|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Q: Voice over IP security - anyone?
From: Guilherme Mesquita (guy
LINUXBR.COM.BR)Date: Sun Oct 08 2000 - 19:40:05 CDT
- Next message: Jarno Huuskonen: "Re: Core Dump as an Intrusion Event"
- Previous message: antirez: "Re: Core Dump as an Intrusion Event"
- Maybe in reply to: Craig, Scott: "Q: Voice over IP security - anyone?"
- Maybe reply: Guilherme Mesquita: "Re: Q: Voice over IP security - anyone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Well, isnt this a paranoid circunstance? Decrypting a few megabytes into a
backbone is REALLY, but REALLY hard... Well I would say impossible
"selecting" packets in a huge bandwidth and logging everything to files,
since the decryption could not be perfect and the chat could be caught
after the "handshake" between the hosts, etc...
Well if you are talking about testing, ok its unsafe but about real
application of the cracking stuff... well That's another topic which should
be discussed by people which has access to high bandwidth backbones, data
analyzing software and high performance (clustered?) decryption system.
Guilherme
On Sun, 8 Oct 2000, Lincoln Yeoh wrote:
> Date: Sun, 8 Oct 2000 15:13:30 +0800
> To: VULN-DEVSECURITYFOCUS.COM
> From: Lincoln Yeoh <lyeohPOP.JARING.MY>
> Reply-To: Lincoln Yeoh <lyeohPOP.JARING.MY>
> Subject: Re: Q: Voice over IP security - anyone?
>
> At 10:46 AM 10/6/00 +0200, Bluefish (P.Magnusson) wrote:
> >Personly, I believe they are totally clueless. Take the weak GSM
> >enctryption, why is it so weak? There is no point, really, as for the
>
> For GSM it was not cluelessness.
>
> It was public knowledge about a decade ago why it was weak, I believe it
> came up in the major UK newspapers. The encryption was intentionally
> weakened by request of the spy agencies (GCHQ etc). There was a bit of a
> noise about it, then it died down.
>
> Because of that I was very puzzled why there was such a big fuss about
> some
> people cracking the crypto a couple of years ago. I mean, it's
> intentionally weak, so why were people so surprised it was cracked? Also
> don't know why some crypto people appeared to be surprised the crypto was
> weak.
>
> Anyway, you don't even need to crack GSM crypto to listen in. The
> conversation is only encrypted from the phone to the tower (or was it the
> exchange? anyway), from then on it's "clear text". So if the police did
> things the "redtape" way they can listen in without having to crack
> anything. I suppose it's too much of a hassle to get permission from the
> necessary people?
>
> Whatever it is you definitely can listen in to conversations at the phone
> exchange level.
>
> Cheerio,
>
> Link.
- Next message: Jarno Huuskonen: "Re: Core Dump as an Intrusion Event"
- Previous message: antirez: "Re: Core Dump as an Intrusion Event"
- Maybe in reply to: Craig, Scott: "Q: Voice over IP security - anyone?"
- Maybe reply: Guilherme Mesquita: "Re: Q: Voice over IP security - anyone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]