-riddled-with-vulnerabilities/

    #infosec

    In conversation Thursday, 12-Jan-2023 03:27:20 JST from hackers.town permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

076萌SNS is a social network, courtesy of 076. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All 076萌SNS content and data are available under the Creative Commons Attribution 3.0 license.