Yeah blame it on hotel internet, not their shitty communication service that's not encrypted.
this post was submitted on 08 Mar 2024
1 points (100.0% liked)
Europe
8484 readers
1 users here now
News/Interesting Stories/Beautiful Pictures from Europe πͺπΊ
(Current banner: Thunder mountain, Germany, π©πͺ ) Feel free to post submissions for banner pictures
Rules
(This list is obviously incomplete, but it will get expanded when necessary)
- Be nice to each other (e.g. No direct insults against each other);
- No racism, antisemitism, dehumanisation of minorities or glorification of National Socialism allowed;
- No posts linking to mis-information funded by foreign states or billionaires.
Also check out [email protected]
founded 1 year ago
MODERATORS
Bad article
What an amazing feat of incompetence! Theyβd be better off just using Signalβ¦
Theyβd be quantum proof as well π https://signal.org/blog/pqxdh/
load more comments
(1 replies)
How the f*ck do you think you can have a "secure" call over uncontrolled networks, devices and locations?
The stupidity!
Called in via SIP or unencrypted mobile network, i bet. Probably because the client via VPN was "too slow"
load more comments
(3 replies)
Isn't like very basic security advice to not use random connections for sensitive information? But than again it's Germany, pretty sure he has his password written down on a sticky note.
load more comments
(1 replies)
an especially secure, certified version
Bwahahahahahhahahahhahahhaa
This doesnt add up... If the software was properly encrypted they shouldn't have been able to carry out a man in the middle attack right?
It they used the client, yes. But in you dial in via sip, that opens up so many ways to screw up. Old software, open wifi, legacy hardware, you name it.
Yes, itβs not the 90s anymore. The network is hostile. If itβs not, nice but youβd be a fool to trust even your own. Encryption all the way!
Maybe he dialed in by telephone? It would be a complete boomer move, but Iβve seen people do it.
He most likely did, at least from what I can deduce from the published recording.
A researcher in cryptography in Berlin, Henning Seidler, believes the most likely theory is that the officer dialled in via his mobile phone and the call was picked up by spies' antenna who can also "forward" the traffic onto the main, official antenna.
Seems like the more likely theory
That is an expensive way to lose your job!
"Intelligence" services cost taxpayers billions a year, so the billion dollar question is why is it possible to dial in to "official" military communications over insecure channels at all?
Why doesn't the government run their own signal or matrix infra? Why are they paying Cisco, and introducing the numerous attack vectors of a proprietary optionally-encrypted service?
The threat of surveillance capitalism isn't just in the dragnet surveillance of the population. It's in the profiteering of "partnerships" between private and public β the drive of corrupt and incompetent political and military leadership to direct funds to sub-optimal proprietary services and protocols, instead of leveraging public funding to contribute to open-source and make hardened systems ubiquitous.
The funny thing is, that the Bundeswehr actually has a communications platform based on Matrix: bwMessenger goes live for Bundeswehr, element.io
Why they're not using it? Who knows...
load more comments
(2 replies)
load more comments
(4 replies)
load more comments
(1 replies)
yes, one side has to automatically or manually accept a fake certificate/key to MITM end to end encryption. you know, like when your browser says "certificate error" and you click on advanced->accept anyway or something like that. if the software always accepts or he manually accepted one, the MITM guy can substitute his own encryption key/cert and decrypt and re-encrypt on the fly.
If you're looking at who is allowed to issue trusted root certificates in common browsers and operating systems, nobody needs to accept nothing to have every possible man in the middle from every major country's intelligence services already in there.
load more comments
(6 replies)
It's always one of two possibilities: shit software or idiot users
Why not both?
In this case shit software. For a secure conference software there should be no possibility for the user to accept invalid certificates.
The developer always has to plan with what we call a DAU in germany (DΓΌmmster anzunehmender User = dumbest user possible), and even that user should have no possibility to accidentally share a secure conference. So as a developer I would: Lock the user to certificates and encryption keys I deem secure and hook into the low level OS functions to grab the screen and disable them to prevent accidental sharing via software like Anydesk and the like which the user forgot to close. This would even interrupt the functions of a simple trojan on the PC.
Of course a dedicated attacker with physical or admin access to the device could always break these. But then you have another big security breach.
load more comments
(2 replies)
This is the best summary I could come up with:
He sounds relaxed on the line as he chats with two colleagues about the "mega" view from his room, and how he's just come back from a drink at a nearby hotel where there's an incredible swimming pool.
Over the next 40 minutes, the group appear to touch upon highly sensitive military issues, including the ongoing debate over whether Germany should send Taurus cruise missiles to Ukraine.
The four participants discussed what targets German-made Taurus missiles could potentially hit if Chancellor Olaf Scholz ever allowed them to be sent to Kyiv - a contentious issue in Germany.
"You have to choose a certain kind of disguise for this disaster," says Mr Kiesewetter, who's also worked at the Nato military alliance and is a member of Germany's opposition conservative CDU party.
But German government figures find suggestions that they are somehow soft on Russia increasingly irritating, particularly because Berlin has donated more weapons aid to Ukraine than any other nation in Europe.
It's further exposed domestic divisions about whether to send Taurus missiles to Ukraine and prompted a wider discussion about the country's perceived defence and security weaknesses.
The original article contains 1,075 words, the summary contains 187 words. Saved 83%. I'm a bot and I'm open source!