Messaging Service Wiretap Discovered through Expired TLS Cert

6 months ago AndyC

Messaging Service Wiretap Discovered through Expired TLS Cert
Fascinating story of a covert wiretap that was discovered because of an expired TLS certificate:

The suspected man-in-the-middle attack was identified when the administrator of jabber.

Messaging Service Wiretap Discovered through Expired TLS Cert

Fascinating story of a covert wiretap that was discovered because of an expired TLS certificate:

The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired.

However, jabber.ru found no expired certificates on the server, ­ as explained in a blog post by ValdikSS, a pseudonymous anti-censorship researcher based in Russia who collaborated on the investigation.

The expired certificate was instead discovered on a single port being used by the service to establish an encrypted Transport Layer Security (TLS) connection with users. Before it had expired, it would have allowed someone to decrypt the traffic being exchanged over the service.

Tags: , , , ,

Sidebar photo of Bruce Schneier by Joe MacInnis.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , ,

More Stories

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

5 hours ago AndyC
City of Wichita hit by a ransomware attack

City of Wichita hit by a ransomware attack

17 hours ago AndyC
Why Your VPN May Not Be As Secure As It Claims – Krebs on Security

Why Your VPN May Not Be As Secure As It Claims – Krebs on Security

17 hours ago AndyC
El Salvador suffered a massive leak of biometric data

El Salvador suffered a massive leak of biometric data

23 hours ago AndyC

New Lawsuit Attempting to Make Adversarial Interoperability Legal

23 hours ago AndyC
Finland authorities warn of Android malware campaign targeting bank users

Finland authorities warn of Android malware campaign targeting bank users

1 day ago AndyC

You may have missed

ATO seeks client data from crypto exchanges

ATO seeks client data from crypto exchanges

2 hours ago AndyC
Los consejos de 007 para que su empresa sea tan segura como el MI6

Los consejos de 007 para que su empresa sea tan segura como el MI6

2 hours ago AndyC
CDOs’ biggest problem? Getting colleagues to understand their role

CDOs’ biggest problem? Getting colleagues to understand their role

2 hours ago AndyC
Rethinking ‘Big Data’ — and the rift between business and data ops

Rethinking ‘Big Data’ — and the rift between business and data ops

2 hours ago AndyC
SAP forecasts clarity in the cloud

SAP forecasts clarity in the cloud

2 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.