Conversation

Notices

Embed this notice
Dave Mc (guigsy@mstdn.social)'s status on Wednesday, 26-Mar-2025 07:37:46 JST Dave Mc
- Kevin Beaumont
- Kim Zetter
@GossiTheDog @kimzetter but isn't that also pretty irrelevant in this case. It wouldn't have mattered how secure the communications channel was. The failure point was the human.

In conversation about 15 days ago from mstdn.social permalink
- Embed this notice
  Simonoid (simonoid@aus.social)'s status on Wednesday, 26-Mar-2025 08:03:27 JST Simonoid
  - Kevin Beaumont
  @GossiTheDog or. Crazy idea. Don't use public apps for top secret communications
  
  In conversation about 15 days ago permalink
- Embed this notice
  Nick (internic@mathstodon.xyz)'s status on Wednesday, 26-Mar-2025 17:38:31 JST Nick
  - Kevin Beaumont
  - Simonoid
  @GossiTheDog @simonoid Do these actually work on up-to-date iPhones? I know I've seen a lot of claims about tools to gain access to mobile devices that then turn out to only actually work on older OS versions (presumably old enough to have known exploits).
  
  In conversation about 14 days ago permalink
- Embed this notice
  Ehay2k (ehay2k@mastodon.social)'s status on Wednesday, 26-Mar-2025 20:42:02 JST Ehay2k
  in reply to
  @kchr @GossiTheDog @kimzetter
  I don't THINK it, I KNOW it, because it is NOT an approved app for government communications. Period. And you can't just install apps on government managed devices that handle classified (and even SBU) data. AND there was an NSA Opsec special bulletin warning DoD and intelligence staff about Signal vulnerabilities and that it was NOT TO BE USED for non-public official info
  See this: https://www.npr.org/2025/03/25/nx-s1-5339801/pentagon-email-signal-vulnerability
  But I'm betting you knew that.
  #toodles #whackatroll
  In conversation about 14 days ago permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: npr.brightspotcdn.com
    
    Days after the Signal leak, the Pentagon warned the app was the target of hackers
    
    A Pentagon-wide advisory that went out one week ago warned against using Signal, the messaging app, even for unclassified information.
- Embed this notice
  Noor (kchr@infosec.exchange)'s status on Wednesday, 26-Mar-2025 20:42:04 JST Noor
  in reply to
  @Ehay2k @GossiTheDog @kimzetter What makes you think Signal was not an approved app on a government-issued device? Whoever manages these devices surely works in/for/with an agency that reports to the POTUS in the end. They probably have vK on that list as well by this point
  
  In conversation about 14 days ago permalink
- Embed this notice
  Ehay2k (ehay2k@mastodon.social)'s status on Wednesday, 26-Mar-2025 20:42:05 JST Ehay2k
  - Kevin Beaumont
  - Kim Zetter
  @GossiTheDog @kimzetter
  And these were personal devices, because you can't install non-approved apps like #Signal on a government-issued device unless you illicitly bypass the device management system. And as personal devices, they are much more likely to be compromised because they are managed by people without any cybersecurity expertise. And because they're not monitored no one will know if they are compromised. It's just an awful cyber security rabbit hole.
  They should all go to jail.
  
  In conversation about 14 days ago permalink
- Embed this notice
  Ehay2k (ehay2k@mastodon.social)'s status on Wednesday, 26-Mar-2025 21:24:19 JST Ehay2k
  @GossiTheDog @kchr @kimzetter
  JFC, that's from #Foxnews, so they whitewashed this small detail:
  "Organizations may already have these best practices in place, such as secure communication
  platforms and multifactor authentication (MFA) policies. In cases where organizations do not, apply the
  following best practices to your mobile devices"
  #Signal is absolutely NOT approved for DoD classified/SBU comms. It is recommended for personal, non official comms only
  Stop spreading #misinformation
  
  In conversation about 14 days ago permalink
- Embed this notice
  Ehay2k (ehay2k@mastodon.social)'s status on Wednesday, 26-Mar-2025 22:30:27 JST Ehay2k
  @GossiTheDog @kchr @kimzetter
  Nope. Show me where #Signal is approved anywhere within the #USGovernment for official non-public communications.
  #CISA is recommending best practices in the absence of any official guidelines: "Organizations may already have these best practices in place, such as secure communication platforms and multifactor authentication (MFA) policies."
  And you can bet 100% that everybody in the national security apparatus has official policies and apps. Signal isn't one.
  
  In conversation about 14 days ago permalink
- Embed this notice
  Ehay2k (ehay2k@mastodon.social)'s status on Wednesday, 26-Mar-2025 23:43:24 JST Ehay2k
  @GossiTheDog @kchr @kimzetter
  And again, I challenge you to show me ANYWHERE that #Signal is permitted for the processing or storage of non-public government information. The NSA memo (link below) explicitly calls out that it shall not be used even for *unclassified* (protected, FOUO, CUI) data. And that would apply to everybody in the national security apparatus.
  Anybody stating anything to the contrary is a liar, a shill or both.
  https://www.scribd.com/document/843124910/NSA-full
  #nationalsecurity #cybersecurity
  
  In conversation about 14 days ago permalink

Public

Conversation

Notices

Feeds