Custom Search
VoIP General
VoIP News
VoIP Provider
VoIP Hardware
VoIP Software
VoIP Technology
Havn't found what you want?? TRY GOOGLE SEARCH:
VoIP News
VoIP Provider
VoIP Hardware
VoIP Software
VoIP Technology
Havn't found what you want?? TRY GOOGLE SEARCH:
Custom Search
Second Channel of German Television frontal: “Hearing easily made” (goes around DECT telephones)2010-09-26 | |||||||||||||||||||||||||||||||||
|
Nextiva is a cloud based VoIP phone system, hosting lots of small and medium sized businesses nationwide. the provides UNLIMITED business calling for only $19.95 a month!! Click here for the detail about this promotion!!
Hear easily made
Millions telephones are uncertain Researchers of the technical University of Darmstadt proved Luxembourg and the chaos computer club to the university together with the building house university Weimar, that many cord lot telephones with simple means can be heard. The legislator sees at present no action need. It gives in Germany approximately 30 million cord lot telephones. Source and whole contribution Stream: Second Channel of German Television The safety gap is actually already since beginning of the yearly admits (there were to 01.01.09 a short report in the messages), but now only become correctly public. As far as I know, also the necessary programs are to already circulate. The Tool is to also permit it to telephone at strange expense. That weighs my opinion then even more heavily than the hearing uncertainty. Like now however the policy reacts is m.M.n. very negligently. A WLAN e.g. must as per. Court decision (OLG Duesseldorf, Az. I-20 W 157/07) by the user to be protected, so that abuse is dammed. Therefore it is irresponsible if the manufacturers do not react and come from politsicher side no pressure. However it will require with difficulty payment of damages from the manufacturer to, since one probably is in the burden of proof. The question is, how is rated before court, if e.g. 0900er-Nummern to be called, which however the subscriber did not select. Problematic is naturally also the Telefonbanking. If someone that password hears, he knows the account empty spaces. Edit: nunja, if the discussions about a telephone system (e.g. ISDN) run, can also usually the discussion data be called up. In what respect have before court the conclusive force, is times undecided. If the discussion data are not manipulatable except the total delete function, it might not at all be problematic there times soooo. @mightyEx: This judgement is quite disputed. There are evenly none gesetzl. Obligation for coding. You e.g. are. also, your Blumentppe does not obligate on the Terasse festzudbeln, so that none can kill thereby someone and you become the Mitmrder. The entire Mitstrerhaftungsproblematik appears to me as result of good lobbying of the music industry. Unfortunately this legal interpretation is handled different also still everywhere. Greeting Michael Quotation:
A ISDN TK plant with inserted DECT station offers perhaps somewhere a log file, at least with newer devices, which no more can be programmed over a final telephone, but over the computer, a simple DECT telephone within the range 30-100 euro offers not times the option at the PC to be attached. But even if with so a plant the log file says that it must have been a strange telephone, places itself the question, whom interests? do you want to make your telephone offerer liable for calls, which were not made unterm line only after good faith by you (it could be also your DECT Handteil which additionally announced itself there)? and even if it is recognizable that the DECT Handteil clean-chopped itself, then is it nevertheless nevertheless in keinster way the obligation of your Telefonproviders the costs of it to take over, because usually places to you no (Dect) telephone. Good case with e.g. 1&1 with the Fritz7270 which a DECT station contained (their use is released, DECT must be not compellingly activated) insists perhaps the possibility on the telephone offerer rail money back to receive. @Blaria: No, it would be not the telephone offerer (Provider) of it is a matter now, but around the manufacturer of the DECT telephone (where the safety gap arose). One could proceed from a lack of product. It will be only evenly difficult to prove. With the log file geb I you right, probably hardly a conclusive force will have. Was nen mistake in reasoning of me (stop was already late  )
