Buongiorno, spiegato l'arcano di una delle più importanti intercettazioni della storia recente.
Sotto trovate il testo della notizia, ma prima metto un executive summary: il ministro Pistorious può così _frignare_ "Our communication systems were not compromised", ma poter instaurare a una call su Cisco WebEx [1] senza l'obbligo di usare la crittografia E2EE è una falla di sicurezza grande come una montagna: --8<---------------cut here---------------start------------->8--- Known limitations Transcoding, Automatic Closed Captioning, Transcription, PSTN, and other cloud-based services that require the cloud to access the media are not available at this time, as they are not supported by the Zero-Trust Security model for End-to-End Encryption v2 (E2EEv2). A participant joining from a Webex device must be one of the first 205 participants of any kind in the meeting, or their connection will require transcoding. As this is not supported, they will not be admitted to the meeting. The maximum number of participants in an E2EEv2 meeting is 1000. SIP video or telephone devices cannot join E2EEv2 meetings, as E2EEv2 is not available in the SIP protocol. --8<---------------cut here---------------end--------------->8--- (via [2]) Cioè in una conversazione E2EE *non* si può avvedere via PSTN (o SIP), come pare abbia fatto uno dei partecipanti. Non ho mai usaro quel servizio ma da quello che ho capito è "il moderatore" della call su WebEx che *deve* verificare lo stato della crittografia E2E con una semplice procedura [3]: --8<---------------cut here---------------start------------->8--- If you want to verify the security of the end-to-end encryption connection, communicate the security code to all participants, either verbally or in a message outside the Webex App. Ask all participants if they see the same code in the meeting. If any participants don’t see the same security code, ask them to leave the meeting and join again, and then verify that their security code matches the current code. The current code you see may be an updated one. If there are any issues, contact your administrator. --8<---------------cut here---------------end--------------->8--- Il traffico di quella conversazione era *in chiaro* su quella linea PSTN (SIP?) di Singapore, un gioco da bambini dell'asilo intercettarla. https://www.politico.eu/article/german-defense-minister-blames-taurus-call-leak-officer-logging-via-insecure-hotel-line/#main --8<---------------cut here---------------start------------->8--- Berlin blames Taurus call leak on officer logging in via insecure Singapore hotel line ═══════════════════════════════════════════════════════════════════════════════ Germany is scrambling to clean up the damage following an embarrassing leak of secret information to the Russians. The audio of German military officers discussing top secret information was intercepted by Russia only because one of them logged in through an insecure line from a hotel room in Singapore, Defense Minister Boris Pistorius said Tuesday. Addressing the leak in Berlin following an investigation by Germany's Military Counterintelligence Service, Pistorius insisted the incident was a one-off. "Our communication systems were not compromised," he said. On Friday, Russia's state-run media outlet Russia Today released details of a 38-minute call between senior German officers — including the chief of the air force — in which they discussed the hypothetical dispatch of Taurus cruise missiles to Ukraine as part of preparations for a meeting with Pistorius. Chancellor Olaf Scholz is opposed to sending the missiles, and the issue has splintered his governing coalition. One of the participants — [reported] to be Brigadier General Frank Gräfe — dialed into the WebEx call from a hotel room in Singapore where he was visiting an airshow. Over the weekend, the government [confirmed] the veracity of the recording. Pistorius on Sunday [called it] a "hybrid disinformation attack" by Russia, although the recording published by Moscow was not faked. [...] [Joshua Posaner] <https://www.politico.eu/author/joshua-posaner/> [reported] <https://www.politico.eu/article/the-russian-mfa-summoned-germanys-ambassador-in-moscow-amid-a-leaked-bundeswehr-audio-scandal/> [confirmed] <https://www.politico.eu/article/germany-investigating-leak-in-russia-of-audio-purportedly-showing-discussion-of-ukraine-aid/> [called it] <https://www.politico.eu/article/german-defense-minister-accuses-moscow-of-a-disinformation-attack-in-leaking-call-by-senior-officers-taurus-pistorius-ukraine-war/> [Kremlin is celebrating] <https://www.politico.eu/article/the-russian-mfa-summoned-germanys-ambassador-in-moscow-amid-a-leaked-bundeswehr-audio-scandal/> [according] <https://tass.com/politics/1755191> --8<---------------cut here---------------end--------------->8--- Saluti, 380° [1] https://en.wikipedia.org/wiki/Cisco_Webex [2] https://help.webex.com/en-us/article/5h5d8ab/End-to-end-encryption-with-identity-verification-for-Webex-meetings#Cisco_Reference.dita_93711eff-3c4f-4648-a393-c578a897bea3 [3] https://help.webex.com/en-us/article/rzam8/Join-a-Webex-Meeting-with-End-to-End-Encryption#Cisco_Generic_Topic.dita_152cb705-3165-4bc8-8370-445411d656d3 -- 380° (Giovanni Biscuolo public alter ego) «Noi, incompetenti come siamo, non abbiamo alcun titolo per suggerire alcunché» Disinformation flourishes because many people care deeply about injustice but very few check the facts. Ask me about <https://stallmansupport.org>.
signature.asc
Description: PGP signature
_______________________________________________ nexa mailing list nexa@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa
