Notices by Micah Lee (micahflee@infosec.exchange)

👀 A New Anonymous Phone Carrier Lets You Sign Up With Nothing but a Zip Code https://www.wired.com/story/new-anonymous-phone-carrier-sign-up-with-nothing-but-a-zip-code/

https://replaceyourboss.ai/

Apple and WhatsApp vow to defend users in US as spyware companies make inroads with Trump administration https://www.theguardian.com/technology/2025/nov/10/apple-whatsapp-spyware-paragon

I was interviewed on the Kill Switch podcast about ICEBlock app, the mutual aid group NorCal Resist, and the insane situation we’re in where Apple and Google are collaborating with Trump to censor apps at will https://podcasts.apple.com/us/podcast/kill-switch/id1449757372?i=1000732939606

Proton Mail suspended the account of a journalist writing for the hacker zine Phrack at the request of a cybersecurity agency, only reinstating the account after public outcry https://theintercept.com/2025/09/12/proton-mail-journalist-accounts-suspended/

@khm @dalias I didn't try confirming it was exploitable because his ego is so fragile he'd probably want to sue me for it. And he updated to a new version of Apache (without known critical CVEs) after I published my post, btw, so in the end I helped him

I told Joshua Aaron, developer of ICEBlock, that he was running a vulnerable version of Apache on his server. He ignored my vulnerability report and blocked me, and his service is still vulnerable today https://micahflee.com/iceblock-handled-my-vulnerability-report-in-the-worst-possible-way/

Italian dockworkers threaten Israel cargo ban if Gaza flotilla blocked https://www.politico.eu/article/italian-dockworkers-threaten-israel-cargo-ban-gaza-flotilla-departs-genova/

My DEFCON talk "We are currently clean on OPSEC" now has over 30k views on YouTube, so now more people watched my talk than attended DEFCON itself. If you haven't seen it, please do! The Trump admin's incompetence is mindbogglingly BONKERS https://www.youtube.com/watch?v=KFYyfrTIPQY

Check out my #DEFCON33 talk about the Signalgate, full of unbelievable incompetence from the highest levels of the Trump administration https://www.youtube.com/watch?v=KFYyfrTIPQY

@andymouse @NfNitLoop

Yeah, that's not true. Read up on how Signal is engineered to cryptographically prevent themselves from having access to group metadata and message sender metadata that you're claiming they could share with law enforcement:

https://signal.org/blog/sealed-sender/

https://signal.org/blog/signal-private-group-system/

There's plenty of real things you could criticize about Signal, so maybe stick to those and not the misinformation?

I wrote about how to turn in-person meetings into Signal groups, how to manage large semi-public Signal groups while vetting new members, and how to use announcement-only Signal groups, perfect for rapidly responding to ICE raids https://micahflee.com/using-signal-groups-for-activism/

Check it out. I just published TeleMessage Explorer: a new open source research tool https://micahflee.com/telemessage-explorer-a-new-open-source-research-tool/

My latest on the clean OPSEC saga: TeleMessage customers include DC Police, Andreesen Horowitz, JP Morgan, and hundreds more https://micahflee.com/telemessage-customers-include-dc-police-andreesen-horowitz-jp-morgan-and-hundreds-more/

Here's how the TM SGNL server, which had access to plaintext chat logs from people like Mike Waltz, got hacked in about 20 minutes https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/ (my first article in WIRED!)

DOGE bro Kyle Schutt's computer infected by malware, credentials found in stealer logs https://micahflee.com/doge-bro-kyle-schutts-computer-infected-by-malware-credentials-found-in-stealer-logs/

@dalias yup, well said

The source code for the TM SGNL apps (basically a backdoored version of Signal used by Trump officials) is public! Since it's open source, I've pushed it to github for easier research https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/

iOS code: https://github.com/micahflee/TM-SGNL-iOS

Android code: https://github.com/micahflee/TM-SGNL-Android

I wrote up a detailed analysis of TM SGNL, the unofficial Signal app that senior Trump fascists use to organize their war crimes https://micahflee.com/tm-sgnl-the-obscure-unofficial-signal-app-mike-waltz-uses-to-text-with-trump-officials/

They're explicitly trying to make antisemitic speech legal, so that just anti-Israel speech will be illegal https://forward.com/fast-forward/716347/antisemitism-bill-congress-jews-jesus/