That to hear can be done, is well-known to me, but at strange expense to telephone? Is there a left there in addition? I doubt that it is so easily possible, from the outside, without in-booking knowledge the pin, DECT equipment. Thus I that in such a way so far understood that it is also an error in minutes. That if e.g. means. a DECT telephone coding does not control, then that is communicated to the basis station (a kind “handshake” - mode). Because possible also a strange mobile part (thus another manufacturer) at the basis station is to be announced. This switches then quasi into the unencrypted mode. To what extent telephoning is possible, I do not know. It was mentioned however on various sides that that should have been possible. Besides is it probably like that that the researchers found also ne possibility the coded data traffic to decode. However the researchers do not want to publish this software probably. No matter, however the fact, the DECT is uncertain is sufficient for an abuse. It would be desirable, if DECT in new version is developed further accordingly. One can reread much here: http://chaosradio.ccc.de/cre102.html Reactions of AVM and Siemens to info. One knows Nunja that such hearing actions are naturally forbidden, also without the press releases. Potential aggressors will not let themselves however well be deterred from it. I find it good that AVM revises accordingly reacted and various things in the firmware. I would wish myself of all manufacturers. More importantly a revision of the DECT Standarts, which does not succeed probably by a manufacturer alone, is however probable. It would be good, if this “handshake” runs off in principle coded. The moreover discussions should be in principle coded. These dropbake on “unencrypted” is the largest deficiency, which should be absolutely eliminated in a DECT revision - also in the Repeater mode. The answer of Siemens is really an evidence of incapacity. Quotation:
If it were technically not possible, it to point out not so in detail and repeated that it is forbidden, but simply to write that it is not possible. Apparent they do not want to undertake anything, instead the customers for stupid are sold. Hearing of telephone calls was already forbidden with the similar devices, that Siemens however not held positioning DECT as safe alternative. Naja, the usual attitude: which is technically feasible (and not wanted), forbidden. And which is forbidden, cannot be. I read somewhere that the maps, which are necessary for the PCs, in order to emulate a basis are in the meantime completely sold off. There probably some still fast covered themselves up. Quotation:
Nee, Siemens sells business-divides including guard service before it broke to go or still more badly - to improve have… Hello, I have times a question: I use a Gigaset S68H dirket attached to the FB 7270. In the DECT I observed monitor during the discussion that with coding “on” stands. Does this mean the fact that the DECT coding is activated and does not hear is possible? Or does this refer to another coding? That is really the DECT Verschlssselung. On the AVM Internet sides there is somewhere also a suitable description in addition. There however a “1” is represented instead of “on”. Edit: On the AVM side http://www.avm.de/de/News/artikel/DE...rzmeldung.html on the GIF picture click. The “1” is red encircled. This hearing topic makes also large concerns for me. After which one reads, and/or after which which in chaos radio to it was said and with dedected.org to be read is, I mean the following to have understood: Generally unencrypted predominantly very old devices and approving of models are in <30 euro the range. Unfortunately ses gives so far no reliable lists, to which devices applies. Hear unencrypted telephone calls is easily possible, however (so far) only what is spoken at the mobile part and (so far) only by noting the data stream and following playing of non removable disk. Direct monitoring as with the radio does not go (so far). Telephone calls also coded can be heard by a trick, if the aggressor creates it, the mobile part of the original basis on its “gefakte” basis (PC map) to return. In addition however the signal of the “Fake” would have to be stronger basis, than that the original basis, which the case might be only rare. There is for the PC map so far no software for connecting with basis stations, the map can only with mobile parts connect itself. Is however probably also only one question of the time. According to chaos radio 4 man-years would be necessary, in order to program a complete minutes stack for the map. I understand that in such a way: As long as the stack does not exist, nobody can telephone thereby over stranger basis stations. There is thus still another “grace period”. Do not telephone over strange basis goes with switched on coding, as long as the key are not cracked, and/or are not published key crack Tools. By programming the pin (not equal 0000) becomes the coding somewhat more surely. The PC maps are (almost) sells off and for years no more is not manufactured, the existing originates from the insolvency mass of the former manufacturer. Is the question, how many maps are at all “in the market”. The map was a rather rarely sold niche product (Skype over Notebook) We accept, it gave at that time 20,000 pieces. More than half lies probably already in the garbage, other one lies somewhere at uninterested customers unused in the drawer…. Only who received at all, to which the map (deviating from the original purpose) is good, it with Ebay will sell…. Thus I would estimate that less than 1..2 thousand maps for “hackers” are available. I.e. statistically seen not even a map on 40.000 inhabitants, and/or 10,000 basis stations The probability, which becomes hearing the people sport, is thus in my opinion (so far) very small. Trotzdem ein ungutes Gefhl... I think, it rather Detekteien and similar companies drauf will fall myself, because I see the possibility in such a way acting there to more toward restaurant economics and. And the stack to crack, will already succeed to those, only that will not become public surely. Siemens Gigaset published a list with all its DECT telephones, which send coded and are thus safe before hearing. http://www.gigaset.com/repository/16...luesselung.pdf The S450IP-Basis and S45-Mobilteil code also according to standard. Very old Gigaset Basen (I tested ever a 2015 and a 2015plus) to code not. My old Gigaset 2000C-Mobilteil against it codes with enterprise at coding Basen (tested at Gigaset SX353 or F! B 7270). Quotation:
http://gigaset.com/shc/0,1935,de_de_...rNrNrN,00.html Quotation:
Quotation:
Quotation:
Still the old crisis management  Schmeisst DECT away (Sends the devices to dedected the people, ask for hardware) and take WLAN telephones with AES CCMP and best still with certificates, not from Siemens, those use “Frequenzhopping”
Quotation:
An unencrypted DECT telephone to hear probably in the future a few young will be able. Clearly, also young without substantial criminal energy makes fun  Even if one made some years ago with open WLANs (where there was still no WPA2), almost was a people sport. With coded DECT systems the world looks however already somewhat differently. Who that easily and practice-suited gotten (intelligence service coworkers excluded), it is to prove please - only maintain that one it can, is enough not. Quotation:
 Times see as far it comes with its thesis (diploma): Quotation:
Oh and Quantenkryptografie coded not, it makes possible only the determination of hearing attempts…? is nevertheless everything bldsinn. never US a crime film seen? simply with van move forward, reflector - a waistcoat put on, building helmet on put, on timber mast climb and 2 wires at more hhrer attach. already one can hear festnetz unsuspectedly. OK ONE, in D are that grey boxes at the soil. But in principle easy. There was times so a kit - monitoring amplifier was called that, with one reels which one in the proximity of the telephone to place had, without cables taps etc.… Then ' s gives arranging microphones and amplifiers with Conrad as kit, completely without dect coding and WLAN…  ---  Thus to hear goes also in such a way, if man wants. It concerns nevertheless probably “only” that none cost on my telephoned. For everything else ' s gives simpler technology independent solutions.By the way, over the line ' s continues eh unencrypted, except both pages kaben crypto - telephones (like police and some other mechanisms). The telefongesellschaften are obligated to insert and hold hearing possibilities ready (wire-tapping on judge resolution) and on supply data to store. Thus we want to leave nevertheless times the church in the village. Somewhere the expenditure must remain relative. Quotation:
There are very probably commercial DECT devices with the possibility for the Firmwareupgrade (e.g. Gigaset SX353, Gigaset IP Basen, Fritz! Box 7270, Siemens DECT-MD32/34-Modul). ... and still which to the topic code. There are Lnder, in those is forbidden (France, China…). The crates are developed also not only for D. There are land variants, which or other feature not contained or on other frequencies run (the USA), and it give grey imported goods/(e-Bay ), where partially also such HW is offered. Gigasets gives it in many variants…
Quotation:
One is not to underestimate the hacker municipality. Today still eagerly WLAN nets are spied. A few Russian hacker long WPA2 cracked assistance of the Perfomance of a graphics map. And which concerns unencrypted DECT, there one does not need the map sold off in the meantime probably any longer. How I read in new type character only, there are adapted drivers for well-known air cracking maps in the meantime. However should not be so completely adapted with the software yet. There are no safe systems. Like Piranhas lures a new method or safety gap of wherever the hackers out their holes. Those are usually so innovative thereby then that it lets species look such as dedected.org at the end like naive Stmper. Quotation:
(WLAN 2,4GHz, DECT 1,88GHz) Hello, Quotation:
The latter, which can need a material argument with critical safety problems, are hanebchene panic fantasies derived from half pointingnesses. I can only agree Knuffi: With a WLAN map one will hear no DECT of telephone calls. That fits neither from the frequency nor from the modulation. Quotation:
Here stands: “That DECT standard 1991 were sketched and discharged 1992 officially ". It stood somewhere still that the first DECT equipment came 1993 on the market. As the FBI could hear before 20 years DECT of telephones, which came only before 15 years on the market (and in the USA only very many later) ? K Reliably there is suitable hardware, the developers of the Phones must the Dinger also somehow test, only these measuring instruments and transmitters is very very expensive…. For PC's there is from Gigaset both a DECT USB stick (have I recently only again in the trade seen), and different Gigaset DATA adapter (USB, serial) it gave also times a PCMCI DECT map to the safe Surfen over ISDN, when WLAN was not yet so common.Reliably there are also still different manufacturers, that threw suitable modules as “Wireless” modem into the market. It is also not to be excluded that perhaps also to keep as small as possible (large) a part of the logic was managed by drivers on the PC by software and under use PC of the processor (around the costs/size of the Gertschaften and maximize the profit. Thus I could imagine that interested developers of kind of rear wall could extend such HW gladly by own functions to want to spread (without panic). Belonged however already some to it, binaries “read” and to understand - and superficially also still “improve” One really needs notion of the subject (DECT minutes, prop. guessing acres extensions of the manufacturers, hardware understanding and Reverse - Engeneering experience).In relation to this expenditure a very small use stands to probably realize times the neighbour to belauschen or to telephone in vain (with VoIP still more simply). Which concerns the criminal energy - which presupposes usually possibly a potential monitren advantage, which justifies the risk and the expenditure. Thus I do not make myself around my DECT of devices concerns. I do not trust my neighbours in the periphery of 10 km approximately the necessary know-how too, nor I subordinate an interest, my DECT to one of those to possibly tap. All mock fights… @Knuffi The USA & Gigaset: In the USA there was the Gigaset 2000er series in 2.4 GHz the volume, believes I a time long in Texas (Dallas/Austin) built, until the work was closed around 2000. Did not probably intersperse itself in such a way. Quotation:
And if my 3000er sends system still unencrypted, then the 2000er US of devices very probably also. I have the impression, here try some liking gladly hackers us their smattering of knowledge to sell… Russian superhackers, wound RA IRC rack maps, FBI heard already 20 year telephones, which came only before 10 years on the market, Wargames and startingstrain… Moin Moin, Quotation:
http://www.hardware-infos.com/news.php?news=2456 http://www.golem.de/0810/62909.html http://www.shortnews.de/start.cfm?id=731464 Whether nu somewhat true to is there or is not personally completely wurscht me. But in this Case would have you simply times google or another search machine of your choice to endeavor can do before something by panic fantasies is written here. May be which I that perhaps wrongly reads, the problem is not in a forum can one the intonation not hear, but for me the not straight sounds itself friendly. Greeting and good night Manu From one yours left: Quotation:
Greeting, Yielding pool of broadcasting corporations Also on youtube one finds videos, in which with appropriate Tools one demonstrates, as a WPA2-Netz becomes successfully “cracked”. It recognizably “breed force” proceeded, with a sorted word list, in which the entries consist all only of 10 to 20 small letters. Purely coincidentally the correct WLAN key in the video begins then also still with a letter very far in front in the alphabet and consists really only of small letters, so that finding the key out takes only a few minutes.Who regards as conclusive “proof” that WPA2 is generally “crackable” not to really help is. Such videos show only, how important it is to use a “good key”. Hello, as the others already put out: Breed Force is no cracking. Blunt one to try out can everyone. Who would like itself to make the trouble, in my contributions in the forum to search here (so many are it not  ), also quite often the statement finds that the security of its WPA2 of system identifies itself over the quality of its selected password. And this statement I made months before publication of the quoted articles.Quotation:
hello frank_m24, everything beautifully and well. But that would be to be brought not hot, a Debian on a GForce times to running and Intel to the can as terminal Processor for the serial console and as IO subsystem be taken. Would be more hesser low cost nevertheless server…
Times a list with Telfonen would interest me, which code according to standard and not only in the thousandth submenu. Quotation:
For that very reason the passport cliche is not to be so fast crackable also by dictionary (or by the unsatisfactory length). A clever password will not be able to crack also over weeks so fast - all the same whether with diagram map or traditionally. That is here nevertheless however not the topic, because as said: Breed Force is no cracking in the actual sense, but blunt trying. And besides: Also WPA2 is here not the topic, but DECT heels
Rear one, Quotation:
Quotation:
achso, it concerns here DECT heels. Quotation:
However already one linked
Have also so ne Dect map rumliegen here and became that Dect heels (my own Dect!) gladly times try out, has someone times an understandable does there in addition? Thanks again for the left the Gigaset side. Those update the list nearly weekly! Mitterweile one took up even the old SX2x5 with that she codes allegedly. I do not hope times am correct and am bluff around the people to calm down.  @ electrical: You believe to receive nich seriously here a guidance, to the best still for Klicki Bunti Windows!?  Ask nevertheless the people dies publish have.
