Blog: Fortigate CVE-2023-27997 (XORtigate) in the eyes of the owl
Secure messaging solutions (or not)
Published on
Sometimes it is necessary to do a risk assessment of the use of messaging applications, either to make a choice, to propose risk reduction measures, or just to understand the risks.
Rather than doing the analysis for you, which will depend on the contexts, here are some time-saving elements:
Quarkslab's famous charts that show the origins of applications, encryption, and the risks associated with the use of ads, third-party libraries, or dynamic code loading:
https://twitter.com/quarkslab/status/1126859484062736384
You also have this site which presents a little more in details the functioning of each application as well as some information concerning the companies: https://www.securemessagingapps.com/
The EFF has also published a guide (old and archived) presenting some other criteria like documentation, audit proofs...: https://www.eff.org/node/82654
The document is considered deprecated, but I haven't found an equivalent that is as readable on the other EFF site: https://ssd.eff.org/
Finally, for Telegram fans, here is the presentation at CCC 2018 detailing the tug of war between Russia and Telegram
- Slides: https://darkk.net.ru/35c3/35c3-russia-vs-telegram.pdf
- Video: https://media.ccc.de/v/35c3-9653-russia_vs_telegram_technical_notes_on_the_battle
Good study or analysis 😁
