from what I understand, this is a government issued wiretapping against that specific services/servers (hosted by Hetzner and Linode in Germany?) and not a general TLS exploit.
so nothing interesting or unique. On Sun, 22 Oct 2023 09:04:39 +0000 Slavko via mailop <mailop@mailop.org> wrote: > Hi all, > > while not directly about email, recently was published details > about success MiTM attack against XMPP server, the attacker > was able to decrypt TLS communication without notice (from > both sides, the server and client) and was success for at least > three months, see > > https://notes.valdikss.org.ru/jabber.ru-mitm/ > > In short: The attacker used valid LE certificate (requested by > self) to intercept traffic. The victims was services hosted on > Hetzner and LinodeĀ and it seems as Germany government's > action (not confirmed, but if true, it will never be). > > IMO, that attack can be success on any TLS service (including > email) and for any place (clouds, own, ...), thus it is worth to be > aware of it, as your service can be not as private as one can > think. > > regards > > -- > Slavko > https://www.slavino.sk/ > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
