Eavesdropping on Internal Networks via Unencrypted Satellites
38 points - last Monday at 10:21 PM
SourceSeems very odd to list HTTPS. Intercepting traffic which is only encrypted at a different network layer, is not in any meaningful way intercepting unencrypted traffic.
jeroenhd
today at 12:59 PM
HTTPS still exposes hostnames in most cases, so you can get a gist of wat someone is doing on the internet even if you can't see the exact contents.
The unencrypted transmissions (SMS, phone calls) are much more interesting to listen in on, of course.
bigfatkitten
last Monday at 11:12 PM
Iβm not sure where the novelty is in this research. Itβs basically reporting something that has been universally known for decades.
Universally known to whoever wanted to intercept that traffic.
Maybe and hopefully not known to the staff of those networks (the current staff could be maintaining what somebody else set up) as some of those companies fixed the problem when contacted by the researchers.
For sure not known to me and a lot of other people. I believed that everything in digital streams was encrypted. Ok, those ATM connections are probably tech from the 90s, but they probably had upgrades in part because of regulations. Privacy, security, nothing?
everdrive
today at 10:59 AM
It's an interesting problem. The reality is that for any decently-sized business people don't really know their networks. Their assumptions are sane, but often simply incorrect. I've heard a lot of people say things like "well the traffic is not going externally, so it's fine to leave it unencrypted." It's a bold, and almost always unchecked assumption.
Correct, this is why HTTPS (and encryption in general over the network) has become so popular. This property of traffic being intercepteable is also present in cable traffic as well, it's not hard to intercept traffic, you just find a tap, plug in a cable and observe, it's not even obviously illegal, there are many legitimate reasons to plug in a cable in a tap in the public, so there's a lot of possible alibis.