Hello together, thus I am the opinion that the topic is only largely aufgebauscht. Clearly one can hear many DECT devices. Only which brings it, if I buy specially a telephone, which now codes and which none dropbake on unencrypted communication makes? Nothing at all. You also times remembered that coding does not bring purely nothing at all, if no END ton END coding is made. The way is safe from the hand attachment to the basis station, but thereafter? Where please is the coding with Voip? Where becomes with the similar to and/or. ISDN line codes? In 99,9% of the telephone calls not at all. There is SRTP, only offers nearly no VoIP Provider. In addition it comes that both interlocutors must support SRTP, since otherwise also dropbake one makes. And the universal remedy is that also not. Because this concerns no coding, which is based on asyncronen keys. Or one takes this ominse Skype. Completely madly, there minutes are used, which are coded and where only Skype can decode. That imagine I each mark, if I make Telefonbanking. The discussion runs unencrypted over Internet. With the Onlinebanking walk everyone that one is to make sure that the connection is SSL secured. With the Telefonbanking the whole is still worse. There account number and pin are enough, in order to accomplish transactions. With the Onlinebanking one has few still iTAN and something similar, speaks somewhat unique. And if I do not even use Voip, in order to call with my bank, but fixed net, is not coded also here. Also here can be heard problem-free. Thus all again not further as Medienhascherei. If I want to hear someone, over Voip telephones, then I must leave and me completely comfortable before the dwelling of the Opers place ideally not times my dwelling, but make from the domestic living room. Or there iim case of fixed net installation which beautiful into the switching boxes, which there without break-down signalling system at the roadside. There can be more security only if each uses telephones, as it the heads of state to begin. With asyncroner coding and mark, which are based on a PKI. That is again the same topic as the discussion around open WLANs. If I want to surfen really anonymous, then drive I into the next larger city and set me into the next Internet cafe. The Web meeting pay I bar. And thus me also guaranteed nobody on the monitoring video of the cafe recognizes, before do not disguise not forgotten. That is also not at all desired. Like is otherwise Schuble & cost. with suspicion telephones to tap can, without to have to penetrate into the dwelling? All Provider is committed to interfaces by law, for one Monitoring to make available (inclusive. Externally stored data storage…) One do not END-ton-end coding at all is in the public interest, in many Coding is even forbidden to countries (e.g. France). Times to info., who wants to test its telephone on hearing security, in the Wardriving forum gives ' s which. https://wardriving-forum.de/forum/sh...highlight=dect The guidance is not completely complete, who has however a little notion of Linux, which will not have problems. Information over hard & soft in the Wiki: https://wardriving-forum.de/wiki/DECT I habs tried out, I say only frightening, what comes there everything (inadvertently)! The map will sell now (up to 200-300 € are paid! *freu*) and my cord lot best directly in addition…. Quotation:
But it concerns the proportionateness. Before you can hear a cable, you must come to the cable, i.e. is necessary physical accesses. The whole we fast discovered, is time-consuming and probably expensive. In order one transmit-strains to hear, can one in the corner place itself simply somewhere. The devices are gotten cheaply too, physical accesses are not necessary, are thus also not so fast discovered. Ergo: In any case only coded hand attachments take, also, if the remainder of the distance is unencrypted. The whole is now times only as “safe” as the weakest member, and which is transmit-strains. There I must unfortunately contradict you. The schwhste member are the ignorance and Unbekmmertheit (my DECT or my GSM telephone codes, therefore am I). You may be right that the danger potential with DECT in direct proximity (up to 400 meters) by the radio transmission a weak point represents. That is however the smallest problem. We have a deregulierten market, the Telekom is not any more with the state monopoly on communication to equate. Discussions go uncontrolled both over fixed net Lines, and over IP distances, transmitting straining, sowing elite Connections etc. without a participant has dedicated options. In addition it comes that many services by outsourcing partner , complete control and security are furnished hardly are possible. The scandal with the Telekom - service center, the account data of Customers sold are not at all so long ago, hearing scandals in Enterprises such as Telekom and Bahn make the round, Nokia law intersperses for coworker monitoring in the homeland, the policy would like further authorizations to the