Post AzFWwjxVNPFJ2j5bRw by sgillies@mastodon.social
(DIR) More posts by sgillies@mastodon.social
(DIR) Post #AzBy5ZGIRA04bTTNgm by vinoth@infosec.exchange
2025-10-14T04:51:16Z
3 likes, 8 repeats
This is insane! A few researchers from UCSD and UMCP scanned bunch of satellite links, found much of the traffic is not encrypted, and went on to decode them. It's amazing what came out. - T-Mobile backhaul: Users' SMS, voice call contents and internet traffic content in plain text. - AT&T Mexico cellular backhaul: Raw user internet traffic- TelMex VOIP on satellite backhaul: Plaintext voice calls - U.S. military: SIP traffic exposing ship names - Mexico government and military: Unencrypted intra-government traffic - Walmart Mexico: Unencrypted corporate emails, plaintext credentials to inventory management systems, inventory records transferred and updated using FTPWhile it is important to work on futuristic threats such as Quantum cryptanalysis, backdoors in standardized cryptographic protocols, etc. - the unfortunate reality is that the vast majority of real-world attacks happen because basic protection is not enabled. Lets not take our eyes off the basics. Great work, Wenyi Zhang, Annie Dai, Keegan Ryan, Dave Levin, Nadia Heninger and Aaron Schulman! https://satcom.sysnet.ucsd.edu/docs/dontlookup_ccs25_fullpaper.pdf
(DIR) Post #AzC0V9WawvUCDcQLeC by condret@shitposter.world
2025-10-14T07:23:05.979241Z
0 likes, 1 repeats
@vinoth please take your eyes of the basics. i want to live in the world, where some guy with the right tech can break gov infrastructure.
(DIR) Post #AzD9MAjmAIjc7QLFi4 by shironeko@fedi.tesaguri.club
2025-10-14T20:37:02.005267Z
0 likes, 0 repeats
@vinoth don't look up :blobbroken:
(DIR) Post #AzEipafEXYWyTrwLuy by light@noc.social
2025-10-15T12:30:06Z
0 likes, 0 repeats
@condret @vinoth And also spy on ordinary people's phone calls?
(DIR) Post #AzEipbvvoxTwPwlCaG by condret@shitposter.world
2025-10-15T14:49:13.251932Z
0 likes, 1 repeats
@light @vinoth you're taking this way too serious
(DIR) Post #AzFWeuzlbXU23keJ3w by futurebird@sauropods.win
2025-10-16T00:07:29Z
0 likes, 1 repeats
@vinoth And I thought the packet sniffing subplot in my scifi story was maybe too unrealistic because it involves just happening to find that some of the traffic isn't encrypted. I thought "this is silly no one would do that" ... but maybe it's fine?
(DIR) Post #AzFWwjxVNPFJ2j5bRw by sgillies@mastodon.social
2025-10-16T00:10:38Z
0 likes, 0 repeats
@futurebird Is it set in a post-Copilot/ChatGPT world? Then it's fine.
(DIR) Post #AzFYeWawWZRQI7yhOq by dlakelan@mastodon.sdf.org
2025-10-16T00:29:47Z
0 likes, 0 repeats
@futurebirdYeah its fine. Maybe even quote that line from the Matt Blaze thread linked by others.I remember in the 90s we would just telnet all around the Iowa State campus. It was exceptional because instead of clear text passwords we were using kerberized telnet so there was at least a password less login system. But basically all my terminal sessions were just clear text, you could read my email off my screen with a packet sniffer... ssh only came in later towards like 1996 or 97@vinoth
(DIR) Post #AzFYecFtTkAXqaAyQK by dlakelan@mastodon.sdf.org
2025-10-16T00:29:48Z
0 likes, 0 repeats
@futurebirdThese days theres still plenty of clear text if you have the right packet sniffing vantage point. Lots of database connections probably plaintext inside companies etc@vinoth
(DIR) Post #AzFmdFlF1eGR9P5CW8 by stevenaleach@sigmoid.social
2025-10-16T03:06:25Z
0 likes, 0 repeats
@futurebird @vinoth https://www.wired.com/story/satellites-are-leaking-the-worlds-secrets-calls-texts-military-and-corporate-data/
(DIR) Post #AzGtnpyu6jZBDeQYsK by Flyingmana@phpc.social
2025-10-16T16:01:28Z
0 likes, 0 repeats
@futurebird @vinoth apparently it is a lesson which needs to be relearned every decade when a new set of IT companies develop their own software.The same as currently AI tools are falling prey to the same injection patterns which in the past happened via sql injections