Mastodon Feed
Boosted by mattblaze@federate.social ("Matt Blaze"):
SteveBellovin@infosec.exchange ("Steve Bellovin") wrote:
There's an interesting Guardian article on the Signal chat fiasco: https://www.theguardian.com/us-news/2025/apr/06/signal-group-chat-leak-how-it-happened (h/t @wendyg). I won't try to summarize the article; read it yourself. But we have a combination of an AI failure (the phone decided that it was Hughes' phone number), a UI failure (the phone did not make it crystal clear whose contact information was being updated, a user error (Waltz didn't read the phone screen carefully enough because of the second error), a technology problem (there's no official secure text message system, a policy issue (picking Signal even though it lacks important features to secure such exchanges), etc. To quote myself, "complex systems fail in complex ways."