Tag Archives: signal

Signal App TLS proxy vulnerabilities are exposed by researchers, Signal bans them | Instant News


The Iranian government recently blocked Signal due to censorship issues, which is a known messaging platform that pioneered end-to-end encryption.

(Photo: Youtube video screenshot of Tech Crunch)

Original reporter helical gear, The messaging application has recommended TLS proxy for its Iranian users to bypass censorship and privacy restrictions. However, many researchers have intervened in this process and managed to find vulnerabilities in their work that may allow government officials to access the Signal TLS proxy, thereby removing the protection.

Researchers who discovered vulnerabilities through Signal’s Github repository recorded their reports.On the other hand, messaging apps banned by the Iranian government are seen as a potential tool to suppress users in the regime

How should signal TLS proxy bypass government censorship

They are already Blog The title on the official website is “Helping users in Iran reconnect to Signal”. The solution details another way to bypass Iran’s censorship system.

Proxies accessible through GitHub repositories can help users get rid of government attention. Users will execute some commands, manage proxies, and participate in #IRanASignalProxy tweets.

Researchers found vulnerabilities and released them publicly

according to Beep computer, Two researchers named DuckSoft with Student foundation Several vulnerabilities have been reported that could allow government agencies to track Signal agents. It can now be easily checked by reverse engineering user traffic or simply blocking all detected proxies.

The flaw can be seen in the structure of the SS/TLS tunnel, which discloses the IP address and the plain text information in the SNI field. The researcher told us in an interview with Bleeping Computer, “You only need the domain name of the server to connect to the signal proxy.”

They added: “From the inspector’s point of view, when the traffic of the proxy server passes through, the visible information is the IP and the plaintext server name indication (SNI) in TLS ClientHello, which correspond exactly to the server’s domain name.”

In addition, the researchers have published evidence of their hypothesis and proposed a patch that Signal can use to fix the defect.

read more: Signal application owner: who is Moxie Marlinspike in his country of origin, and his views on end-to-end encryption

“If it is a signaling agent, the agent will be blocked immediately, and because the authorities have the ability to track everyone’s network logs, some bad things may happen to people who repressively access the agent.” added.

Researchers were asked why they made it public instead of using the usual public methods. According to them, there are two reasons why they went public.

“It is well known that the efficiency of signal processing email is very low, such as Frolov. Secondly, TLS proxies are new. We think they can be stopped before widespread deployment. It took us about 1 hour to complete the report and PoC, and after about Only a few hours after the signal is submitted,” they said.

They added: “Iranians can’t wait for a few months. It would be the best plan to immediately abandon this easily detectable TLS proxy.”

Researcher is banned from GitHub repository

Signal’s founder Moxie Marlinspike said that due to the large number of reports received every day, reports such as researchers’ concerns have not received attention. Therefore, they must be handled accordingly.

When BleepingComputer asked why the researchers’ concerns were not answered, Marlinspike told BleepingComputer that Signal had received a large number of such reports, so the issues must be prioritized.

However, shortly after the researchers dispelled their doubts, they were deleted from the repository. The archived issue page has also been removed from GitHub and now displays as a 404 error message.

According to Signal, due to rude comments and inappropriate statements made by the researchers, they were deleted and these comments were transferred to volunteers. Signal hinted that this violated the company’s code of conduct.

The researchers responded to this question, stating that “they claim to help people with censorship, but in turn they censor the whistleblower.”

For others, Signal’s move to remove public positions is just a precautionary measure while also taking steps to investigate better solutions. Moreover, they don’t want to raise opponents while trying to solve the problem.

related articles: Michigan State Police denies that using end-to-end encryption violates FOIA

This article is owned by Techtimes

Written by Nikki D






Ⓒ2018 TECHTIMES.com reserves all rights. Do not copy without permission.

.



image source

Covid 19 coronavirus: Tourists will not be allowed into Australia without a vaccination certificate, signals the minister | Instant News


Travel

Ground staff with PPE welcoming passengers disembarking from their flights at Sydney Airport on 10 October 2020. Photo / Provided

Vaccination certificates “very likely” will be required for international travel, the Federal Minister for Australian Government Services said today.

“There are still a number of decisions to be made by the government, it is very likely that a certificate will be required for international visitors to Australia and we will continue to work with our international partners on our framework for vaccination certificates,” said Stuart Robert.

“Australians can have the assurance that the certificate they are going to have will be strong, it will stick with them, so they will know it is their certificate, and it will be widely accepted.”

He did not confirm, however, whether it would lead to faster opening of international borders, saying he would leave “any comments” to Prime Minister Scott Morrison.

“But any requirement to open borders will require vaccination and that will require widespread use of certificates and that is what we are talking about today,” added Robert.

“Australians can be very confident that their digital or paper-based certificates will be strong.”

.



image source

Michigan State Police denies that using end-to-end encryption of signals violates FOIA | Instant News


The Michigan State Police recently confirmed that it uses Signal and applications supported by end-to-end encryption on calls made in its state. However, they denied that the use of secure encryption violated FOIA or freedom of information laws.

(Photo: Screenshot of Youtube video of NJ Spotlight News)

Such as Detroit Fox First, Lieutenant Colonel Matt Williams explained to the Senate Subcommittee that the department is currently reviewing the use of the Signal App. However, he explained that in the use of Signal, the application was neither banned nor sanctioned.

End-to-end encrypted application signal exceeds state server

Since text messages sent using this system will bypass the state server, the use of end-to-end encryption has caused many controversies. Moreover, once these messages are deleted, they cannot be retrieved. On the other hand, even if deleted from the user’s phone, regular text messages will still be recorded.

Even Signal declared on its official website: “We can’t read your messages or listen to your calls, neither can anyone else.” Signal app owner Moxie Marlinspike Acknowledge that using end-to-end encryption can be used for different purposes, good or bad. However, its meaning is still under observation.

The Michigan State Police initially refused to use the Signal App and later confirmed

The use of the app was first reported on January 22 last year Detroit Free Press. According to the report, these observations occurred after the state police handled the civil lawsuit. In addition, they declined to comment on the allegations of using the app. However, lawyer James Fett has sent screenshots of about 18 officials using Signal to the Detroit Free Press.

read more: The British government wants to visit WhatsApp: “Terrorists should have nowhere to hide”

To make things more compelling, MSP first admitted that its department head, Col. Joseph Gasper, used the application. However, they later denied this request in a correction document submitted to the Attorney General’s Office. As stated in the claim, Gaspar did not download the Signal application on the phone.

The Signal App has been downloaded on the personal phone of the State Police, but not on the State Phone

In addition, Gaspar was reportedly unable to attend the court hearing. Williams told the latest news from the Senate Appropriations Subcommittee to try to shed light on this confusing issue. According to him, Gaspar did not download the signal app on nationally issued phones. However, he downloaded the app on his mobile phone.

Currently, Williams pointed out that he cannot provide the exact number of MSP members using the Signal app. However, he agreed to provide the information to the subcommittee after obtaining the final list. Williams denied that they violated the Freedom of Information Act because all police officers are responsible for complying with this law.

Williams believes that the proper use of signals in state-approved duties is still under review.

related articles: Google Duo video call application has end-to-end encryption, WebRTC and other functions, which can make video calls easily and reliably

This article is owned by Techtimes

Written by Nikki D








Ⓒ2018 TECHTIMES.com reserves all rights. Do not copy without permission.

.



image source

Signal VS. Telegram and WhatsApp: Which one is more secure?This is their safety feature | Instant News


Telegram, Signal and WhatsApp are currently confusing people because they don’t know who can provide a more secure service. Some people prefer to use Signal because Elon Musk previously suggested on Twitter, while others are using Telegram.

(Photo: Justin Sullivan/Getty Images Photography)
Cupertino, CA-September 10: The new iPhone 5S with fingerprint technology is displayed during Apple product announcements at the Apple campus on September 10, 2013 in Cupertino, California. The company released a new iPhone 5C model, which will run iOS 7. The model is made of hard-coated polycarbonate and comes in various colors, while the iPhone 5S has fingerprint recognition security.

