Single post
jump to replies
joernchen 
(open profile)
I smell quite some FUD about the alleged Signal 0day.
The recommendation is to turn off link previews, however link previews are generated on the sender side. Just tested, with link previews turned off you’ll still receive them from a device that sends those.
I think this would mean either:
- Turning off link previews isn’t a sufficient mitigation
or
- The vuln is triggering on the sender side that means someone needs to convince you to create a message containing a malicious link
or
- The whole thing is fake and just a nice troll
3 replies
back to top
cynicalsecurity 
(open profile)
@joern link previews are a bad idea anyway, more useless parsing in a secure app, whether on the sender or recipient side. Just like sexy Markdown.
joernchen
(open profile)
@cynicalsecurity what‘s not-sexy Markdown?
cynicalsecurity
(open profile)
@joern *text* remains *text* ;)