News/Interesting Stories/Beautiful Pictures from Europe ๐ช๐บ
(Current banner: Thunder mountain, Germany, ๐ฉ๐ช ) Feel free to post submissions for banner pictures
(This list is obviously incomplete, but it will get expanded when necessary)
Also check out [email protected]
EvE Online should be mandatory training for anyone with a security clearance. Minimum of six months in Goonswarm, Pandemic Horde, Fraternity, or The Initiative.
https://cad-comic.com/comic/one-of-us/
That's only a slight exaggeration. I had a "chat" with one of our intel officers at one point due to a IRL purchase of PLEX.
Edit: maybe just Goonswarm. They do the intelligence and spy stuff the best.
How is it possible to accomplish a man in the middle attack on a TLS secure connection ? Hotel wifi or not, unless something major like Singaporean gov interfered with the connection, forced forged certificates into his phone, I don't see how this was put off by compromising the connection .
I bet they are covering for the Fact that one of them has downloaded malware into his device to masturbate to a hot girl living next to him kinda ad. and then malware shared back that data to Russia. or they have a spy among them and Germany isn't ready to admit having its defense forces compromised with Russian assets.
The easiest explanation is the room was bugged and the general stayed there.
Everyone forgets the old school stuff. It doesn't matter how well your connection is encrypted if the GRU has the room next to you.
they were using an insecure method to connect with webex, so something like a dial-in number for using it without a computer i guess. that is probably not encrypted. the meeting could have been a fax anyway
Do you think Webex doesn't reject insecure connections ? it is the bare minimum for any web app.
but the audio in the hands of the Russians sounds crystal clear! and you can hear all the participants very clearly, which means it has been captured from one of the involved devices.
I don't see how it matters if you use hotel WiFi or mobile if the mobile mast you connect to is controlled by a hostile government.
What matters is what you were sending wasn't secured at source.
Although Wikipedia tells you the range and I'm pretty sure even Russia have access to maps and a compass.
This happened because of an unintended backdoor into an end to end encrypted conversation.
The British Government are actively trying to get back doors put into end to end encryption by law.
They are doing this so they can spy on their own citizens to ostensibly make Britain safer.
But as you can see, it actually would make it less safe.
Should have used jitsi... It's free too!
It is fine if you use unprotected wifi and then connect to a VPN.
These VPN an campaigns are incredibly detrimental to people's understanding of security mechanisms in the internet.
How would this not have helped out in this case? I imagine the Bundeswehr must have an organization-wide VPN which would render any MITM in a local Wifi network impossible, barring user error.
You don't even need a VPN if the software uses proper TLS encryption or equivalent
TLS downgrade attacks are a thing, and can enable MITM attacks. There are server-side mitigations (such as only allowing TLS 1.2+ which should be the case but often isn't because the server has to support a niche user or application that only supports TLS 1.1), and since you usually don't know which TLS version you are using, for very sensitive connections it should be assumed that TLS is not enough.
Don't even get me started on the non-security of standard mobile/landline calls. They're basically transparent for an attacker with means like Russia's.
Proper E2E encryption and/or a VPN should be mandatory for a call to be considered secure, period.
I like the American option. We just built an entire second Internet and air-gapped it.
If WebEx is susceptible to MITM attacks, it shouldn't be used for sensitive calls. It's better to use a VPN, but something like this should not happen at all, even without VPNs.
"I think that's a good lesson for everybody: never use hotel internet if you want to do a secure call," Germany's ambassador to the UK, Miguel Berger, told the BBC this week.
โฆ
The exact mode of dial-in is "still being clarified", Germany has said.
OK, well the exact mode kinda fucking matters before you just scapegoat a hotel.
This smells like a coverup.
In a world where I can deploy end to end encrypted comms servers to an old computer in my house, the fucking military of any country should, at a minimum, require encryption to join meetings where military strategy is being discussed.
The simplest and most straightforward answer is usually the correct one: The hotel room was probably bugged.
Yes
This is what happens without E2EE.
They can discuss missile targets but they don't know how to set a secure comm channel, it makes me wonder... how old were they? why don't they give a device with pre-installed VPN (incl. Killswitch) to all certain-rank officials and get done with this?...
I think one issue is for high officials that outrank everyone, they can get away with getting an insecure device because they prefer an iPhone over the custom hardened phone on Android 10 locked down for secure reasons.
Not sure what their age has to do with it
They do.
End to end encryption
USE IT