Please also read: iOS 14’s new BlastDoor messaging app security may prevent hackers from brute force attacks

But which one is better than the other? To help you further, each of their security features is provided here so that you know which one is more suitable for your daily life and protect your sensitive data.

according to The internetAccording to the latest report, Signal is currently the best application that can protect your conversations and protect your sensitive data. why? Because it uses a security function called end-to-end encryption or E2E encryption.

Why signal is one of the best

Due to the use of E2E encryption, experts currently recommend using Signal as a means of communication for people. Elon Musk also highly recommend it. He even posted a tweet to promote the app.

If you have not used Signal, Signal is a typical one-click installation application, which can be installed from Apple’s App Store and Google’s Play Store. It works on the same principle as the usual SMS application.

One of Signal’s greatest security features is that it can send fully encrypted video, audio, pictures and text messages. This means that employees of the company cannot see the conversation at the end of the sender and receiver accounts. This is another function of Signal.

  • Free, no ads, funded by the non-profit organization Signal Foundation
  • No data collected, only your phone number
  • Encryption: signal protocol
  • Fully open source

However, if you still want to try the remaining two apps, you can compare them to Signal.

Security features of WhatsApp and Telegram

telegraph

Many employees in many companies around the world still use Telegram. If you compare it to the other two messaging applications, security experts explain that it is somewhere in between. It can collect your IP address, which is not done by Signal. Telegram does not yet provide E2E encryption, which is the most important feature of a complete security application. In order to bring you more ideas, the following are its main functions;

  • Free, upcoming advertising platform and advanced features, mainly funded by the founders
  • Link to your data: name, phone number, contact person, user ID
  • Encryption: MTProto
  • Only partially open source

WhatsApp

Compared with the other two applications mentioned above, WhatsApp is less secure. Since it released a new user data sharing strategy, some users have uninstalled it. why? Because the Facebook-owned application now requires its users to allow it to share their sensitive information with FB. Although it has the same encryption protocol as Signal, its version is one of the few open source parts of the platform. If you want to know how insecure it is, Jeff Bezos’s smartphone was previously hacked for his WhatsApp account. This is the application function you need to check;

Unable to determine whether to use WhatsApp, Telegram or Signal?The following are their functions and the most suitable functions

(Photo: Kevin Frayer/Getty Images Photography)
Beijing, China-November 27: Chinese boys look at their smartphones in front of their house next to the coal-fired power plant on November 27, 2015 in the suburbs of Beijing, China. The Chinese government set 2030 as the deadline for carbon dioxide emissions to peak. Scientists and environmentalists believe that this is the main cause of climate change. At the upcoming Paris meeting, the governments of 196 countries around the world will meet to determine emission reduction targets, with a view to reaching a new global agreement on climate change.

  • Free; free commercial version funded by Facebook
  • Not open source, except for encryption
  • Data linked to you: too much content to list (see below)
  • Encryption: signal protocol

What to look for in a secure app

Android developersThe previous report explained that application creators should consider certain factors to make secure applications. If users want secure applications, they should also look for these features. This is the exact function you need to look for;

  • Technologies such as ASLR, NX, ProPolice, safe_iop, OpenBSD dlmalloc, OpenBSD calloc and Linux mmap_min_addr can mitigate the risks associated with common memory management errors.
  • Encrypted file system can be enabled to protect data on lost or stolen devices.
  • The permissions granted by the user are used to restrict access to system functions and user data.
  • An application framework with reliable implementation of general security functions (such as encryption, permissions, and secure IPC).
  • The permissions defined by the application are used to control application data by application.
  • The Android application sandbox can isolate your application data and code execution from other applications.

For more news updates on other apps that can protect your sensitive information, please always open the tab here on TechTimes.

related articles: iOS 14’s new BlastDoor messaging app security may prevent hackers from brute force attacks

This article is owned by TechTimes.

author: Giuliano De Leon.





Ⓒ2018 TECHTIMES.com reserves all rights. Do not copy without permission.

.



image source

Telegram can easily switch from WhatsApp without losing any content-BGR | Instant News


  • Telegram updated its instant messaging app with a new mobile history tool, which allows WhatsApp users to migrate all their chat data between apps.
  • The update was made after Facebook’s controversial decision to modify the WhatsApp privacy policy, the social network can collect more user data from WhatsApp.
  • Millions of people have downloaded Signal and Telegram in response to privacy changes, and Telegram’s new features will make it easier for groups and families to leave WhatsApp without losing some of their favorite conversations.

A few weeks ago, Facebook notified WhatsApp users that a new privacy policy will take effect soon to allow WhatsApp to collect and share user data with its parent company. Facebook said the only way to opt-out of the feature is to log out using the app. This is what many WhatsApp users are starting to do. It seems impossible to leave WhatsApp, and unless you convince all your contacts to give up the service, you can replace the popular instant messaging app. Millions of people downloaded Signal and Telegram in response WhatsApp’s new privacy policy forced Facebook to defend its decision.

WhatsApp privacy changes have been delayed for three months, so WhatsApp users must agree to or change other content before May. Facebook insists that the privacy protection measures that WhatsApp users appreciate will not disappear. Chats and calls will continue to be encrypted end-to-end as before. But WhatsApp will still share user data with Facebook, which may be where all users need to find alternatives. While Facebook put out the fire, Signal and Telegram made it easier for users to abandon WhatsApp. Now, the latter allows you to also carry all chat data with you.

Today’s special Please buy the best-selling Powecom KN95 mask before it is sold out! price:$25.99 BGR can be obtained from Amazon, commission may be charged Buy now There may be commissions for available content from Amazon BGR

All three applications can run on iPhone and Android, and WhatsApp and Telegram also have desktop clients. All three applications provide rich chat features, so it is easy to adapt to any experience-Signal may lag behind the other two in terms of “interesting” features. All three apps also provide end-to-end encryption, but this time, Telegram stands out. Telegram does not enable end-to-end encryption for all chats, only encryption is enabled for secret conversations, which need to be enabled when needed. You just need to understand these before considering abandoning WhatsApp.

But Telegram seems really interested in stealing more WhatsApp users. The company just released an update that allows you to import all the WhatsApp chats you might wish to take with you. In this way, leaving the Facebook service may be easier said than done, not only for one person, but for all contacts.

If you think about it, this feature is actually excellent. A family or a group of friends can move to Telegram and chat with them. Likewise, you will not forget: By default, Telegram will not be end-to-end encrypted like WhatsApp, Signal and iMessage.

Telegram launched Mobile history tool On Thursday, live chat from WhatsApp to Telegram became very simple. The tool can also be used with other competing instant messaging services, but it is clear that Telegram is taking advantage of its strong opposition to WhatsApp here.

The company detailed its mobile history feature on its blog, including the steps required to transfer data on iPhone and Android. It’s all effortless, and everything happens on the device-that’s what you need to know.

  • To mobile chat from WhatsApp on iOS, open the “Contact Information” or “Group Information” page in WhatsApp, click “Export Chat”, and then select “Telegram” in the “Share” menu.
  • On Android, open WhatsApp chat, tap ⋮>More>Export Chat, and select Telegram in the sharing menu.

WhatsApp for iPhone also allows you to export chats from the chat list by swiping to the left and then selecting “Export Chat” in the menu.

Telegram will get all the information about the chat, including the original timestamp, so the conversation you want to save will remain there. The company also said that all members of the chat will see the message on Telegram. This will make switching from WhatsApp easier.

But remember, Telegram messages are not end-to-end encrypted. If you want this kind of security in your instant messaging tool, be prepared to enable it in every chat session, use Signal or continue to use WhatsApp.

Chris Smith started writing articles about gadgets as a hobby, and before he knew it, he was sharing his views on technical knowledge with readers around the world. Whenever he does not write about gadgets, despite his desperate attempts, he unfortunately cannot stay away from them. But this is not necessarily a bad thing.

.



image source