Post AapAz8B1XP6RPj59VI by gsa@mastodon.social
(DIR) More posts by gsa@mastodon.social
(DIR) Post #AamUYwPGwrjGslZ4ca by adam@hax0rbana.social
2023-10-15T03:06:52Z
0 likes, 3 repeats
Word on the street is that there's a #Signal #0day out there.If you haven't already, disable generate link preview in Signal settings under chats.#SignalApp
(DIR) Post #AamV2PuILV7Em3897w by adam@hax0rbana.social
2023-10-15T03:12:14Z
0 likes, 0 repeats
And yes, link previews are on by default.I don't know why they thought that was a safe default. You'd have to ask the Signal Foundation about that.
(DIR) Post #AamVb1n40ERm74FfnM by apicultor@hachyderm.io
2023-10-15T03:18:30Z
0 likes, 0 repeats
@adam They are generated by the sender of the message and sent along with the message, if that makes any difference.
(DIR) Post #AamVskzTCeNTDnVbDE by wtwagg@mastodon.social
2023-10-15T03:21:33Z
0 likes, 0 repeats
@adam thanks for the heads up. I'm keeping the previews on for my limited risk but that's good to know about.
(DIR) Post #AamalLHWt9gfEOEuu0 by tkk13909@fosstodon.org
2023-10-15T04:16:24Z
0 likes, 0 repeats
@adam So does this mean it's just an issue if someone sends you a link?
(DIR) Post #Aamb5H9RxFdMDFxuuO by adam@hax0rbana.social
2023-10-15T04:20:02Z
0 likes, 0 repeats
@tkk13909I'm not sure but apparently the link preview thing doesn't just have a link in the message, the message contains the link and the content for the preview.So it seems that the attacker could send you the link and malicious preview and trigger a bug in the rendering code.I don't know the exact capabilities of this particular vulnerability, but it could potentially immediately delete the message/conversation so you don't see it.Not sure on any other mitigating factors.
(DIR) Post #AamcVh06ZPT1rlkrR2 by tkk13909@fosstodon.org
2023-10-15T04:36:00Z
0 likes, 0 repeats
@adam hmm... So it would have to be a pretty targeted attack then and I would still be able to see the "message was deleted by user" message, right?
(DIR) Post #AamieSqTAVDiIMoW1o by zl2tod@mastodon.online
2023-10-15T05:44:46Z
0 likes, 1 repeats
@adam It was at about the point where Signal started generating link previews that I started to think "I really don't trust this any more".
(DIR) Post #Aan4NluotCmI1FZIhM by davep@infosec.exchange
2023-10-15T09:48:18Z
0 likes, 0 repeats
@adam Any feedback on this, @Mer__edith ? 🙏
(DIR) Post #Aan6el8BG8DMPw2tZw by jwildeboer@social.wildeboer.net
2023-10-15T10:13:42Z
0 likes, 0 repeats
@adam I faintly remember I disabled that feature when it came out. Just checked to be sure — yes, it is disabled. Thanks for the heads up!
(DIR) Post #Aan6i23Eo3sblOIJYe by jantzen@mas.to
2023-10-15T10:14:23Z
0 likes, 0 repeats
@adam Google messenger uses the same protocol. I'd take the same precautions there.
(DIR) Post #Aan9RUWZzRpd0kp5tI by rom@social.lol
2023-10-15T10:44:59Z
0 likes, 0 repeats
@adam oh! Thanks for heads up
(DIR) Post #AanM9tGkYAP7wmMA6K by bontchev@infosec.exchange
2023-10-15T13:07:27Z
0 likes, 0 repeats
@adam It's a good idea to disable link previews in anything, not just in Signal.
(DIR) Post #AanNAoLESMtauLSKBM by jeromio@triangletoot.party
2023-10-15T13:18:50Z
0 likes, 0 repeats
@adam I've seen this a few times but no one, including this poster, provides a source. I can find no reference to this potential exploit anywhere 🙄
(DIR) Post #AanZmAw6byy59HHoMy by ElSupreme@mastodon.sdf.org
2023-10-15T15:39:24Z
0 likes, 0 repeats
@adamThat always seemed like a dodgy feature for a privacy based app. Something where the app automatically goes out to the web. Good way to blow a cover/privacy just having someone ping you.@briankrebs
(DIR) Post #AanarYbg8H7fxnrUa8 by PamelaBarroway@mstdn.social
2023-10-15T15:52:10Z
0 likes, 0 repeats
@adam Thanks!
(DIR) Post #Aanew6pDFdet44cOYK by scarfwitch@queer.garden
2023-10-15T16:37:49Z
0 likes, 0 repeats
@adam @terri I keep seeing reports of this with no known origin. 😒
(DIR) Post #AanggtDVlOGIQNr1jE by Ascendor@social.tchncs.de
2023-10-15T16:57:31Z
0 likes, 0 repeats
@adam is there a source/link about the issue?
