mailing list archives
re: Insecurity in Finnish parlament (computers)
From: Markus Jansson <markus.jansson () hushmail com>
Date: Tue, 21 Feb 2006 06:35:15 +0200
>entitled as "Cell phone operator sent 7000-large government account
>information with unprotected e-mail".
Good article, but it lacks one important aspect of the fiasco:
TeliaSonera also disabled crypto (A5/1) on GSM:s for some time, which
made it possible to eavesdrop on its/goverments GSM:s. This was a the
OK, basically whether or not you are using A5/1 or A5/0 makes no
difference, since A5/1 is so easily cracked that any serious attacker
can do it anyway (or crack COMP-128-1 or COMP-128-2). If you have the
tools to capture/listen GSM calls, you can relatively easily get the
stuff to attack A5/1 and COMP-128-1 or 2 anyway. But ofcourse it was
nice to "hype" about the fact that TeliaSonera disabled crypto too. And
maybe some folks dont still understand that A5/1 is broken and think
that it offers some protection. LOL.
Anyway, only sensible way to secure govermental cellurar phones would be
use strong crypto/suitable GMS:s, like http://www.cryptophone.de/ so
that every member of goverment/parlament could talk securely with any
other member of govermenet/parlament and some officials too. Ofcourse if
people in Finnish parlament or infosec/compsec sections would know a
drek about crypto and security, they would have already done it. ;)
Putting all their eggs again in one basket (Elisa) and without strong
end-to-end-crypto does not help much.
BTW. How long would you think it would take them to spot
false-base-station type of attacks near our parlament house? ;)
ï»¿My computer security & privacy related homepage
Use HushTools or GnuPG/PGP to encrypt any email
before sending it to me to protect our privacy.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/