surface covering Monitoring of communication implement. Nobody has really an interest in the keeping of the Privatsphre of the citizens and on safe communication (except the citizens themselves). That this Ignoranz naturally also door and gate for non-governmental Organizations/criminal opens, in purchase one takes (we have laws gagegen, and which bad boys get we with the surface covering monitoring and externally stored data storage…) Correctly, complete security does not give it anyway. But therefore to say, it is no matter, whether one uses coding or not coding DECT equipment, finds I nevertheless very daring and counter productive. I believe, it was in this Second Channel of German Television frontal transmission, where a Apothekerin was abeghrt. This deals with personal data, which should not arrive outward. Naturally she can be heard just as well on the remainder of the distance, but by far not so simply and purposefully. To hear one can do everyone in various way (Babyphone Function integrated by Handy's/Dect devices, Notebooks with Microphone/loudspeaker, which one taps over suitable SW, Arranging microphones, mini transmitter, a small induction coil + amplifiers in the proximity of the voice grade channel with similar telephones…) That one also created it now straight times with DECT (which allegedly coded) provide for a few waves, because one otherwise no message has. The danger potential more coded by not DECT communication in relation to the other methods is not much more largely. One can always unauthorized into the Privatsphre of others penetrate, owing to modern technology also from safe distance. Quotation:
With the DECT Sniffer one can synchronize also in each case on an individual basis. In a normal populated area one sees several dozen of basis stations (RFPIs) however fast. Hello together, thus I must say, somehow contradict her nevertheless you. On the side speak you of proportionateness and expenditure, on which other side oh like importantly that it it is that DECT codes also. That is nevertheless a contradiction. Who has please interest to hear a small Privatmann. Also here one can bring the argument that the expenditure/proportionateness stands in no relation to the Ertag. Speak which is thereby rauskommen if someone hears me. Also in the contribution it is grumbled that the manufacturers play the danger down. But you speak of proportionateness. And nothing else is what the manufacturers also say. Are we nevertheless times honest, who hears? That is on the one hand the state, and on the other hand enterprise (industrial espionage). Enterprises want firm secrets, and gibt's not with the small man. And the state does not want also nothing, so long one a potential danger for the state and/or. public security represents. Also that is not with 99% the Federal citizen the case. Thus if one is already heard fear before has, then one must protect oneself against state and companies. And there one does not need to come with the ridiculous DECT coding. And always Dramatisiererei in such contributions. Oh God as bad, one hears vertrauchliche discussions in the pharmacy. Who please wants to know, what the pharmacist discusses with the customers? Perhaps an insurance, the employer or the health insurance company interests. Do you mean, now park in their order before each pharmacy in completely Germany during the opening times a monitoring car, in hope, their own customer/coworker call coincidentally straight in this pharmacy? And which comes next week into frontal? It is shown there that one can hineinhorchen with arranging microphones into a dwelling. And which then? Then the bricklayers are accused of, they were not bricked the walls. Or Babyphone: Completely does Germany use no more Babyphone? Otherwise I know cando only an agreeing. Today the own data run nevertheless over ways, which cannot forecasts. Still coded DECT is considered as “reliably”. At least it cannot be heard by everyone petrol-normally with Com on air map and Linux. I find the announcement also the coding irreverent to go around to want and so the DECT standard destroy. In hospitals every few meters DECT Basen e.g. hang on the wall rum, over which confidential data go and also are used, because to a physician over fixed net can be achieved, because one white where he is not can life-saving minutes apply. With a program that it would make possible for everyone to hear coded DECT it would have to be reequipped the entire DECT Technick on/, which brings immense costs with itself. One should nevertheless roll not let such “programming, Crackern, hackers etc.”, before all with the foreseeable consequences. Surely it will crack sometime someone, the coding, but up to then, does not have one not still specially on the fact to work that this time x moves still faster closer. Foreseen that there are so long no programs, which go around a coding also no abusing evenly such give can, e.g. from terrorist (the argument nevertheless always pulls ) Thus Schuble: Put to the DECT hackers the handicraft.