(DIR) Post #AangjyZ4KxzjsYPRLc by adam@hax0rbana.social
2023-10-15T16:57:54Z
0 likes, 0 repeats
@tully Why would the link preview be safe if it came from the sender instead of the internet?The person sending the link is likely the attacker. Whether they're sending the recipient a link to a malicious payload or a link to malicious payload doesn't seem like it'd matter. At the end of the day, the preview rendering code is processing untrusted input.
(DIR) Post #AanhYLNLnhFl6ZwgAC by davep@infosec.exchange
2023-10-15T10:13:02Z
0 likes, 0 repeats
@adam @Mer__edith May be FUD.
(DIR) Post #Aank4IqOwodqQetuL2 by adam@hax0rbana.social
2023-10-15T17:35:24Z
0 likes, 0 repeats
@tkk13909 Yeah, it would be a targeted attack. It could attack groups via group messaging, but still targeted none-the-less.If an attacker gets arbitrary code execution, there's no guarantee that there would be any "message was deleted" placeholder left over.
(DIR) Post #Aankh84Sw55aJIzcw4 by tkk13909@fosstodon.org
2023-10-15T17:42:23Z
0 likes, 0 repeats
@adam Hmm
(DIR) Post #Aanm3bmVFp34mQsF9c by SnorriSturluson@social.tchncs.de
2023-10-15T17:57:39Z
0 likes, 0 repeats
@adam is there any source for this information?
(DIR) Post #AanmiJLqgHRbUfob1k by tessarakt@mastodon.social
2023-10-15T18:05:00Z
0 likes, 0 repeats
@adam Android? Windows? Anything?
(DIR) Post #Aann4PbU7FyvFtfQbQ by tessarakt@mastodon.social
2023-10-15T18:09:01Z
0 likes, 0 repeats
@adam That setting applies to messages to be sent. So _I_ would have to write a message with a link to a website that has this exploit?
(DIR) Post #Aany4pF3tNuIGcZwki by mbootsman@toot.re
2023-10-15T20:12:16Z
0 likes, 0 repeats
@adam any news about this @signalapp?
(DIR) Post #AanyMMo4LwmnHyJkjQ by chris@mstdn.games
2023-10-15T20:15:29Z
0 likes, 0 repeats
@adam thanks for the heads-up.
(DIR) Post #AanzITOS1O8KVt2fWS by Rainer_Rehak@mastodon.bits-und-baeume.org
2023-10-15T20:25:59Z
0 likes, 0 repeats
@adam Why should we believe you and what are the reasons you are believing the word in the streets? Thx
(DIR) Post #AanzKrUFPgi1oitO6a by Rainer_Rehak@mastodon.bits-und-baeume.org
2023-10-15T20:26:29Z
0 likes, 0 repeats
@adam This is the process, seems okay to me: https://signal.org/blog/i-link-therefore-i-am/
(DIR) Post #AaomoaeBU0Zi1zLTKi by stacksize@mastodon.social
2023-10-16T05:40:47Z
0 likes, 0 repeats
@adam "PSA: we have seen the vague viral reports alleging a Signal 0-day vulnerability.After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels."https://twitter.com/signalapp/status/1713789255359619171
(DIR) Post #AaounJ3uB5umprH6lU by kahomono@libranet.de
2023-10-15T05:17:47Z
0 likes, 0 repeats
@adam erm, my desktop Signal has that greyed outEDIT: nm, once I disabled it on my primary phone it's off in the desktop too.
(DIR) Post #AaounJtf4fJbQNURRA by 8petros@petroskowo.pl
2023-10-16T07:05:27Z
0 likes, 0 repeats
You set it on the phone.
(DIR) Post #Aap02827xpjakGKYUK by zalintyre@chaos.social
2023-10-16T08:08:56Z
0 likes, 0 repeats
@adam https://www.bleepingcomputer.com/news/security/signal-says-there-is-no-evidence-rumored-zero-day-bug-is-real/
(DIR) Post #Aap3CjUbqU0XgKOudk by karussell@chaos.social
2023-10-16T08:44:30Z
0 likes, 0 repeats
@adam your source should report it:https://twitter.com/signalapp/status/1713789255359619171
(DIR) Post #AapAz8B1XP6RPj59VI by gsa@mastodon.social
2023-10-16T10:11:35Z
0 likes, 0 repeats
@adam @shalf source: (none)
(DIR) Post #AapMKemOcE386g1tS4 by kahomono@libranet.de
2023-10-16T11:32:15Z
1 likes, 0 repeats
@adamhttps://www.bleepingcomputer.com/news/security/signal-says-there-is-no-evidence-rumored-zero-day-bug-is-real/