Trump admin using INSECURE "Signal" app

jross · March 27

The CEO of tech companies get phished in internal security tests. Everyone is susceptible to a well orchestrated operation.

Wrestleknownothing · March 27

On 3/27/2025 at 12:33 PM, jross said:

The CEO of tech companies get phished in internal security tests. Everyone is susceptible to a well orchestrated operation.

Expand

Precisely. And that is why Signal is not approved for this type of communication. And these people were reminded of that one month ago by the NSA. Yet...

Bigbrog · March 27

On 3/27/2025 at 1:22 PM, Wrestleknownothing said:

Precisely. And that is why Signal is not approved for this type of communication. And these people were reminded of that one month ago by the NSA. Yet...

Expand

So, you are saying people can't get phished or vished using another type of communication method? There are communication programs out there that in no way can be hacked by humans getting fooled and/or making mistakes??

Partisan arguing at its finest going on here.

Wrestleknownothing · March 27

On 3/27/2025 at 1:29 PM, Bigbrog said:

So, you are saying people can't get phished or vished using another type of communication method? There are communication programs out there that in no way can be hacked by humans getting fooled and/or making mistakes??

Partisan arguing at its finest going on here.

Expand

I am not saying that at all.

I am saying they used a protocol that was not approved for the use.

I am saying they were reminded of that one month ago by the NSA.

I am saying there are other protocols that are approved for use, because they are known to be more secure than the unapproved protocol.

I am saying they are morons and liars.

You can attempt to dismiss this as partisan, but that is a partisan objection. It does not matter the party of the moron. A moron is a moron. Hegseth was so far and away the least qualified person ever nominated to head the department of defense. This was known ahead of time. And now he is amply demonstrating that fact.

Caveira · March 27

On 3/27/2025 at 1:53 PM, Wrestleknownothing said:

I am not saying that at all.

I am saying they used a protocol that was not approved for the use.

I am saying they were reminded of that one month ago by the NSA.

I am saying there are other protocols that are approved for use, because they are known to be more secure than the unapproved protocol.

I am saying they are morons and liars.

You can attempt to dismiss this as partisan, but that is a partisan objection. It does not matter the party of the moron. A moron is a moron. Hegseth was so far and away the least qualified person ever nominated to head the department of defense. This was known ahead of time. And now he is amply demonstrating that fact.

Expand

We had a security related issue where someone was able to scrape pwd’s out of the browser (chrome) cache…. So we are now forced to use a more secure browser internally that does not have capability to scrape, keep pwd’s in your key chain, and most annoying no copy and paste. (That sucks).

with that said. We now can’t use chrome for any communication app. Not slack. Not teams. Not email. Not anything. It’s been fully locked down. Why are these protocols as you say that aren’t approved allowed to be even used. If I know an anything about humans is they will not follow verbal warnings for anything. It has to be physically removed / locked down / etc…. I think this goes especially for corporate execs and arrogant politicians.

with high level examples like this. Where is the gov IT cybersecurity teams. How incompetent are they?

note: this doesn’t excuse the other idiots that did idiot things.

Wrestleknownothing · March 27

On 3/27/2025 at 2:09 PM, Caveira said:

We had a security related issue where someone was able to scrape pwd’s out of the browser (chrome) cache…. So we are now forced to use a more secure browser internally that does not have capability to scrape, keep pwd’s in your key chain, and most annoying no copy and paste. (That sucks).

with that said. We now can’t use chrome for any communication app. Not slack. Not teams. Not email. Not anything. It’s been fully locked down. Why are these protocols as you say that aren’t approved allowed to be even used. If I know an anything about humans is they will not follow verbal warnings for anything. It has to be physically removed / locked down / etc…. I think this goes especially for corporate execs and arrogant politicians.

with high level examples like this. Where is the gov IT cybersecurity teams. How incompetent are they?

note: this doesn’t excuse the other idiots that did idiot things.

Expand

It puts me in mind of another vulnerability. In some organizations if you are high enough on the totem pole you can convince yourself that the rules do not apply to you. And if you have enough power, you can make it so.

Caveira · March 27

On 3/27/2025 at 2:40 PM, Wrestleknownothing said:

It puts me in mind of another vulnerability. In some organizations if you are high enough on the totem pole you can convince yourself that the rules do not apply to you. And if you have enough power, you can make it so.

Expand

That’s the comment I made about some c levels and or arrogant politicians.

Scouts Honor · March 27

On 3/27/2025 at 4:10 AM, RockLobster said:

So much misinformation being piled up in other threads that this topic deserves it's own thread:

The commercial "Signal" messaging app is not secure. It does not use modern encryption, and is a known target of hackers.

Expand

so why did the biden admin set it up?

Scouts Honor · March 27

On 3/27/2025 at 5:12 AM, RockLobster said:

My cooler, calmer head prevailed.

Expand

when do we get to see this person who lives in your schizoid head?

if you had started with him, all of the rest of your post would probably not be necessary

Scouts Honor · March 27

sorry i shouldn't have said biden set it up

his puppet master did

jross · March 27

The F9T53 OPSEC Special Bulletin doesn’t say 'Signal is insecure' in a technical sense. The encryption is not broken. Rather, it flags Signal as insecure in practice for DoD use due to phishing vulnerabilities exploited by Russian hackers.

The phishing warning did not matter if Goldberg’s access was an invite error rather than a hack. The 'insecurity' was procedural.

How could this have been prevented? Using a government or closed access app that a civilian could not use. This could still allow a wrong invite to a government worker on said app. There needs to be a closed access app that also has classification consideration that limits the qualifications of who is accidently invited due to human error. Ask yourself why signal is being used to begin with. (the alternatives must lack usability)

jross · March 27

On 3/27/2025 at 2:09 PM, Caveira said:

Where is the gov IT cybersecurity teams. How incompetent are they?

Expand

I wanted to work for the CIA or FBI in software engineering. Helping my country and get a pension? Yes please. But no thank you to the pay and relocation. Many smart tech folks say no to government work.

Caveira · March 27

On 3/27/2025 at 4:06 PM, jross said:

I wanted to work for the CIA or FBI in software engineering. Helping my country and get a pension? Yes please. But no thank you to the pay and relocation. Many smart tech folks say no to government work.

Expand

I have been around gov tech sales teams too. Same. No one likes selling to them either. They are notoriously outdated with tech, skills, processes etc.

Edited March 27 by Caveira

Sign In

Trump admin using INSECURE "Signal" app

Recommended Posts

jross

Wrestleknownothing

Bigbrog

Wrestleknownothing

Caveira

Wrestleknownothing

Caveira

Scouts Honor

Scouts Honor

Scouts Honor

jross

jross

Caveira

Create an account or sign in to comment

Create an account

Sign in

Latest Rankings

College Commitments

Luke Fugazzotto

Brendan Sholders

Makennah Craft

Desi Lee

Caroline Biegel

Rankings

Browse

Activity

Support