| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200307152114.h6FLEwri027564@www.harkless.org>
Date: Tue, 15 Jul 2003 14:14:58 -0700
From: "Dan Harkless" <bugtraq@...kless.org>
To: bugtraq@...urityfocus.com
Subject: CALEA electonic wiretapping on unsecured Solaris boxes
The story about the insecure Diebold electronic voting system recently
forwarded to Bugtraq was certainly disturbing, but here's something even
worse (though some of it is old news):
The Federal Bureau of Investigation administers the Communications
Assistance to Law Enforcement Act (CALEA), which was passed by Congress
in 1994. [...] Every telephone switch installed in the U.S. since
1995 is supposed to have this surveillance capability [...]. Not only
can the authorities listen to your phone calls, they can follow those
phone calls back upstream and listen to the phones from which calls
were made.
[...]
The typical CALEA installation on a Siemens ESWD or a Lucent 5E or a
Nortel DMS 500 runs on a Sun workstation sitting in the machine room
down at the phone company. The workstation is password protected, but
it typically doesn't run Secure Solaris. It often does not lie behind
a firewall. Heck, it usually doesn't even lie behind a door. It has a
direct connection to the Internet because, believe it or not, that is
how the wiretap data is collected and transmitted.
[...]
Israeli companies, spies, and gangsters have hacked CALEA for fun and
profit, as have the Russians and probably others, too.
The full column is at:
http://www.pbs.org/cringely/pulpit/pulpit20030710.html
--
Dan Harkless
bugtraq@...kless.org
http://harkless.org/dan/
Powered by blists - more mailing lists