Messenger Tox and (more) Telegram InSecurity

https://words.filippo.io/dispatches/telegram-ecdh/ https://blog.tox.chat/2023/03/redesign-of-toxs-cryptographic-handshake/ thx @jermanuts #1 (comment)
beerisgood · Apr 27, 2024 · ea99730 · ea99730
1 parent caed214
commit ea99730
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/README.md b/README.md
@@ -25,7 +25,7 @@
 * Docker - the [security nightmare](https://wonderfall.dev/docker-hardening/#is-it-really-a-security-nightmare) of [dependencies](https://wonderfall.dev/docker-hardening/#the-nightmare-of-dependencies) and [hidden place](https://community.atlassian.com/t5/Trust-Security-articles/Hiding-malware-in-Docker-Desktop-s-virtual-machine/ba-p/1924743) for malware and [exposed](https://arxiv.org/pdf/2307.03958.pdf) secrets and private keys
 * SIM Card [Hijacking](https://www.maketecheasier.com/sim-card-hijacking/): How it works and what you can do about it
 * [SS7](https://secure-voice.com/ss7_attacks/) Attacks: Intercepting SMS and calls as easy as ABC
-* Messenger (problems): [Whatsapp's Backups](https://sudneela.github.io/posts/the-workings-of-whatsapps-end-to-end-encrypted-backups/), [Signal's Sealed Sender](https://www.ndss-symposium.org/ndss-paper/improving-signals-sealed-sender/), [Telegram](https://portswigger.net/daily-swig/multiple-encryption-flaws-uncovered-in-telegram-messaging-protocol)'s [*Cryptanalysis*](https://www.cryptofails.com/post/70546720222/telegrams-cryptanalysis-contest) [security](https://blog.bytebytego.com/p/ep29-online-gaming-protocol#§is-telegram-secure), Three Lessons from [Threema](https://breakingthe3ma.app/), [Converso - how to uncover extraordinary claims](https://crnkovic.dev/testing-converso/) 
+* Messenger (problems): [Whatsapp's Backups](https://sudneela.github.io/posts/the-workings-of-whatsapps-end-to-end-encrypted-backups/), [Signal's Sealed Sender](https://www.ndss-symposium.org/ndss-paper/improving-signals-sealed-sender/), [Telegram](https://portswigger.net/daily-swig/multiple-encryption-flaws-uncovered-in-telegram-messaging-protocol)'s [*Cryptanalysis*](https://www.cryptofails.com/post/70546720222/telegrams-cryptanalysis-contest) and [very](https://words.filippo.io/dispatches/telegram-ecdh/) old [InSecurity](https://blog.bytebytego.com/p/ep29-online-gaming-protocol#§is-telegram-secure), Three Lessons from [Threema](https://breakingthe3ma.app/), [Converso - how to uncover extraordinary claims](https://crnkovic.dev/testing-converso/), Tox handshake [vulnerablity](https://blog.tox.chat/2023/03/redesign-of-toxs-cryptographic-handshake/)
 * Browser Insecurity: [Pale Moon](https://seirdy.one/notes/2022/06/01/pale-moon/), [ungoogled-Chromium](https://qua3k.github.io/ungoogled/), [Brave](https://www.spacebar.news/p/stop-using-brave-browser)
 * [SMS phishing](https://www.bejarano.io/sms-phishing/) is way too easy
 * [Why](https://gergelykalman.com/why-you-shouldnt-use-a-commercial-vpn-amateur-hour-with-windscribe.html) you [shouldn't](https://gist.github.com/joepie91/5a9909939e6ce7d09e29) [*use*](https://superuser.com/a/926524) VPN [services](https://educatedguesswork.org/posts/public-wifi/). Use [MPRs](https://invisv.com/articles/relay.html)