Security by Ignoranz? I think times, it am very important to point the borders out so that products are improved. As long as publicly safety gaps are pointed out, the risks can be estimated at all by the customer. The hackers, who point the gaps out, are the good ones, the bad ones use the gaps secretly and have also no interest that this admits at all becomes (there they would lose the advantage by the gaps). Therefore a pursuit of “hackers” is etc. meaningfully only if these abuse their knowledge for crimes. If they publish your realizations, they help to recognize the gaps and close. That is the best means around an abuse to prevent to make more difficult (and the bad young the life). Quotation:
If they make the bad one available” of break-down tools however by Internet “, the difference between property and bad blurs for me… My entry door has still another simple cylinder lock. I would find it, if not at all merry at Passanten distribute appointed policemen duplicate keys for my entry door, in order to make attentive publicly on safety problems of my door lock. There I would already ask myself whether the “property goods” are not in reality employees of a door lock manufacturer, that exerts gentle pressure on its potential customers… Knuffi thanks! Exactly THAT was my background thought to it, only that you created it it more plausibly to explain. In my opinion there are enough nevertheless, if the “good ones” do not communicate, which are present such safety holes, but custom one to the public espionage software publish, which is published nevertheless only in addition so that the “bad ones” also use it. Or does someone know a legal reason to load itself such software from the net? A goal was not finding an espionage software, but decoding DECT, in order to be able to provide an open SOURCE stack. One is evenly pushed over this safety leakage. By publication of the software it is only possible to examine different DECT devices for security. A loose “DECT is” gets out nevertheless nobody uncertainly hinter'm furnace. Only if a gap is really proven, a public discussion is activated. Otherwise to publishing safety gaps: http://www.it-academy.cc/article/120...isclosure.html In order to remain times with the example of the door lock. We accept, someone have the same door lock as you and state with an attempt that one does not need key. Actually a screwdriver and something Kraft are enough to up-close over. He could keep this knowledge now for itself and tacitly exchange its own lock, in order to be even safe. Or it could inform first times the manufacturer and go with Nichtreaktion to the press, in order to move as much as possible for the change of the obviously uncertain locks. Quotation of notionless99: ... That is nevertheless times very suitably a selected user name. As long as you do not know anything from a danger, there are not those also. Also sometimes “head into the sand to put” one calls. You assume that thus that after there is already DECT for many years that, which published it also first are, which found it out? It is many more probable that already different others found it out and not to have published. And you did not experience anything of it, you so long felt safe. @Knuffi Which concerns the comparison with the lock, then a lap, which one can open only with duplicate key, would be safe. It, even if one can open it without duplicate keys, is uncertain and/or. if one can manufacture oneself this duplicate key, without needing for it the genuine key. And which concerns the “security” of your lock, if you really believe that your lock is safe, have you already times your key forgotten/lost and called a fitter, so that that opens the door? That gets the door faster up, out you to look can. And want you serious to state that something that admits to each fitter is admits not also in criminal circles becomes? I think the publication of the safety gap was a correct decision. Really on the one hand also pressure can be made attentive on the industry is only in such a way exercised to develop further and make the standard DECT again safe on the safety risk and on the other hand. Are exactly the same opinion of mightyEx. Would e.g. be. incoming inspection the Hacking in the Internet and media not so popular become, we would surfen probably still all with incoming inspection coding and us also still safe thereby would feel. Quotation:
This examination does not have also everyone make (can). The way was published, like the topic, i.e. in form of reisserischer reports in boulevard television magazines without sober estimate of the real “threat situation”, is more than doubtful in my eyes. The appearance (better would be still another genuine live-demonstration) on the congress of CCC was treated quite briefly and a technically correct contribution in c't, where the topic unaufgeregt pleasing essentially and, but, would have perfectly been enough. If one does not have, but with the Veffentlichung exists the chance DECT better to understand perhaps to call and an open SOURCE DECT project in the life, those the prop. guessing eras, perhaps outdated mechanisms around modern Cryptographie solutions supplements and into a new open standard for SOHO radio telephones with small transmitting power comes up. The GSM/WLAN Gertschaften produces by far more electrical smog than modern DECT devices. If the firmware of the DECT crates were not like that prop. guessing acre, there would be probably suitable updates, in order to close these gaps briskly. Quotation:
