Julian Oliver on Nostr: Still doing the rounds, the so-called 'de-anonymisation attack'/'0day' against ...
Still doing the rounds, the so-called 'de-anonymisation attack'/'0day' against Signal, Discord etc is an exaggeration. It is however totally valid as a loose/vague geo-location discovery vector by way of CDNs.
I note that claims it's the work of "a 15-year-old high school junior" (https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117) also should not be repeated too much, given that HackerOne said a bug reported by them (Adobe) was resolved 8 years ago. They would have been 7 years old at the time.
#infosec
I note that claims it's the work of "a 15-year-old high school junior" (https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117) also should not be repeated too much, given that HackerOne said a bug reported by them (Adobe) was resolved 8 years ago. They would have been 7 years old at the time.
#infosec