Full Disclosure mailing list archives

re: Insecurity in Finnish parlament (computers)

From: Markus Jansson <markus.jansson () hushmail com>
Date: Tue, 21 Feb 2006 06:35:15 +0200

Juha-Matti Laurio:
>http://blogs.securiteam.com/index.php/archives/299
>entitled as "Cell phone operator sent 7000-large government account
>information with unprotected e-mail".

Good article, but it lacks one important aspect of the fiasco:

TeliaSonera also disabled crypto (A5/1) on GSM:s for some time, whichmade it possible to eavesdrop on its/goverments GSM:s. This was a the"big" fuzz.

OK, basically whether or not you are using A5/1 or A5/0 makes nodifference, since A5/1 is so easily cracked that any serious attackercan do it anyway (or crack COMP-128-1 or COMP-128-2). If you have thetools to capture/listen GSM calls, you can relatively easily get thestuff to attack A5/1 and COMP-128-1 or 2 anyway. But ofcourse it wasnice to "hype" about the fact that TeliaSonera disabled crypto too. Andmaybe some folks dont still understand that A5/1 is broken and thinkthat it offers some protection. LOL.

Anyway, only sensible way to secure govermental cellurar phones would beuse strong crypto/suitable GMS:s, like http://www.cryptophone.de/ sothat every member of goverment/parlament could talk securely with anyother member of govermenet/parlament and some officials too. Ofcourse ifpeople in Finnish parlament or infosec/compsec sections would know adrek about crypto and security, they would have already done it. ;)Putting all their eggs again in one basket (Elisa) and without strongend-to-end-crypto does not help much.

BTW. How long would you think it would take them to spotfalse-base-station type of attacks near our parlament house? ;)


--
ï»¿My computer security & privacy related homepage
http://www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email
before sending it to me to protect our privacy.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Insecurity in Finnish parlament (computers) Olli Haukkovaara (Feb 20)
- <Possible follow-ups>
- re: Insecurity in Finnish parlament (computers) Markus Jansson (Feb 20)
  - Re: Insecurity in Finnish parlament (computers) Olli Haukkovaara (Feb 21)
- re: Insecurity in Finnish parlament (computers) Juha-Matti Laurio (Feb 20)
- re: Insecurity in Finnish parlament (computers) Markus Jansson (Feb 21)
  - Re: Insecurity in Finnish parlament (computers) Olli Haukkovaara (Feb 21)
- re: Insecurity in Finnish parlament (computers) Juha-Matti Laurio (Feb 21)
- re: Insecurity in Finnish parlament (computers) Markus Jansson (Feb 21)
- re: Insecurity in Finnish parlament (computers) Juha-Matti Laurio (Feb 21)
  - re: Insecurity in Finnish parlament (computers) Jess Kitchen (Feb 21)
  - Re: Insecurity in Finnish parlament (computers) Olli Haukkovaara (Feb 22)
- Re: Insecurity in Finnish parlament (computers) Markus Jansson (Feb 21)
  - Re: Insecurity in Finnish parlament (computers) Olli Haukkovaara (Feb 22)
- Re: Insecurity in Finnish parlament (computers) Markus Jansson (Feb 22)
  - Re: Insecurity in Finnish parlament (computers) Olli Haukkovaara (Feb 23)

(Thread continues...)