In addition one does not have to operate Reverse Engeneering, to crack no authorizing and coding systems and to spread only quite no hear SW. Quotation:
There are none and probably more than 1 year will take, until there which are. In the meantime do not only become very few “inaugurated” criminal ones, but each Kleinganove the trick and the associated tool found. Quasi one more than 1000 subject multiplication of the potential burglars. And which is with the many “notionless” owners of telephone, who the problem not received and/or understood? What is with those, which do not have the money to buy in the 3 Jahrerhytmus a new “safe” telephone? One likewise proved a substantial “disservice” to those with the publication of the “break-down tools”. K History with the DECT coding/not coding is nevertheless for a long time well-known. Siemens has starting from the then new 2000er/3000er generation explicitly with the coded transmission and safe telephoning over DECT recruited… Which meant implicitly for each customer to finally transfer to the new DECT generation because the old devices did not code and were uncertain… The same will still again pass, it will become new generations will come, which are better. With the Gigaset series came also a technology jump, which was no longer downward compatible. Also with DECT will happen sometime. (like straight with the similar radio telephones, which were pulled by law for this year from traffic). There are meanwhile VoIP of mobile parts/Smart Phones, which send over WLAN and so that incoming inspections/WPA have as coding. Those are not as radiation-poor only stop as DECT. Who wants to have it now already more surely, could jump up on this course. Also the general opinion holds itself that in the GSM net codes mobile telephones surely and transferred (Frequenzhopping…) Also those can by the way be heard with technical means… By the way, (nich certified) broadband - one gets scanners in many import/export shops in each larger city center to buy, which one possesses, but in D not to use may. With those one can aeronautical radio, police radio, operating radio and otherwise still which monitor… As a radio amateur professional Equpment is available (one can purchase also on-line) and with the arithmetic performance of today's PC's one can make thereby also many more, than petrol-normally a citizen introduce oneself can. Quotation:
WLAN Phones are up-to-date no real alternative, but for other reasons: - smaller range - higher current consumption - no own frequency range (conflicts with Bluetooth, microwave, AV-transmission-systems) - Administration expenditure (IP address, coding, SSID, Kanalwahl) Therefore I mentioned also incoming inspection, it am stop not much better/more badly than DECT… And as it and that was cracked the round made, gave it the necessary “innovation pressure” for WPA/WPA2… In addition, during the many Hot Spots and the large spreading of WLAN in the households, as well as the introduction of VoIP is quasi available/common as basis for new “localbound” radio telephones (despite Microwellen, AV of systems and blue tooth) jesas which gives is that for a statement, then it probably no industrial espionage geschweige to the pirat copies it is prohibitions and thus there is not that. Quotation:
Who attaches importance on security, must also constantly invest in it, because which today is still safe, is tomorrow perhaps already outdated. That applies to all safety devices, technical systems and organizational precautions. About industrial espionage: 90% the successful Atacken are implemented by Insidern in the companies (frustrated coworkers etc.) and are very difficult to prevent. Most know-how flows off over Abwerbung of the knowledge carriers from the companies. In addition come the many advisor companies, which give themselves the handle to the hand and naturally with the know-how also “fertilize different”. The management more know-how profit than damage obviously promises itself by know-how loss of the advisors. Which concerns the pirat copies/patent injuries: who its production into countries without copyright protection like e.g. China pages out, is even debt. That plagiarisms from cheap wage countries on the market come are also because of the “Premium” price strategy of some alleged luxury companies. The larger the difference between value of a product and demanded price are, all the more attractively are a falsification. The DECT problem is there rather infinitesimal in the statistics. But even a weak coding is better than none. Around the example W-Lan times on to seize prevents an incoming inspection coding direct access to the respective net without supplementary product lines. And attacks only by the fact it prohibitions is “to denials” hold I for too simple. A little verschlseln nevertheless the DECT devices does for approx. 1998. Quotation:
Greeting Catalonia Without additional programs and hardware you get also no access to the incoming inspection basis of your neighbour… |
